Category
security
-
12.18.08Cron job every 5 minutes$ cat < /var/cron/tabs/pfortuny */5 * * * * /usr/bin/my_task The specified task is run every 5 minutes.
-
11.20.08pf, OpenBSD’s [p]acket [f]ilter (2)We introduced OpenBSD's pf in a previous post. In the present one, we are going to start commenting a full-featured firewall configuration which uses quite a few of pf's functionalities: macros, lists, anchors... As we said then, OpenBSD's FAQ contains the complete and detailed documentation. Here is the complete set [but for those related to authpf] of firewall rules, usually stored at /etc/pf.conf (bear with me for the long quote, but I'd rather comment a complete file than do it in parts). # 0) Start: macros and tables ext_if="rl0" int_if="vr0" ext_services = "{smtp www 222}" in_services = "{ssh smtp domain www}" always_open ...
-
11.02.08pf, OpenBSD’s [p]acket [f]ilter (1)When anyone has asked me in the last two years about installing a firewall at his LAN's border, I have always recommended them OpenBSD's packet filter pf. I discovered OpenBSD a couple of years ago while designing a hall of residence's local network and firewall. I was by then quite tired of Linux's netfilter/iptables and the first time I read about pf, I fell in love with it. We are now more accustomed to this, but when I saw that you could write firewall rules like pass in on $ext_if proto tcp from any port 80 to $ext_if I knew I had found ...
-
10.27.08Encryption the old-fashioned way: ccryptFor encrypting small text files, I use ccrypt, a nifty utility which uses Rijndael-256 (aka AES-256) and just does it work as it is supposed to do. $ ccrypt -e my_file Asks you for a password twice, encrypts my_file (naming the new encrypted file my_file.cpt) and overwrites the old my_file (however, notice that journaling filesystems like ext3 or non-block filesystems might keep some or all the data elsewhere). $ ccrypt -d my_file.cpt Asks for the password and, if correct, decrypts my_file.cpt as my_file (and deletes my_file.cpt). A more useful option for small text files is: $ ccrypt -c my_file.cpt which, after asking for the password, sends the ...
-
10.17.08DHCP, inverted commas and ssh with RSAThere is a server I manage (called alex) which has not a fixed IP. As you know, I have a shell at the best Unix server out there (by the way, it is almost free. The problem is to keep an up-to-date record of the first server's IP address. I do it as follows (and yes, I know timtowtdi). What I did was: Create an RSA public/private key pair at alex: alex $ ssh-keygen -N'' -f 'id_alex' -t rsa which creates the files id_alex and id_alex.pub. Create a cron job for my account at alex which looks like 5,10,15,20,25,30,35,40,45,50,55,0 * * * * /usr/bin/ssh -i ...