Freebsd Stuff
Fix Broken Package Manager
pkg add -f https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/pkg-1.14.2.txz
pkg bootstrap -f; pkg update -f
Any Comments ?
sha256: eb6263c0896e059168e9491b1f29e3bbf4e0fec278a42dd13929483ff0c8a5a3
Blog
sha256: 2b87a252a3d912530dd8c20df6bee7f6cbc4ede0074fdf217e318aab39d9736c
Any Comments ?
ScionLab
Upgrade Fresh Debian
apt-get -y update
apt-get -y upgrade
apt-get -y distupgrade
apt-get -y install vim
Scion
apt-get install apt-transport-https
echo "deb [trusted=yes] https://packages.netsec.inf.ethz.ch/debian all main" | tee /etc/apt/sources.list.d/scionlab.list
apt-get update
apt-get install scionlab
Config
scionlab-config --host-id=1fcf8axxxxxxxxxxxxxxxxxxxxxxxxxx --host-secret=4ef93cxxxxxxxxxxxxxxxxxxxxxxxxxx
Check Services
root@scionlab:~# ip address show dev tun0
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.1.1.52/16 brd 10.1.255.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::aa8a:c135:f627:bcff/64 scope link stable-privacy
valid_lft forever preferred_lft forever
root@scionlab:~# grep Interfaces -A15 /etc/scion/gen/ISD*/AS*/endhost/topology.json
"Interfaces": {
"1": {
"Bandwidth": 1000,
"ISD_AS": "17-ffaa:0:1107",
"LinkTo": "PARENT",
"MTU": 1472,
"Overlay": "UDP/IPv4",
"PublicOverlay": {
"Addr": "10.1.1.52",
"OverlayPort": 50000
},
"RemoteOverlay": {
"Addr": "10.1.0.1",
"OverlayPort": 50229
}
}
root@scionlab:~# systemctl list-dependencies scionlab.target
scionlab.target
● ├─scion-border-router@17-ffaa_1_d85-1.service
● ├─scion-control-service@17-ffaa_1_d85-1.service
● ├─scion-daemon@17-ffaa_1_d85.service
● └─scion-dispatcher.service
root@scionlab:~# scmp echo -remote 20-ffaa:0:1404,[0.0.0.0]
Using path:
Hops: [17-ffaa:1:d85 1>230 17-ffaa:0:1107 1>4 17-ffaa:0:1102 3>4 17-ffaa:0:1108 2>8 17-ffaa:0:1101 3>2 20-ffaa:0:1401 6>1 20-ffaa:0:1402 2>1 20-ffaa:0:1404] MTU: 1472, NextHop: 127.0.0.1:30042
176 bytes from 20-ffaa:0:1404,[0.0.0.0] scmp_seq=0 time=258.282ms
176 bytes from 20-ffaa:0:1404,[0.0.0.0] scmp_seq=1 time=259.515ms
176 bytes from 20-ffaa:0:1404,[0.0.0.0] scmp_seq=2 time=264.142ms
176 bytes from 20-ffaa:0:1404,[0.0.0.0] scmp_seq=3 time=257.675ms
root@scionlab:~# scmp tr -remote 21-ffaa:0:1501,[0.0.0.0]
Using path:
Hops: [17-ffaa:1:d85 1>230 17-ffaa:0:1107 1>4 17-ffaa:0:1102 3>4 17-ffaa:0:1108 2>8 17-ffaa:0:1101 3>2 20-ffaa:0:1401 4>3 21-ffaa:0:1501] MTU: 1472, NextHop: 127.0.0.1:30042
0 17-ffaa:1:d85,[127.0.0.1] IfID=1 474µs 460µs 303µs
1 17-ffaa:0:1107,[192.33.93.195] IfID=230 9.533ms 10.099ms 9.75ms
2 17-ffaa:0:1107,[192.33.93.195] IfID=1 10.152ms 10.12ms 9.651ms
3 17-ffaa:0:1102,[129.132.121.164] IfID=4 11.151ms 11.874ms 9.675ms
4 17-ffaa:0:1102,[192.33.92.68] IfID=3 10.419ms 11.829ms 11.886ms
5 17-ffaa:0:1108,[195.176.0.11] IfID=4 14.57ms 11.859ms 11.739ms
6 17-ffaa:0:1108,[195.176.28.157] IfID=2 16.276ms 15.704ms 15.417ms
7 17-ffaa:0:1101,[193.247.172.154] IfID=8 15.862ms 16.496ms 16.473ms
8 17-ffaa:0:1101,[193.247.172.130] IfID=3 22.882ms 23.789ms 22.081ms
9 20-ffaa:0:1401,[134.75.250.114] IfID=2 252.212ms 252.403ms 253.067ms
10 20-ffaa:0:1401,[134.75.250.114] IfID=4 253.937ms 251.94ms 251.649ms
11 21-ffaa:0:1501,[202.255.44.48] IfID=3 314.05ms 313.705ms 313.292ms
12 21-ffaa:0:1501,[0.0.0.0] 314.419ms 313.534ms 314.605ms
Any Comments ?
sha256: 0719a8bbc818ec97a796c90b7de0027ee6905fd5d889d6eb6b500b519b968dcc
Gitolite
You wanna host your own Git Repositories ? Have a look at Gitolite. It does all for you :)
Install GitoLite
pkg_add gitolite
Add git user
root@gitserver ~# adduser -silent
Enter username []: git
Enter full name []: git repo user
Enter shell bash csh git-shell ksh nologin sh [ksh]:
Uid [1001]:
Login group git [git]:
Login group is ``git''. Invite git into other groups: guest no
[no]:
Login class authpf bgpd daemon default pbuild staff unbound
[default]:
Enter password []:
Disable password logins for the user? (y/n) [n]: y
Name: git
Password: ****
Fullname: git repo user
Uid: 1001
Gid: 1001 (git)
Groups: git
Login Class: default
HOME: /home/git
Shell: /bin/ksh
OK? (y/n) [y]: y
Added user ``git''
Add another user? (y/n) [y]: n
Basic Setup
Setup Repo, add your key
Git
Some Git Commands
Switch from “Master” to Main globally
git config --global init.defaultBranch main
Merge two Repos “merge unrelated histories”
git pull origin master --allow-unrelated-histories
git push
git pull
add local Folder and Push to Upstream
echo "# test" >> README.md
git init
git config init.defaultBranch main
git add README.md
git commit -m "first commit"
git branch -M main
git remote add origin [email protected]:stoege/test.git
git push -u origin main
Find deleted file, sort uniq
git log --all --pretty=format: --name-only --diff-filter=D | sort -u
bla
bla.yml
doit.sh
files.conf.j2
...
Find deleted File
git log --diff-filter=D --summary
commit abcecadce91af3814662fa6a04d0f12e361f0574
Date: Sun May 31 23:19:59 2020 +0200
update
delete mode 100644 master/sed.tcpdump
commit 81ae58d70c27d02eb2f65beed4fe0b571073f087
Date: Fri May 29 16:06:14 2020 +0200
update
Restore deleted File
git checkout 81ae58d70c27d02eb2f65beed4fe0b571073f087 sed.tcpdump
Remove Sensitive Data
- https://help.github.com/enterprise/2.11/user/articles/removing-sensitive-data-from-a-repository
- https://docs.github.com/en/[email protected]/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository
git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch .geheimesfile' \
--prune-empty --tag-name-filter cat -- --all
git push origin --force --all
git push origin --force --tags
Remove last Commit
will remove the last Commit from your current branch
OpenBSD 6.7
OpenBSD 6.7 appeared today
OpenBSD has two new releases every year. historically, on 1. Mai and 1. November. With a few small execptions in the past Check Wikipedia
so, then latest OS appeared today: OpenBSD 6.7
Perform a Full Upgrade (incl. X Stuff)
sysupgrade -r
Run the Script (on your own risk !)
doas su -
mkdir /root/bin
ftp -o /root/bin/upgrade_to_67.sh https://blog.stoege.net/scripts/upgrade_to_67.sh
chmod 740 /root/bin/upgrade_to_67.sh
# /root/bin/upgrade_to_67.sh
or use some custom Script (just Xbase and not other X Stuff)
doas su -
mkdir /root/bin
cat <<'EOF' > /root/bin/upgrade_to_67.sh
#!/bin/sh
prepare () {
echo "let's upgrade to 6.7 ..."
userdel named
groupdel named
rm -rf /var/named # backup the data if still needed
rm -rf /usr/libdata/perl5/*/Storable \
/usr/libdata/perl5/*/arybase.pm \
/usr/libdata/perl5/*/auto/arybase \
/usr/libdata/perl5/B/Debug.pm \
/usr/libdata/perl5/Locale/{Codes,Country,Currency,Language,Script}* \
/usr/libdata/perl5/Math/BigInt/CalcEmu.pm \
/usr/libdata/perl5/unicore/To/_PerlWB.pl \
/usr/libdata/perl5/unicore/lib/GCB/EB.pl \
/usr/libdata/perl5/unicore/lib/GCB/GAZ.pl \
/usr/share/man/man3p/B::Debug.3p \
/usr/share/man/man3p/Locale::{Codes*,Country,Currency,Language,Script}.3p \
/usr/share/man/man3p/Math::BigInt::CalcEmu.3p \
/usr/share/man/man3p/arybase.3p
rm -f /usr/sbin/{dig,host,nslookup}
}
download() {
local _response=$(sysupgrade -n)
if [[ $_response == *reboot ]]; then
echo "\nInstalled! Let's reboot ...\n"
rm /home/_sysupgrade/{comp,xf,xs}*
else
echo "Nothing todo ..."
fi
}
install() {
reboot
}
postwork() {
echo "let's do some postwork after upgrade to 6.7 ..."
cd /dev
./MAKEDEV all
_boot=$(mount |awk -F'[/ ]' '/ on \/ / {print $3}')
installboot ${_boot%?}
sysmerge
fw_update
syspatch
pkg_add -Vu
}
# Main
local _ver=$(uname -r)
if [ "$_ver" == "6.6" ]; then
prepare
download
install
elif [ "$_ver" == "6.7" ]; then
postwork
fi
exit 0
EOF
chmod 740 /root/bin/upgrade_to_67.sh
# /root/bin/upgrade_to_67.sh
Checks
you should do a few checks afterwards:
OpenBSD Add Storage
you’ve got a maschine and you’re running out of disk space. attach a new disk like this:
# fdisk -i sd1 Note: Substitue sd1 for your disk. ...
# disklabel -E sd1
> p m
> a a
> quit
# newfs sd1a
# mkdir /data
# mount /dev/sd1a /data/
and make permament in /etc/fstab
Any Comments ?
sha256: 56abce0047522e2a79b987cb878a8ef2a8e27ae9aa9e6e2266d58d8afd254793
Sqlite
Do you like SQLite ?
just started using it a bit more often … https://www.sqlitetutorial.net/
Query
sqlite3 /path/to/db “select date,time,ip from table where ip=‘1.2.3.4’ limit 100;
.schema
show the database schema and indexes
sqlite> .schema
CREATE TABLE attack(
"date" TEXT,
"time" TEXT,
"ip" TEXT,
"asnr" TEXT,
"ascountry" TEXT,
"asdesc" TEXT,
"port" TEXT,
"proto" TEXT,
"server" TEXT,
"type" TEXT,
"method" TEXT,
"pass" TEXT,
"user" TEXT,
"ver" TEXT
);
CREATE UNIQUE INDEX id on attack(date,time,ip,user,pass);
Insert
INSERT INTO table (column1,column2 ,..)
VALUES( value1, value2 ,...);
Update
update attack set asnr='$asnr', ascountry='$ascountry', asdesc='$asdesc' where ip='$ip';
Delete
delete from attack where ip='$ip';
Transfer one Table from one host to another
ssh remotehost "sqlite3 /var/db/egal.sqlite '.dump table'" |sqlite3 mydb.sqlite
HamsterDB Cleanup
sqlite3 /var/db/runden.db
delete from runden where datum like '%2020-%';
vacuum;
Any Comments ?
sha256: f9dddde1c1140ca0a8fecf1baf3a673ecfadc7d29b2c7a9ee6e33f3c52c6fd1b
Ubuntu Kickstart
How to Kickstart a Ubuntu Installation …
edit dhcpd.conf
host ubuntu {
hardware ethernet 4E:E5:80:xx:xx:xx;
fixed-address x.x.x.x;
filename "ubuntu/pxelinux.0";
next-server x.x.x.200;
}
restart dhcpd
prepare env on tftp server (x.x.x.200)
mkdir -p /tftpboot/ubuntu/
cd /tftpboot/ubuntu/
ftp http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/netboot.tar.gz
tar xfz netboot.tar.gz
kickstart cfg
put the following file in a webroot available from the client machine
cat <<'EOF' > /var/www/htdocs/ks.cfg
#Generated by Kickstart Configurator
#platform=AMD64 or Intel EM64T
#System language
lang en_US
#Language modules to install
langsupport en_US
#System keyboard
keyboard ch
#System mouse
mouse
#System timezone
timezone Europe/Zurich
#Root password (here 123456)
rootpw --iscrypted $1$r6te7M.4$C55eKRGO2xdodwc3tBe48/
#Initial user
user --disabled
#Reboot after installation
reboot
#Use text mode install
text
#Install OS instead of upgrade
install
#Use Web installation
url --url http://mirror.init7.net/ubuntu/
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part swap --size 1024
part /boot --fstype ext4 --size 512
part / --fstype ext4 --size 1 --grow
#System authorization infomation
auth --useshadow --enablemd5
#Network information
network --bootproto=dhcp --device=eth0
#Firewall configuration
firewall --disabled
#Do not configure the X Window System
skipx
EOF
start and install client
- pxe boot client
- on the install screen, press tab and add ‘ks=http://x.x.x.x/ks.cfg’
- Enter and wait until done
Any Comments ?
sha256: c58f8a064ddcae5b682a1699da8d10b3abb12ce131826e2a6098ed9b930f4e10
Borg
BorgBackup
how do you backup your data … ? a really cool solution is borgbackup.
BorgBackup (short: Borg) gives you:
- Space efficient storage of backups
- Secure, authenticated encryption.
- Compression: LZ4, zlib, LZMA, zstd (since borg 1.1.4).
- Easy installation on multiple platforms: Linux, macOS, BSD, …
- Free software (BSD license).
- Backed by a large and active open source community.
Always a good Idea is to keep a Backup external. Rsync.net has a really competitve Offer (without Support). 100 GB for $18/year.
Forwarding Variable with SSH
Did you know that you can easily forward a variable (or secret) via SSH … ?
This Variable is just available if you’re logged in and never stored in any configfile or backup. This can be a real advantage …
Sending Host
/etc/ssh/ssh_conf
Host trustedhost.world
SendEnv _secret
Receiving Host
/etc/ssh/sshd_conf
AcceptEnv _secret
restart sshd
Connect
user@myhost ~# export _secret=topsecret99
user@myhost ~# ssh trustedhost.world
user@trustedhost ~# set |grep _secret
_secret=topsecret99
here we are …
Any Comments ?
sha256: 2713843b09025791c3a22c831d592af5ed0a0d7a0e593e67175956f7ee8acfbe