Archive for the ‘OpenBSD’ Category.
April 27, 2009, 10:24 am
In this document I will try to explain what it takes to get an encrypted fileserver.
I chose to have a server with one disk where the OS resides and all ‘big disks’ to be mounted into the directory-tree but that’s not something that’s necessary or such. I did not attempt to have the OS itself encrypted, to me it seemed unneedingly complicated and way to much a ‘single-point-of-failure’ solution to what I was looking for. I did however choose for the most secure OS out there (imho), OpenBSD :-)
From this point I assume you have an OpenBSD-box with OpenBSD 3.6 (or newer) and a generic kernel (there’s plenty of excellent literature on www.openbsd.org to help you with that) and have all the services you want installed (ftp/samba/etc.).
Continue reading ‘HOWTO: OpenBSD 3.6 encrypted disk’ »
April 26, 2009, 11:16 am
The kernel is the core of the operating system. It is the binary file that the computer loads first and stores in memory. Because it is stored in memory, the kernel needs to be as small as possible. The kernel usually lives in the root directory (‘/’) and by default is called ‘bsd’.
Users who want their OpenBSD machine to perform specific functions or need additional device drivers might want to customize their kernel. In other OS’s, like some types of Linux, it is very popular to rebuild the kernel because the default is so bloated. For most users, the default OpenBSD kernel is sufficient; however, you should still apply kernel patches, which will require rebuilding and installing a fresh kernel.
You will need the system source code and patches. I will assume both of these have been installed.
Continue reading ‘Rebuilding the OpenBSD kernel’ »
April 25, 2009, 7:00 pm
OpenBSD has a claim of being the most secure Operating System out-of-the-box. The problem is the installation is not very intuitive. Here I will be guiding you through a standard installation of OpenBSD 3.5 and this guide assumes you have a basic i386 PC to work with and will be using your entire disk for OpenBSD. Nothing fancy or unordinary. For this guide, I used a 3.0 gig harddrive.
Continue reading ‘Basic Installation of OpenBSD’ »
April 25, 2009, 5:56 pm
Often times we SSH into our BSD boxes and then have to leave our stations for a little bit. If we don’t do anything special with our open terminal, that poses a serious security threat to our boxes. Wouldn’t it be nice if we could just lock the open terminal without having to close the connection? Well, we can with a built-in utility called lock(8). There is also the vlock port, which is another way we can lock our shell.
Continue reading ‘Locking Your Shell In OpenBSD’ »
September 1, 2008, 10:26 am
If you did not buy your copy of OpenBSD then you won’t have any packages available locally in order to install the bash shell. The below example will show how to obtain the BASH package remotely.
- Step 1 – Adding the BASH shell remotely
- Step 2 – Setting BASH as your login shell
1. Add the i386 package for the BASH shell:
# pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/4.3/packages/i386/bash-3.2.33.tgz
2. Setting BASH as your login shell:
# chsh -s bash
September 1, 2008, 10:23 am
By default OpenBSD 4.3 will encrypt the swap partition. To turn this on for OpenBSD versions 3.7 and below:
- Step 1 – Enable this feature without a reboot
- Step 2 – Edit the sysctl config file, so that after a reboot the swap partition will be encrypted
1. Change the kernel state variable:
# sysctl -w vm.swapencrypt.enable=1
2. Edit /etc/sysctl.conf from:
#vm.swapencrypt.enable=1
to:
vm.swapencrypt.enable=1
August 31, 2008, 9:27 pm
This article goes through the steps of an OpenBSD 4.3 installation. The installer is a text-based interface and, in most cases, is quick and easy to complete.
Continue reading ‘Quickly installing OpenBSD’ »
