DNS over TLS: OpenBSD with Unbound.
This article describes how to configure and use Unbound on OpenBSD in order to send encrypted DNS via DNS over TLS to Quad9. This was tested using OpenBSD 7.1.
https://support.quad9.net/hc/en-us/articles/7303285565069-DNS-over-TLS-OpenBSD-with-Unbound
#doh #unbound
This article describes how to configure and use Unbound on OpenBSD in order to send encrypted DNS via DNS over TLS to Quad9. This was tested using OpenBSD 7.1.
https://support.quad9.net/hc/en-us/articles/7303285565069-DNS-over-TLS-OpenBSD-with-Unbound
#doh #unbound
π2
Building a Large-Scale Threat Intelligence System with OpenBSD.
In this talk I describe a threat intelligence system that leverages thousands of OpenBSD firewalls deployed at businesses across a wide range of industries. The data is collected, processed, and analyzed to create tactical threat intelligence feeds that are then automatically disseminated back to all the firewalls to defend against Internet threats. The talk discusses why OpenBSD was selected as the platform of choice and how its features are used to achieve the objectives of this system, as well as challenges and lessons learned.
https://www.youtube.com/watch?v=qQdcAn4-3CE
#video #bsdcan
In this talk I describe a threat intelligence system that leverages thousands of OpenBSD firewalls deployed at businesses across a wide range of industries. The data is collected, processed, and analyzed to create tactical threat intelligence feeds that are then automatically disseminated back to all the firewalls to defend against Internet threats. The talk discusses why OpenBSD was selected as the platform of choice and how its features are used to achieve the objectives of this system, as well as challenges and lessons learned.
https://www.youtube.com/watch?v=qQdcAn4-3CE
#video #bsdcan
YouTube
Building a Large Scale Threat Intelligence System with OpenBSD Lawrence Teo
Full description at https://www.bsdcan.org/events/bsdcan_2022/schedule/session/101-building-a-large-scale-threat-intelligence-system-with-openbsd/
π12
OpenBSD on a Lenovo Thinkpad X220.
This is going to be yet another post about installing / running OpenBSD on an old Thinkpad X220. Itβs not going to be different than all of the other guides that are already out there, but my motivation and what came of it afterwards might be interesting for some folks.
https://housingsklave.at/posts/2022-05-07-openbsd-on-a-lenovo-thinkpad-x220/
#hardware #install #system
This is going to be yet another post about installing / running OpenBSD on an old Thinkpad X220. Itβs not going to be different than all of the other guides that are already out there, but my motivation and what came of it afterwards might be interesting for some folks.
https://housingsklave.at/posts/2022-05-07-openbsd-on-a-lenovo-thinkpad-x220/
#hardware #install #system
π4
How to get rid of all the warnings in Nextcloud.
After the installation of Nextcloud you check for security & setup warnings in the administration panel. Although you followed the pkg-readme for Nextcloud to the point you get some yellow entries there. In this article I show you how you can get rid of these.
https://www.bsdhowto.ch/ncwarnings.html
#nextcloud #httpd #redis
After the installation of Nextcloud you check for security & setup warnings in the administration panel. Although you followed the pkg-readme for Nextcloud to the point you get some yellow entries there. In this article I show you how you can get rid of these.
https://www.bsdhowto.ch/ncwarnings.html
#nextcloud #httpd #redis
π6π2
π3π₯3
Running a Docker Host under OpenBSD using vmd(8).
The OpenBSD virtual machine daemon works pretty well with Linux VMs nowadays. This was time for me to see if I could replace the Synology Docker service with some Docker host provided by vmd(8)...
https://www.tumfatig.net/2022/running-docker-host-openbsd-vmd/
#docker #vmd
The OpenBSD virtual machine daemon works pretty well with Linux VMs nowadays. This was time for me to see if I could replace the Synology Docker service with some Docker host provided by vmd(8)...
https://www.tumfatig.net/2022/running-docker-host-openbsd-vmd/
#docker #vmd
π6π₯5π±1
A Few of My Favorite Things About The OpenBSD Packet Filter Tools.
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. We'll take a short tour of PF features and tools that I have enjoyed using...
https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html
#firewall #network #pf
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. We'll take a short tour of PF features and tools that I have enjoyed using...
https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html
#firewall #network #pf
π13π₯3π±1
cwdof.
Simple utility to get the current working directory of a given process in OpenBSD.
https://github.com/phillbush/cwdof
#cwdof #system
Simple utility to get the current working directory of a given process in OpenBSD.
https://github.com/phillbush/cwdof
#cwdof #system
π₯5π2π±1
OpenBSD package search.
Default search queries OpenBSD 7.2 package sets. You can search -current packages (from Thu Sep 29 06:56:13 2022) by toggling the '-current' checkbox.
https://openbsd.app/
#link #package #search
Default search queries OpenBSD 7.2 package sets. You can search -current packages (from Thu Sep 29 06:56:13 2022) by toggling the '-current' checkbox.
https://openbsd.app/
#link #package #search
π8π₯3π1π±1
OpenBSD: Manage DNS, DNSSEC (to automate TLSA records).
My DNS service run since 4 years, under OpenBSD native tool named nsd. I manage DNSSEC with ldns tools, a package into ports. In the facts, I use ldnscript tool to create all needed keys and manage DNSSEC. Starting Juin 2022, I decided to switch from RSA to use ECDSA. Before going any further in this direction, letβs move on to the installation of the necessary prerequisites necessary...
https://doc.huc.fr.eu.org/en/post/openbsd-nsd-dnssec-tlsa/
#dns #dnssec
My DNS service run since 4 years, under OpenBSD native tool named nsd. I manage DNSSEC with ldns tools, a package into ports. In the facts, I use ldnscript tool to create all needed keys and manage DNSSEC. Starting Juin 2022, I decided to switch from RSA to use ECDSA. Before going any further in this direction, letβs move on to the installation of the necessary prerequisites necessary...
https://doc.huc.fr.eu.org/en/post/openbsd-nsd-dnssec-tlsa/
#dns #dnssec
π4π±1
rspamd dashboard
I have my personal email self-hosted, because I can and like, so for that I use opensmtpd + rspamd + dovecot, the setup works just fine, I get almost no spam, I can reach any mailbox, so I can't complain about it at all...
https://x61.sh/log/2022/10/20221027T115439-rspamd-dashboard.html
#rspamd #email
I have my personal email self-hosted, because I can and like, so for that I use opensmtpd + rspamd + dovecot, the setup works just fine, I get almost no spam, I can reach any mailbox, so I can't complain about it at all...
https://x61.sh/log/2022/10/20221027T115439-rspamd-dashboard.html
#rspamd #email
π20π₯2
YouTube
EuroBSDcon 2022, Austria - YouTube
π9π2
A few of my favourite things about the OpenBSD Packet Filter tools.
The OpenBSD packet filter (PF) was introduced a little more than 20 years ago as part of OpenBSD 3.0. In a series of two posts, I invite you to take a short tour of PF features and tools that I have enjoyed using. At the time the OpenBSD project introduced its new packet filter subsystem in 2001, I was nowhere near the essentially full-time OpenBSD user I would soon become. I did, however, quickly recognize that even what was later dubbed βthe working prototypeβ was reported to perform better in most contexts than the code it replaced.
https://blog.apnic.net/2022/11/02/openbsd-packet-filter-tools/
#pf #firewall
The OpenBSD packet filter (PF) was introduced a little more than 20 years ago as part of OpenBSD 3.0. In a series of two posts, I invite you to take a short tour of PF features and tools that I have enjoyed using. At the time the OpenBSD project introduced its new packet filter subsystem in 2001, I was nowhere near the essentially full-time OpenBSD user I would soon become. I did, however, quickly recognize that even what was later dubbed βthe working prototypeβ was reported to perform better in most contexts than the code it replaced.
https://blog.apnic.net/2022/11/02/openbsd-packet-filter-tools/
#pf #firewall
π13
So I lost my OpenBSD FDE password.
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase...
https://words.filippo.io/so-i-lost-my-openbsd-fde-password/
#encryption #fde
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase...
https://words.filippo.io/so-i-lost-my-openbsd-fde-password/
#encryption #fde
π6π±1
mimmutable() for OpenBSD.
Virtual-memory systems provide a great deal of flexibility in how memory can be mapped and protected. Unfortunately, memory-management flexibility can also be useful to attackers bent on compromising a system. In the OpenBSD world, a new system call is being added to reduce this flexibility; it is, though, a system call that almost no code is expected to use.
https://lwn.net/SubscriberLink/915640/53bc300d11179c62/
#security #system #memory
Virtual-memory systems provide a great deal of flexibility in how memory can be mapped and protected. Unfortunately, memory-management flexibility can also be useful to attackers bent on compromising a system. In the OpenBSD world, a new system call is being added to reduce this flexibility; it is, though, a system call that almost no code is expected to use.
https://lwn.net/SubscriberLink/915640/53bc300d11179c62/
#security #system #memory
π5π±1