Borgbackup

Backup, Linux, Scripts, OpenBSD
Prerequisite you need a remote Borg Server (Unix/Linux Machine with Borg installed) valid User and Key for SCP Transferaaaa SSH Key -> /backup/id_ed25519 Create Local Folder test -d /backup || (mkdir /backup; chmod 700 /backup) Borg Backup Script cat << 'EOF2' > /backup/borg.sh #!/usr/bin/env bash # BorgBackup Script, v1.0, 2024-04-09, by @stoege # Remote server details REMOTE_USER="borguser" REMOTE_HOST="your.remote.borg.server" REMOTE_REPO="mysamplerepo" # Local directory to backup LOCAL_DIR="/" # List of directories to exclude EXCLUDE_DIRS=( "*/.

Python MTR

Mtr, Python, Twisterd
Setup Project Poetry poetry init poetry add twisted poetry add twisted-mtr Build Python Script cat << 'EOF' > main.py #!/usr/bin/env python3 ''' An example usage for twisted-mtr which initiates multiple async traceroutes to multiple IPv4 and IPv6 target IP addresses at the same time. You will need to set your source IP addresses correctly and have a working dual IPv4/IPv6 networking stack to run this example. ''' import sys import signal import logging import ipaddress from twisted.

Python Twisted

Coding, Python, Web
WebServer with Python Twisted cat << 'EOF' > main.py from twisted.web import server, resource from twisted.internet import reactor, endpoints class Counter(resource.Resource): isLeaf = True numberRequests = 0 def render_GET(self, request): client_ip = request.getClientAddress().host r=request.uri.decode('utf-8') if not r =="/favicon.ico": self.numberRequests += 1 request.setHeader(b"content-type", b"text/plain") content = u"I am request #{} from {}\n".format(self.numberRequests, client_ip) return content.encode("ascii") endpoints.serverFromString(reactor, "tcp:8080").listen(server.Site(Counter())) reactor.run() EOF Run poetry init poetry add twisted poetry run python main.py Browse Open your Browser: http://ip-of-your-host:8080

XZ

Security, SSH, Xz
MacOS even MacOS seems not hardly affected, better safe than sorry ! # get Version brew info xz # Cleanup Cache brew cleanup -v -s --prune=all # Downgrade brew reinstall xz # Update brew update # Upgrade brew upgrade # reboot reboot # confirm, 5.4.6 should be fine xz -V Links https://www.openwall.com/lists/oss-security/2024/03/29/4 https://nvd.nist.gov/vuln/detail/CVE-2024-3094 https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/ https://github.com/orgs/Homebrew/discussions/5243 https://github.com/amlweems/xzbot https://www.nzz.ch/technologie/xz-luecke-der-verrueckteste-angriff-ein-programmierer-entdeckt-per-zufall-eine-gefaehrliche-hintertuere-im-code-wohl-von-einem-geheimdienst-ld.1824766 https://www.deepfactor.io/an-accidental-discovery-of-a-backdoor-likely-prevented-thousands-of-infections/ fun: https://infosec.exchange/@tinker/112196180295212632 Any Comments ? sha256: d2d6b0518ee60fc80381a2fb44dee61d06c02a7d4182045ff25d59f4894d1a10

OpenBSD Bridge

Bridge, Network, OpenBSD
Bridge Interfaces on APU Let’s assume you have an APU2/3/4 and you wanna Bridge some of it’s Interfaces, em0/em1/em2 Create Bridge, add Interfaces cat << 'EOF' > /etc/hostname.bridge0 add vether0 add em0 add em1 add em2 up EOF Create Interfaces echo "up" >> /etc/hostname.em0 echo "up" >> /etc/hostname.em1 echo "up" >> /etc/hostname.em2 Create L3 Interface cat << 'EOF' > /etc/hostname.vether0 inet autoconf inet6 autoconf -temporary -soii up EOF Bring Up all together sh /etc/netstart or do a simpy reload

OpenBSD 7.5

OpenBSD, Release, 7.5
OpenBSD 7.5 finally released The 56th Release of OpenBSD was announced. My Upgrade Script is available here. Highlights added support for various new hardware, numerous performance improvements and of course security enhancements. IPv6 support in ppp(4) see the Post on Undeadly for more Details, or the OpenBSD Page … Script doas su - cd /root ftp https://blog.stoege.net/scripts/{.helpers,upgrade_to_75.sh} chmod u+x upgrade_to_75.sh Execute do the Upgrade ./upgrade_to_75.sh after the reboot Upgrade Packages just run the Script again

FreeSwitch

FreeSwitch, Voip
Basic Commands Logging set Level 1..7 fsctl loglevel 7 Any Comments ? sha256: c8bd29c15fa6239c45d9f1c161bf625e6ced9ae690a971b4ead212769dfba55f

PF Basics

OpenBSD, Pf, Ruleset
Basic Ruleset Full Connectifity v4/v6 allow SSH in from RFC1918 allow all outgoing # Backup cp /etc/pf.conf /etc/pf.conf.bak-$(date "+%s") # Paste new Ruleset cat << 'EOF' > /etc/pf.conf ####################################################################################################################### # # OpenBSD PF Template # ####################################################################################################################### ######################## ### DEFAULT SETTINGS ### ######################## set block-policy drop set limit states 100000 set limit table-entries 1000000 set optimization normal set ruleset-optimization none set skip on { lo0 enc0 } set syncookies adaptive (start 25%, end 12%) ######################## ### MACROS ### ######################## # log block lb = "log" # log pass lp = "log" ######################## ### NORMALIZATION ### ######################## match inet scrub (no-df max-mss 1380) match inet6 scrub (max-mss 1360) ######################## ### Block all / uRPF ### ######################## block log block in log quick from urpf-failed label uRPF ############################ ### DHCP & IPv6 Stuff ### ############################ # Allow DHCP pass $lp quick inet proto udp from any port 68 to 255.

OpenBSD RDomains

APU, Mikrotik, Networking, OpenBSD, Routing
Intro Let’s assume you have a Mikrotik Router which got a Mgmt Interface with IP: ‘192.168.88.1/24’ and DHCP Server enabled. You wann Access the Router via HTTP/HTTPS while offering Internet Services for the Mikrotik Router. You have an APU and OpenBSD running. What do you do ? Setup 2 NIC’s em0: dhcp client, default route, rdomain 0 em3: dhcp client, rdomain 3 Interfaces Interface em0 cat << 'EOF' > /etc/hostname.em0 # Public Internet inet autoconf inet6 autoconf EOF Interface em3

Mikrotik

Mikrotik, Router, System
Some Commands for Mikrotik NewBees Helpful Links Quick Guide - CCR2004-1G-12S+2XS CCR2004-1G-12S+2XS - User Manual MikroTik wired interface compatibility Copper SFP (not able todo Auto Negotiation) /interface/ethernet/set sfp-sfpplus1 auto-negotiation=no Update Packages /system package update check-for-updates /system package update install reboot Upgrade Firmware /system routerboard print /system routerboard upgrade /system reboot; Reset Config /system/reset-configuration MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 7.