sshd random relinking at boot.
As with library order randomisation (libc.so/libcrypto/ld.so) at boot and kernel relinking at boot, boot time relinking of sshd(8) is now implemented in -current. Theo de Raadt committed the changes...
https://undeadly.org/cgi?action=article;sid=20230119075627
#ssh #security
As with library order randomisation (libc.so/libcrypto/ld.so) at boot and kernel relinking at boot, boot time relinking of sshd(8) is now implemented in -current. Theo de Raadt committed the changes...
https://undeadly.org/cgi?action=article;sid=20230119075627
#ssh #security
๐17
Initial support for guided disk encryption in the installer.
The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shell from the installer. Initial support, likely to be expanded upon, was committed by Klemens Nanni (kn@) on March 7, 2023...
https://undeadly.org/cgi?action=article;sid=20230308063109
#security #encryption #install
The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shell from the installer. Initial support, likely to be expanded upon, was committed by Klemens Nanni (kn@) on March 7, 2023...
https://undeadly.org/cgi?action=article;sid=20230308063109
#security #encryption #install
โค11๐6๐ฅ1
Dynamic host configuration, please.
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more...
- https://undeadly.org/cgi?action=article;sid=20230308060219
- https://sha256.net/dynamic_host_configuration_please.html
#network #dns
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more...
- https://undeadly.org/cgi?action=article;sid=20230308060219
- https://sha256.net/dynamic_host_configuration_please.html
#network #dns
โค12๐1๐ฅฐ1
How To Set Up a Wireguard VPN Server with Unbound on OpenBSD.
Some months ago, I published an article on how to set up a Wireguard server with adblocking capabilities on GNU/Linux systems, focusing Debian and PiHole specifically. Recently I wanted to reproduce the same setup on an OpenBSD server(since the Wireguard protocol is available on *BSD systems as well) and, while PiHole is not currently available for *BSD systems, I managed to accomplish the same result using the DNS resolver unbound(8) and unbound-adblock to fetch updated blocklists every day. In this guide, I will show you how to achieve the same result...
https://marcocetica.com/posts/wireguard_openbsd/
#wirequard #vpn #security
Some months ago, I published an article on how to set up a Wireguard server with adblocking capabilities on GNU/Linux systems, focusing Debian and PiHole specifically. Recently I wanted to reproduce the same setup on an OpenBSD server(since the Wireguard protocol is available on *BSD systems as well) and, while PiHole is not currently available for *BSD systems, I managed to accomplish the same result using the DNS resolver unbound(8) and unbound-adblock to fetch updated blocklists every day. In this guide, I will show you how to achieve the same result...
https://marcocetica.com/posts/wireguard_openbsd/
#wirequard #vpn #security
๐14โค8๐1
Is OpenBSD for you?
This blog post is a step by step wizard for those who think about using OpenBSD as a primary OS and daily driver, but don't know if it meets the requirements. I am trying to focus on desktop/laptop use in this case...
https://mizik.eu/blog/is-openbsd-for-you/index.html
#system #hardware #install
This blog post is a step by step wizard for those who think about using OpenBSD as a primary OS and daily driver, but don't know if it meets the requirements. I am trying to focus on desktop/laptop use in this case...
https://mizik.eu/blog/is-openbsd-for-you/index.html
#system #hardware #install
๐20โค7
โค7
Launch OpenBSD vmd Guests on Demand from SSH.
Iโd been kicking around the idea of using an ssh ProxyCommand to launch transient EC2 instances connected to long-lived EBS volumes so I figured โ why not implement this for vmd hosts? I could forward Linux X11 apps to my desktop & be able to use Signal...
https://jonwillia.ms/2023/03/20/vmctl-ssh
#vmd #virtualization #openssh
Iโd been kicking around the idea of using an ssh ProxyCommand to launch transient EC2 instances connected to long-lived EBS volumes so I figured โ why not implement this for vmd hosts? I could forward Linux X11 apps to my desktop & be able to use Signal...
https://jonwillia.ms/2023/03/20/vmctl-ssh
#vmd #virtualization #openssh
๐3โค2
Media is too big
VIEW IN TELEGRAM
Synthetic Memory Protections.
Theo de Raadt (derradt@) was scheduled to present at CanSecWest. That's now happened, and slides of Theo's presentation, Synthetic Memory Protections, can be found in the usual place. Video is available on the bird site.
#security #video
Theo de Raadt (derradt@) was scheduled to present at CanSecWest. That's now happened, and slides of Theo's presentation, Synthetic Memory Protections, can be found in the usual place. Video is available on the bird site.
#security #video
โค13๐3๐ฅ2
๐57๐พ10โค7๐ฅ6๐5โก4๐ฅฐ2๐1
AWS Gazo bot.
Scripts to create, customize and upload AWS images to the cloud. This is a work in progress, I'm trying to create OpenBSD images from Linux, specially using arm64 and riscv64 for AWS since OpenBSD has no vmm support for arm64 nor riscv64 yet...
https://github.com/csaltos/aws-gazo-bot
Based on the scripts created by Antoine Jacoutot at https://github.com/ajacoutot/aws-openbsd
#aws #cloud #install
Scripts to create, customize and upload AWS images to the cloud. This is a work in progress, I'm trying to create OpenBSD images from Linux, specially using arm64 and riscv64 for AWS since OpenBSD has no vmm support for arm64 nor riscv64 yet...
https://github.com/csaltos/aws-gazo-bot
Based on the scripts created by Antoine Jacoutot at https://github.com/ajacoutot/aws-openbsd
#aws #cloud #install
โค6๐ฅฐ1
viogpu(4), a VirtIO GPU driver, added to -current.
Joshua Stein (jcs@) has committed viogpu(4), which provides support for the virtio(4) GPU interface (provided by QEMU and other virtual machines) to create a wscons(4) console...
https://www.undeadly.org/cgi?action=article;sid=20230421124221
#viogpu #virtio
Joshua Stein (jcs@) has committed viogpu(4), which provides support for the virtio(4) GPU interface (provided by QEMU and other virtual machines) to create a wscons(4) console...
https://www.undeadly.org/cgi?action=article;sid=20230421124221
#viogpu #virtio
โค13๐ฅ4๐1๐ฅฐ1
cron(8) now supports random ranges with steps.
Thanks to the following commit by Todd Miller, cron now supports random values in a range with a step value (i.e. "<lo>~<hi>/<step>" in crontab entries)...
https://undeadly.org/cgi?action=article;sid=20230507122935
#cron
Thanks to the following commit by Todd Miller, cron now supports random values in a range with a step value (i.e. "<lo>~<hi>/<step>" in crontab entries)...
https://undeadly.org/cgi?action=article;sid=20230507122935
#cron
๐17๐ฆ3โค2๐ฅฐ2โคโ๐ฅ1
dhcpd.leases dashboard
A simple dashboard for the dhcpd.leases file of the OpenBSD dhcpd server that is very easy to deploy and use...
https://github.com/facelessfish/dhcpd-leasesd
#dhcp #dhcpd #network
A simple dashboard for the dhcpd.leases file of the OpenBSD dhcpd server that is very easy to deploy and use...
https://github.com/facelessfish/dhcpd-leasesd
#dhcp #dhcpd #network
โค17๐7๐3
This media is not supported in your browser
VIEW IN TELEGRAM
๐29โค13๐12๐6โคโ๐ฅ1๐1๐ฅฐ1๐คฎ1
sec(4) for Route Based IPSec VPNs
A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current...
https://undeadly.org/cgi?action=article;sid=20230704094238
#network #vpn #sec
A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current...
https://undeadly.org/cgi?action=article;sid=20230704094238
#network #vpn #sec
๐ฅ15๐3โค2๐2๐คฎ1
๐ฅ45๐21โค13๐7โคโ๐ฅ5๐2๐2โก1
OpenBSD Webzine issues 14, 15, 16.
- https://webzine.puffy.cafe/issue-14.html
- https://webzine.puffy.cafe/issue-15.html
- https://webzine.puffy.cafe/issue-16-special-octopenbsd-2023.html
#webzine #news
- https://webzine.puffy.cafe/issue-14.html
- https://webzine.puffy.cafe/issue-15.html
- https://webzine.puffy.cafe/issue-16-special-octopenbsd-2023.html
#webzine #news
โค7๐6
Install OpenBSD 7.3 on Proxmox (BIOS/UEFI and Cloud-init).
I thought it was an opportunity to take stock of the different methods of installing OpenBSD on our favorite hypervisor. We will consider different scenarios depending on the types of BIOS available under Proxmox (OVMF, SEABIOS); different OpenBSD installation images; and, finally, we'll talk about the thorny subject of OpenBSD's compatibility with Cloud-init...
https://forum.proxmox.com/threads/install-openbsd-7-3-on-proxmox-bios-uefi-and-cloud-init.133063/
#virtualization #proxmox #install
I thought it was an opportunity to take stock of the different methods of installing OpenBSD on our favorite hypervisor. We will consider different scenarios depending on the types of BIOS available under Proxmox (OVMF, SEABIOS); different OpenBSD installation images; and, finally, we'll talk about the thorny subject of OpenBSD's compatibility with Cloud-init...
https://forum.proxmox.com/threads/install-openbsd-7-3-on-proxmox-bios-uefi-and-cloud-init.133063/
#virtualization #proxmox #install
๐11โค5