Sometimes you run into problem because you’re not aware of the environment of cron.

So, let’s dump and check the environment.

Add Cronjob

*       *       *       *       *       env > /tmp/env.log

Dump Content

puffy200# cat /tmp/env.log
LOGNAME=root
HOME=/var/log
PWD=/var/log
PATH=/bin:/sbin:/usr/bin:/usr/sbin
SHELL=/bin/sh
USER=root

sha256: 6e5d4767a577cc5673505edd19b29f931ce23de7f97a9088c3137945206730a3

Install in Text Mode

add ‘inst.text’ to the installer

sha256: cc844bf45c94834fd755aea16ad44bb2ba73a3ef4975e3a9c39439debc914f63

Python PIP

https://pip.pypa.io/en/stable/cli/pip_list/

how to PIP with OpenBSD …

Already Installed ?

doas pkg_info -Q py3-pip

py3-pip-20.1.1p0 (installed)

Install pip3

doas pkg_add py3-pip--
doas ln -sf /usr/local/bin/pip3.9 /usr/local/bin/pip

Search

doas pip search csvkit

Install csvkit

doas pip install wheel csvkit

Upgrade pip

doas pip install --upgrade pip

Upgrade pip packages

for i in $(pip list -o | awk 'NR > 2 {print $1}'); do doas pip install -U $i; done

or

doas pip install pip-review
doas pip-review --interactive

sha256: 39b0c97b5063483f3d42fd6ac5515f679180cb454d35cff5ee487a19f0fb5343

How to configure a Vlan on Linux Mint ?

Wiki

Install vlan

sudo apt-get install vlan

Configuration

root@mint:~# sudo modprobe 8021q

root@mint:~# ifconfig
ens19: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.18.83  netmask 255.255.255.0  broadcast 10.10.18.255
        inet6 2001:db8:1:2:9506:5fcd:1c61:1279  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:a9:c50b:1348:1ec6  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:e064:b0ec:a08f:7fd8  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:a015:7ec:eef0:1a75  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:a028:b890:ffe8:5231  prefixlen 64  scopeid 0x0<global>
        inet6 2001:db8:1:2:c80:addb:1273:95d5  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::9cc2:b22d:cc15:2946  prefixlen 64  scopeid 0x20<link>
        ether 4e:e5:10:00:06:83  txqueuelen 1000  (Ethernet)
        RX packets 181  bytes 58337 (58.3 KB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 271  bytes 48413 (48.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 138  bytes 13723 (13.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 138  bytes 13723 (13.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@mint:~# vconfig add ens19 158
Added VLAN with VID == 158 to IF -:ens18:-
root@mint:~#

root@mint:~# ip addr add 100.60.100.83/24 dev ens19.158
root@mint:~#

root@mint:~# ip link set up ens19.158
root@mint:~#

Make Permanent

sudo su -c 'echo "8021q" >> /etc/modules'

/etc/network/interfaces
auto ens19.158
iface ens19.158 inet static
    address 100.60.100.83
    netmask 255.255.255.0
    vlan-raw-device ens19.158
    up route add -net 10.0.0.0 netmask 255.0.0.0 gw 100.60.100.1

sha256: e69d61613b45307405014943049154d70c8cf140d2a3bcf5bbf7679fbefa798f

… and you thought that cgi is dead …

nginx.conf

cat << 'EOF' > /etc/nginx/nginx.conf
worker_processes  1;

worker_rlimit_nofile 1024;
events {
    worker_connections  800;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;
    access_log  syslog:server=unix:/dev/log,severity=notice main;

    keepalive_timeout  65;

    server_tokens off;

    server {
        listen       80;
        listen       [::]:80;
        server_name  localhost;
        root         /var/www/htdocs;

        # FastCGI to CGI wrapper server
        #
        location /cgi-bin/ {
            #error_log     /var/log/slowcgi/errors;
            fastcgi_pass   unix:run/slowcgi.sock;
            fastcgi_split_path_info ^(/cgi-bin/[^/]+)(.*);
            fastcgi_param  PATH_INFO $fastcgi_path_info;
            include        fastcgi_params;
        }
    }
}
'EOF'

chmod 644 /etc/nginx/nginx.conf
rcctl enable nginx
rcctl start nginx

Slowcgi

rcctl enable slowcgi
rcctl start slowcgi

CGI

cat << 'EOF' > /var/www/cgi-bin/test.cgi
#!/bin/sh

echo "Content-type: text/html\n\n";
echo "<HTML>\n";
echo "<HEAD>\n";
echo "  <title>Ich bin ein Titel :)</title>\n";
echo "</HEAD>\n";
echo "Test from /bin/sh ..!\n";
echo "</HTML>\n";
EOF

chown www /var/www/cgi-bin/test.cgi
chmod 500 /var/www/cgi-bin/test.cgi

Install Interpreter (Chrooted !)

mkdir /var/www/bin/
cp /bin/sh /var/www/bin/

Test

curl http://ip-of-device/cgi-bin/test.cgi

Troubleshoot

chroot /var/www/ cgi-bin/test.cgi

sha256: cb939fe359ec8b8611392b03c702d42de819c4a51b81c120a70fe4a8d7ff6770

… and you thought that cgi is dead …

httpd.conf

cat << 'EOF' > /etc/httpd.conf
types {
  include "/usr/share/misc/mime.types"
}


## A minimal default server ##
server "default" {
  listen on *   port 80
  log { access "default-access.log", error "default-error.log" }
  location "/cgi-bin/*" {
    fastcgi socket "/run/slowcgi.sock"
    root "/"
  }
}
EOF

chmod 644 /etc/httpd.conf
rcctl enable httpd
rcctl start httpd

Slowcgi

rcctl enable slowcgi
rcctl start slowcgi

CGI

cat << 'EOF' > /var/www/cgi-bin/test.cgi
#!/bin/sh

echo "Content-type: text/html\n\n";
echo "<HTML>\n";
echo "<HEAD>\n";
echo "  <title>Ich bin ein Titel :)</title>\n";
echo "</HEAD>\n";
echo "Test from /bin/sh ..!\n";
echo "</HTML>\n";
EOF

chown www /var/www/cgi-bin/test.cgi
chmod 500 /var/www/cgi-bin/test.cgi

Install Interpreter (Chrooted !)

mkdir /var/www/bin/
cp /bin/sh /var/www/bin/

Test

curl http://ip-of-device/cgi-bin/test.cgi

sha256: c102990dbf0d3903c8a066e7add79f0d1cac8b99557fb01874b2708d0135b710

OpenBSD Current

Active OpenBSD development is known as the -current branch. These sources are frequently compiled into releases known as snapshots FAQ

Assuming, you can’t wait for the next release, or you wanna test features, find bugs and so participate on the community, this little script will help you:

Upgrade to Current

and remove game*,comp*,xf* and xs* Packages before reboot

cat << 'EOF' > upgrade_to_current.sh
#!/bin/sh

echo "let's check for news ..."

local _response=$(sysupgrade -n -s)

if [[ $_response == *reboot ]]; then
  echo "\nInstalled! Let's reboot ...\n"
  rm /home/_sysupgrade/{game,comp,xf,xs}*
  reboot
else
  echo "Nothing todo ..."
fi

exit 0
EOF

chmod 755 upgrade_to_current.sh

sha256: c6eb0b5142102775f26c373f1d16c378ade7683af62ca77bb3d088fdbb52c603

doas, an alternative to sudo

Everybody knows sudo … right ? but the openbsd guys hacked a small and secure replacement called doas …

simple, secure and clever

here a good and quick tutorial

An introduction on Vultr, the Source Code on Github and the Man Page

Installation OpenBSD

On OpenBSD, it’s already in the Base System and no need to install anything.

Installation Linux

On Linux, for Example, you have to add the Package

ssh-audit is a tool for ssh server auditing.

Features

SSH1 and SSH2 protocol server support;

grab banner, recognize device or software and operating system, detect compression;

gather key-exchange, host-key, encryption and message authentication code algorithms;

output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);

output algorithm recommendations (append or remove based on recognized software version);

output security information (related issues, assigned CVE list, etc);

analyze SSH version compatibility based on algorithm information;

red

blue

green

yellow

nothing to add ;)

sha256: 4c3348e17608fe296942aef18b8044221d7f882006eb5b5ce931ec6a898f706a