[home] [about] [all pages]

OpenBSD
=======

$ man afterboot
# syspatch
# ln -s /usr/share/zoneinfo/Australia/Brisbane /etc/localtime

# pkg_add -u
# pkg_add mosh git lowdown sfeed goaccess

# cat /etc/ssh/sshd_config
...
PasswordAuthentication no
...

# adduser
# usermod -G wheel rnkn
# cat /etc/doas.conf
permit keepenv :wheel
# chmod 600 /etc/doas.conf


$ cat $HOME/.ssh/authorized_keys
ssh-ed25519 AAAAC3Nz...

$ ftp https://www.geoghegan.ca/pub/pf-badhost/latest/pf-badhost.sh
# useradd -s /sbin/nologin -d /var/empty _pfbadhost
# install -m 755 -o root -g bin pf-badhost.sh /usr/local/bin/pf-badhost
# install -m 640 -o _pfbadhost -g wheel /dev/null /etc/pf-badhost.txt
# install -d -m 755 -o root -g wheel /var/log/pf-badhost
# install -m 640 -o _pfbadhost -g wheel /dev/null /var/log/pf-badhost/pf-badhost.log
# install -m 640 -o _pfbadhost -g wheel /dev/null /var/log/pf-badhost/pf-badhost.log.0.gz

# cat /etc/doas.conf
...
permit root
permit nopass _pfbadhost cmd /sbin/pfctl args -nf /etc/pf.conf
permit nopass _pfbadhost cmd /sbin/pfctl args -t pfbadhost -T replace -f /etc/pf-badhost.txt
...

# cat /etc/pf.conf
...
table <pfbadhost> persist file "/etc/pf-badhost.txt"
block in quick on egress from <pfbadhost>
block out quick on egress to <pfbadhost>
...

# crontab -u _pfbadhost -e
...
~ 0~1 * * *	-s pf-badhost -O openbsd
...

$ doas rcctl enable httpd
$ doas rcctl start httpd