Upgrading OpenBSD with Ansible.
This article is best enjoyed with basic knowledge of OpenBSD autoinstall and Ansible...
https://chown.me/blog/upgrading-openbsd-with-ansible.html
#ansible #system
This article is best enjoyed with basic knowledge of OpenBSD autoinstall and Ansible...
https://chown.me/blog/upgrading-openbsd-with-ansible.html
#ansible #system
CVE-2019-8460.
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8460
#security #cve
Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologies Ltd. discovered that OpenBSD kernel (all versions, including 6.5) can be forced to create long chains of TCP SACK holes that cause very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8460
#security #cve
Configuring mail server on OpenBSD 6.5.
This guide is mostly notes for myself rather than something readable, but it may be useful anyway. It contains an example of working configuration for OpenSMTPD, SpamPD, SpamAssassin, DKIM Proxy and Dovecot with Sieve support on OpenBSD...
https://ch1p.io/blog/11/
#mail #opensmtpd
This guide is mostly notes for myself rather than something readable, but it may be useful anyway. It contains an example of working configuration for OpenSMTPD, SpamPD, SpamAssassin, DKIM Proxy and Dovecot with Sieve support on OpenBSD...
https://ch1p.io/blog/11/
#mail #opensmtpd
OpenBSD GeoIP pf – filter by country.
https://doublefault0.wordpress.com/2018/01/05/openbsd-geoip-pf-filter-by-country/
#firewall
https://doublefault0.wordpress.com/2018/01/05/openbsd-geoip-pf-filter-by-country/
#firewall
The simple web-stack.
The OpenBSD httpd(8) is my obvious choice. It's small, easy to configure and designed from the ground up to use privilege separation. It does however lack a way to add custom HTTP-headers. To solve this problem, I run relayd(8) infront of httpd(8) and lets it handle TLS acceleration and adding proper caching headers...
https://ifconfig.se/simple-web-stack.html
#httpd #relayd
The OpenBSD httpd(8) is my obvious choice. It's small, easy to configure and designed from the ground up to use privilege separation. It does however lack a way to add custom HTTP-headers. To solve this problem, I run relayd(8) infront of httpd(8) and lets it handle TLS acceleration and adding proper caching headers...
https://ifconfig.se/simple-web-stack.html
#httpd #relayd
And another one... OpenBSD webserver with httpd, relayd and TLS
https://www.alexander-pluhar.de/openbsd-webserver.html
#httpd #relayd
https://www.alexander-pluhar.de/openbsd-webserver.html
#httpd #relayd
OpenBSD Is Now My Workstation.
Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while...
https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/
#desktop
Disclaimer: in this post, I’m speaking about what is my opinion, and I’m not trying to convince you to use OpenBSD or anything else. I don’t truly care, but wanted to share in case it could be useful to you. I do hope you give OpenBSD a shot as your workstation, especially if it has been a while...
https://sogubsys.com/openbsd-is-now-my-workstation-operating-system/
#desktop
Why (and how) we use OpenBSD at VidiGuard.
At VidiGuard, we care a lot about physical security. In fact, it’s our job. But equally important to physical security is the security of our customers’ data. We also need a robust, reliable platform that can run with minimal interaction. To make both of those happen, we employ OpenBSD in our on-premise equipment and our data infrastructure. Why OpenBSD?
https://austinstartups.com/why-and-how-we-use-openbsd-at-vidiguard-b23353d959bb
#story
At VidiGuard, we care a lot about physical security. In fact, it’s our job. But equally important to physical security is the security of our customers’ data. We also need a robust, reliable platform that can run with minimal interaction. To make both of those happen, we employ OpenBSD in our on-premise equipment and our data infrastructure. Why OpenBSD?
https://austinstartups.com/why-and-how-we-use-openbsd-at-vidiguard-b23353d959bb
#story
DoH disabled by default in Firefox.
While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea. Applications should respect OS configured settings. https://undeadly.org/cgi?action=article;sid=20190911113856
DoH, disabled by default, is...
🐡 ... a good idea.
🦐 ... a bad idea.
#desktop #firefox
While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea. Applications should respect OS configured settings. https://undeadly.org/cgi?action=article;sid=20190911113856
DoH, disabled by default, is...
🐡 ... a good idea.
🦐 ... a bad idea.
#desktop #firefox
Be your own VPN provider with OpenBSD.
How to build your own VPN server with OpenBSD and OpenVPN. https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html
#vpn #openvpn
How to build your own VPN server with OpenBSD and OpenVPN. https://networkfilter.blogspot.com/2017/04/be-your-own-vpn-provider-with-openbsd-v2.html
#vpn #openvpn
OpenBSD and mail server setup.
Cool articles from Gilles Chehade about mail server setup.
https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
#mail #opensmtpd #rspamd
Cool articles from Gilles Chehade about mail server setup.
https://poolp.org/posts/2019-08-30/you-should-not-run-your-mail-server-because-mail-is-hard/
https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/
#mail #opensmtpd #rspamd
Guide to OpenBSD as a SOHO router.
A guide to using OpenBSD for a dual stack (IPv4 and IPv6) SOHO router. Tested on a PC Engines apu2d4 with OpenBSD 6.5.
https://github.com/cqcallaw/openbsd-router
#network #soho
A guide to using OpenBSD for a dual stack (IPv4 and IPv6) SOHO router. Tested on a PC Engines apu2d4 with OpenBSD 6.5.
https://github.com/cqcallaw/openbsd-router
#network #soho
Signify.
OpenBSD tool to signs and verify signatures on files. Portable version.
https://github.com/aperezdc/signify
#signify
OpenBSD tool to signs and verify signatures on files. Portable version.
https://github.com/aperezdc/signify
#signify
Network Management with the OpenBSD Packet Filter Toolset.
EuroBSDCon 2019. Peter Hansteen and Massimiliano Stucchi. https://home.nuug.no/~peter/pftutorial/#1
#pf
EuroBSDCon 2019. Peter Hansteen and Massimiliano Stucchi. https://home.nuug.no/~peter/pftutorial/#1
#pf