Arnaud Fenioux 's Personal Home Page

BSD

FreeBsd Crypto

March 4, 2016 - Arnaud
Categorie: Technical
Tags: BSD

There are several way to make some crypto :

-  To create encrypted image jails, use the -c switch and either pass bde or eli and follow the instructions on screen:
ezjail-admin create -c eli -i 16G example.com 10.0.0.3

OpenBGPd

June 13, 2015 - Arnaud
Categorie: Technical
Tags: BSD

pkg install openbgpd
touch /usr/local/etc/bgpd.conf
chmod 0600 /usr/local/etc/bgpd.conf

echo 'bgpd_flags=""' >> /etc/rc.conf

edit your config :
vi /usr/local/etc/bgpd.conf

service bgpd start

Some useful commands :

List the sessions and states :
bgpctl show summary

Detailed informations on your neighbors:
bgpctl show neighbor

Your configured/announced net :
bgpctl show network

FreeBSD10 Ezjail and OpenVPN

February 13, 2015 - Arnaud
Categorie: Technical
Tags: BSD

WARNING : This is probably a bad idea to use OpenVPN in a Jail (you will lose *a lot* of time to configure it) but it work's.

I really recommand to read the sources a the bottom of this articles, they were great help.

First things, prepare the host :

ifconfig tun create
echo 'cloned_interfaces="tun"' >> /etc/rc.conf

FreeBSD Jails

February 10, 2015 - Arnaud
Categorie: Technical
Tags: BSD

We will use ezjail to make it easier :

pkg install ezjail
ezjail-admin install

service ezjail start

Create your first jail and connect to it (we will NAT the jail in this example):

ezjail-admin create myjailname 'lo1|10.11.12.1'
ezjail-admin start myjailname
ezjail-admin list
ezjail-admin console myjailname

Allow raw sockets (needed for ping, but not recommanded) by editing /usr/local/etc/ezjail/myjailname:

export jail_myjailname_parameters="allow.raw_sockets=1"

FreeBSD Basics

February 10, 2015 - Arnaud
Categorie: Technical
Tags: BSD

If you choose to Install FreeBSD 10 on Proxmox, you MUST set CPU to QEMU64 or it won't boot (yes, it will be ok for install, but not for boot!)

If you choosed to install ssh and ntp, check they are enabled in  /etc/rc.conf :

sshd_enable="YES"
ntpd_enable="YES"

remember to modify theses lines in /etc/ntp.conf to avoid beeing a bot in a DDoS amplification attack :

Subscribe to RSS - BSD RSS Feed