System

PHP 8.0 on OpenBSD 6.9

OpenBSD 6.9 and PHP 8 is out … Why not give a try ? list packages what PHP Packages are available with Version 6.9 ? root@host # pkg_info -Q php |grep '\-8' php-8.0.3 php-apache-8.0.3 php-bz2-8.0.3 php-cgi-8.0.3 php-curl-8.0.3 php-dba-8.0.3 php-dbg-8.0.3 php-enchant-8.0.3 php-gd-8.0.3 php-gmp-8.0.3 php-imap-8.0.3 php-intl-8.0.3 php-ldap-8.0.3 php-mysqli-8.0.3 php-odbc-8.0.3 php-pcntl-8.0.3 php-pdo_dblib-8.0.3 php-pdo_mysql-8.0.3 php-pdo_odbc-8.0.3 php-pdo_pgsql-8.0.3 php-pdo_sqlite-8.0.3 php-pgsql-8.0.3 php-pspell-8.0.3 php-shmop-8.0.3 php-snmp-8.0.3 php-soap-8.0.3 php-sqlite3-8.0.3 php-tidy-8.0.3 php-xsl-8.0.3 php-zip-8.0.3 add nginx, php8 add webserver, php8 and enable the services

Comments

just trying a new feature for leaving comments … it’s selfhosted, done with isso and quite painfull to install :( some people may like to provide feedback, ask questions, … sha256: 77e8157a850143fbc6ec418ef10c9a9e53040091604df1c9dbdd6e2d476d3c0e

Git Branches

some basic commands for branches. you can read the official page for more details create branch you wanna develope a feature, fix a bug, test some stuff … you need a branch ! git checkout -b feature1 push upstream if you have a central repo, push the feature upstream (so others can checkout as well) git push --set-upstream origin feature1 show branch you may have multiple branches, list them all

Bootstrap OpenBSD with Jail Partition

Bootstrapping VM This is similar to the previous Post, but with a small difference. Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available … VM with 20G Disk *** Bootstrap OpenBSD 6.

Bootstrap OpenBSD

Bootstrapping VM It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size. This stuff was tested on www.hetzner.de, so you should be able to reproduce it in a few minutes. Costs: CX11, 1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.

Git Clear your History

Clear History have you ever checked in some binarys, confidential stuff or something else by mistake ? Git will keep all your history, that’s their design and purpose. how ever, if you need to cleanup once, here is a short tutorial. Kill Git Config cd myrepo cat .git/config -> note down the url rm -rf .git Create New Repo git init git add . git commit -m "Removed history, ..." Push Remote git remote add origin git@host/yourrepo <- URL you noted down above git push -u --force origin master All in One _url=$(git remote -v |awk '/fetch/ { print $2 }') rm -rf .

Serial Console & Ttys

assuming you have a apu2|apu3|apu4 from pcengines or a virtual machine running on KVM/Qemu. And you don’t have vga/dvi/hdmi whatever kind of video output. of course, you can install and run OpenBSD (or Linux) on this boxes. boot.conf if you wanna install from an USB Stick, set the correct Port and Speed before booting. boot> stty com0 115200 boot> set tty com0 or put these settings ins in the boot.conf on your tftp server.

Gluerecords

https://serverfault.com/questions/142344/how-to-test-dns-glue-record Check GlueRecords host:~ $ dig +short ch. NS c.nic.ch. a.nic.ch. h.nic.ch. f.nic.ch. g.nic.ch. b.nic.ch. e.nic.ch. host:~ $ dig +norec @a.nic.ch. noflow.ch. NS ; <<>> DiG 9.10.6 <<>> +norec @a.nic.ch. noflow.ch. NS ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29211 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;noflow.

Checkmk

Some Install Notes https://checkmk.de/cms_install_packages_debian.html download and scp check-mk-enterprise-1.6.0p15.demo_0.buster_amd64.deb -> enterprise microkernel, 2 x 10 Hosts download and scp check-mk-raw-1.6.0p15_0.buster_amd64.deb -> raw edition, nagios kernel ssh root@localhost apt-get install dpkg-sig libnet-snmp-perl snmp wget https://checkmk.com/support/Check_MK-pubkey.gpg gpg --import Check_MK-pubkey.gpg dpkg-sig --verify /tmp/check-mk-enterprise-1.6.0p15.demo_0.buster_amd64.deb apt-get install gdebi-core gdebi /tmp/check-mk-raw-1.6.0p15_0.buster_amd64.deb omd version omd create mysite omd config oder omd restore /tmp/mysite.tar.gz sha256: 0f3424920db7da1942842c4ae9f04d4b366d3113f8e858dba37fae3fca123f86

GIT add Folder to Repo

wanna switch a local folder to a remote git repo ? https://docs.github.com/en/github/using-git/adding-a-remote GitoLite create git repo with gitolite (myproject) add Folder cd myproject git init git remote add origin git@your-git-server:myproject check Status git remote -v git status add all existing Files, commit and push to remote git add . git commit -m "initial commit" git push --set-upstream origin master sha256: 3d044e15882683dcf8a0cd3b79e464e89ae4b1a5a93a142651f589130f040d7a

Hamster Rad

Projekt Hamster Counter Hamsterrad Reed Sensor Installation Ziel Ein kleiner Hamster Rad Zähler, um etwas über das (nächtliche) Laufverhalten des Nagers zu erfahren. Website Das Projekt hat nen kleinen Webserver bekommen mit Live Statistiken Webserver nur IPv6 erreichbar Hardware Hamster Käfig Laufrad APU2/3/4 von PC Engines, kann natürlich auch ein Raspi / Aruduino oder sonstwas sein … DSUB 9 Pol (Conrad, Art: 2108931 - 62), oder einfach ein altes Kabel verschneiden Rolle Draht / Litze 2 Ader (Conrad, Art: 1567051 - 62) Positionssensor (Conrad, Art.

Gitolite

You wanna host your own Git Repositories ? Have a look at Gitolite. It does all for you :) Install GitoLite pkg_add gitolite Add git user root@gitserver ~# adduser -silent Enter username []: git Enter full name []: git repo user Enter shell bash csh git-shell ksh nologin sh [ksh]: Uid [1001]: Login group git [git]: Login group is ``git''. Invite git into other groups: guest no [no]: Login class authpf bgpd daemon default pbuild staff unbound [default]: Enter password []: Disable password logins for the user?

Git

Some Git Commands Merge two Repos “merge unrelated histories” git pull origin master --allow-unrelated-histories git push git pull Find deleted File git log --diff-filter=D --summary commit abcecadce91af3814662fa6a04d0f12e361f0574 Date: Sun May 31 23:19:59 2020 +0200 update delete mode 100644 master/sed.tcpdump commit 81ae58d70c27d02eb2f65beed4fe0b571073f087 Date: Fri May 29 16:06:14 2020 +0200 update Restore deleted File git checkout 81ae58d70c27d02eb2f65beed4fe0b571073f087 sed.tcpdump Remove Sensitive Data https://help.github.jp/enterprise/2.11/user/articles/removing-sensitive-data-from-a-repository/ git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch .geheimesfile' \ --prune-empty --tag-name-filter cat -- --all git push origin --force --all git push origin --force --tags sha256: fd74de4918390644e46dffe29a434eb74ba892dd138003a20cb234cce418676e

SSH Audit

ssh-audit is a tool for ssh server auditing. Features SSH1 and SSH2 protocol server support; grab banner, recognize device or software and operating system, detect compression; gather key-exchange, host-key, encryption and message authentication code algorithms; output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); output algorithm recommendations (append or remove based on recognized software version); output security information (related issues, assigned CVE list, etc); analyze SSH version compatibility based on algorithm information;

OpenBSD with IPSEC -> GIF -> OSFP

Intro Stage two Machines, puffy206 and puffy207 Both Maschines needs static IP Adresses puffy206 Loopback & Gif doas su - cat << 'EOF' > /etc/hostname.lo1 inet 10.0.0.6/32 up EOF cat << 'EOF' > /etc/hostname.gif0 description "Point2Point Interface for OSPF" mtu 1420 10.10.10.6 10.10.10.7 netmask 255.255.255.255 tunnel 192.168.108.206 192.168.108.207 EOF Enable IPSEC & IP Forwarding cat << 'EOF' >> /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.gre.allow=1 EOF rcctl enable ipsec isakmpd rcctl set isakmpd flags -K Create Tunnel Endpoint cat << 'EOF' > /etc/ipsec.