-
Notifications
You must be signed in to change notification settings - Fork 0
/
tag-openbsd.html
221 lines (209 loc) · 11.8 KB
/
tag-openbsd.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="alternate"
type="application/rss+xml"
href="https://www.birkey.co/rss.xml"
title="RSS feed for https://www.birkey.co/">
<title>BirkeyCo</title>
<link href="static/style.css" rel="stylesheet" type="text/css" />
<link rel="apple-touch-icon" sizes="180x180" href="static/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="static/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="static/favicon-16x16.png">
<link rel="manifest" href="/site.webmanifest">
<link rel="mask-icon" href="static/safari-pinned-tab.svg" color="#5bbad5">
<link rel="alternate" type="application/rss+xml" title="RSS Feed for birkey.co" href="/rss.xml">
<meta name="author" content="Kasim Tuman">
<meta name="referrer" content="no-referrer">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="theme-color" content="#ffffff">
<meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8">
<meta name="viewport" content="initial-scale=1,width=device-width,minimum-scale=1">
</head>
<body>
<div id="preamble" class="status"><br><center>
<div style="display: inline-block; vertical-align:middle;">
<a href="https://www.birkey.co/index.html" style="text-decoration: none;"><b>BIRKEY CONSULTING</b><br>
</a><hr/><div style="text-align: justify;display: inline-block; width: 100%;">
<a class="title" href="https://github.com/oneness">ABOUT</a> <a class="title" href="https://www.birkey.co/rss.xml">RSS</a> <a class="title" href="https://www.birkey.co/archive.html">ARCHIVE</a></div></div>
</center><br><br>
<div style="margin-bottom: 3ch;text-transform: none;"></div></div>
<div id="content">
<h1 class="title">Posts tagged "OpenBSD":</h1>
<div class="post-date">05 Feb 2022</div><h1 class="post-title"><a href="https://www.birkey.co/2022-02-05-automate-openbsd-anonymous-public-wifi-login.html">Automate OpenBSD anonymous public wifi log in</a></h1>
<p>
Security is somewhat cat and mouse game. This does not mean however
you be careless or just live with what you are handed to when it comes
to protecting yourself from ill-intentioned actors out in the
wild. Generally, I recommend choosing security over convenience, speed
or shiny features for your offline and online computing needs. To
start with, you are much better protected if you start using secure
defaults of the system you are using. For example, Firefox has
<b>HTTPS-Only Mode</b> that you can enable especially if you find yourself
using public wifi. If you happen to use OpenBSD, you are in a treat
:). Below bash script will allow you to log in to public wifi using
random MAC addresses each time you connect to it: <b>NOTE:</b> iwm0 is the
wireless card name on my laptop and you need to replace it with yours.
</p>
<div class="org-src-container">
<pre class="src src-shell">#!/usr/bin/env bash
ssid="$1"
pass="$2"
doas ifconfig iwm0 up
sleep 3
echo Wireless card is up
if [[ -z "$pass" ]]; then
doas ifconfig iwm0 nwid "$ssid" lladdr random
echo Joining public $ssid
else
doas ifconfig iwm0 nwid "$ssid" wpakey "$pass"
echo Joining private $ssid
fi
sleep 3
doas dhcpleasectl iwm0
echo Renewing inet address
sleep 3
echo Visiting google.com to test connection
proxy=$(curl -s -L -I -o /dev/null -w '%{url_effective}' google.com)
firefox $proxy
</pre>
</div>
<div class="taglist"><a href="https://www.birkey.co/tags.html">Tags</a>: <a href="https://www.birkey.co/tag-openbsd.html">openbsd</a> <a href="https://www.birkey.co/tag-security.html">security</a> </div>
<div class="post-date">29 Jan 2022</div><h1 class="post-title"><a href="https://www.birkey.co/2022-01-29-openbsd-7-xfce-desktop.html">OpenBSD 7 Xfce Desktop</a></h1>
<p>
I blogged previously about why one should use OpenBSD and this time I
would like to document steps to have a fully working Xfce Desktop with
default installation. My goal is to keep the changes minimal only to
absolutely required steps, nothing more nothing less. If you find
steps missing (or did not work as expected) or not necessary, please
drop me a line via k tuman at acm dot org so I can address and update
this blog if needed.
</p>
<ol class="org-ol">
<li><p>
Download the img and make USB boot disk:
</p>
<div class="org-src-container">
<pre class="src src-shell">curl -O https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.img
sudo dd if=~/Downloads/install70.img of=/path/to/usb
</pre>
</div></li>
<li>Boot from USB disk. Press <b>I</b> and hit enter when you see the
`Welcome to the OpenBSD/amd64 7.0 installation program.` and follow
the prompt. It is pretty straightforward. Once it is done, just
reboot, which will automatically downloads and installs needed
firmwares for your laptop.
--<b>NOTE:</b>– You can select whole disk and auto layout if you are not
sure. Using wired connection for network interface is highly recommended.</li>
<li><p>
Once you login, switch to root account, add needed packages and
needed configs like this:
</p>
<div class="org-src-container">
<pre class="src src-shell">su ## prompts for root password
pkg_add xfce xfce-extras ## install xfce desktop
sed -i 's/xconsole/#xconsole/' /etc/X11/xenodm/Xsetup_0 # no xconcole
usermod -G operator <user name> # so you can use xfce to log out, reboot etc
usermod -G wheel <user name> # so you can use doas
echo "permit persist :wheel" >> /etc/doas.conf # doas = sudo
rcctl enable messagebus ## enable dbus
rcctl start messagebus ## start dbus
rcctl enable apmd ## enable power daemon
rcctl start apmd ## start power daemon
exit # switch to your user account
echo "exec startxfce4" > ~/.xsession ## auto launchs xfce4 desktop
doas reboot ## restart to have a xfce default desktop
</pre>
</div></li>
</ol>
<p>
<b>Bonus Tips and Tricks</b>
</p>
<ul class="org-ul">
<li><p>
Your wifi most likely will just work. In case if you get unlucky,
here is how you can get it working:
</p>
<div class="org-src-container">
<pre class="src src-shell">doas ifconfig # lists all supported interfaces
doas fw_update # to install missing driver for your card
dmesg | grep pci | grep <wifi card model> # report if not supported
doas ifconfig # again to check if your card listed
doas ifconfig join <Wifi name> wpakey <password> # to join your wifi
# Run following 2 lines if you want to auto join your wifi:
doas echo "join wifiname wpakey password" >> /etc/hostname.<wificardname>
doas echo "dhcp" >> /etc/hostname.<wificardname>
doas sh /etc/netstart # to restart the network
ping openbsd.org # to test your network
</pre>
</div></li>
<li><p>
While default Xfce4 desktop is fully functional out of the box, I
recommend following packages:
</p>
<div class="org-src-container">
<pre class="src src-shell">doas pkg_add xfce4-power-manager xfce4-whiskermenu
ln -s -f yourloginpics ~/.face # profile in whiskermenu and in lock screen
</pre>
</div>
<p>
Add them to the panel and tweak them to your liking. One setting I
highly recommend enabling following in `Window Manager Tweaks`:
</p>
<ul class="org-ul">
<li>[✓] <b>Hide title of windows when maximized</b></li>
</ul></li>
</ul>
<div class="taglist"><a href="https://www.birkey.co/tags.html">Tags</a>: <a href="https://www.birkey.co/tag-openbsd.html">openbsd</a> </div>
<div class="post-date">15 Feb 2020</div><h1 class="post-title"><a href="https://www.birkey.co/2020-02-15-openbsd-laptop-for-the-paranoid.html">OpenBSD laptop for the paranoid</a></h1>
<p>
<b>Disclaimer</b>: This is not a post about UNIX variants flame war. It is not my intention to recruit OpenBSD converts either as no one has influenced me to switch to it after 10 years of distro hopping. The main reasons I am using OpenBSD as my daily driver on both of my laptops (Thinkpad X220 and XPS 13 9365) are: <b>Security</b>, <b>Stability</b>, and <b>Frugality</b>.
</p>
<div id="outline-container-orge7546b5" class="outline-2">
<h2 id="orge7546b5">Security</h2>
<div class="outline-text-2" id="text-orge7546b5">
<p>
I am software generalist who knows enough about system (OS,Network and Application) security to be paranoid not just about online systems, which is far from enough to keep ourselves secure, but also on-prem system such as Operating Systems we all rely on for keeping us safe. While Linux could be made as secure as OpenBSD after much tinkering and tweaking, OpenBSD is more secure by default installation. Following quote from <a href="https://www.openbsd.org/">https://www.openbsd.org/</a> is very telling:
</p>
<blockquote>
<p>
Only two remote holes in the default install, in a heck of a long time!
</p>
</blockquote>
<p>
That quote is for what OpenBSD team calls base file set that includes the kernel and base system. Security is the utmost priority for packages being included in the port tree as well. For example, Chromium comes with `–enable-unveil` support, which means that it can only access `~/Downloads` folder to mitigate the attack surface if your browser ever gets hijacked.
</p>
</div>
</div>
<div id="outline-container-org83844ce" class="outline-2">
<h2 id="org83844ce">Stability</h2>
<div class="outline-text-2" id="text-org83844ce">
<p>
OpenBSD favors stability over new features. Once installed and configured to your liking, it just stays out of your way allowing you focus on your task at hand. You will not see nagging notifications demanding you to click on installing updates. You can just setup a cron to run `syspatch` to bring in security fixes whenever and however you like. Releases are scheduled for every 6 months in a predictable way so you are in control to plan it ahead. I am running 6.6 release and following errata proves my point: <a href="https://www.openbsd.org/errata66.html">https://www.openbsd.org/errata66.html</a>
</p>
</div>
</div>
<div id="outline-container-org12eac79" class="outline-2">
<h2 id="org12eac79">Frugality</h2>
<div class="outline-text-2" id="text-org12eac79">
<p>
Wikipedia has the best definition for this and I believe it genuinely applies to the Philosophy of OpenBSD project. `Less is more` is a pretty well known Unix tradition and the command `less` (which is a replacement of early UNIX command `more`) is seen in every UNIX variants. OpenBSD is not the most user friendly Unix out there not even among BSD flavors. It is targeted towards security and resource savvy power users who wants have control over every piece of software running on their system. Every line of code is audited for frugality and not needed code is removed. Development is not driven by any cooperate or financial interest as apposed to the Operating System development from big Corporations such as Microsoft, Apple and Google. You can use your old hardware as long as it meets your needs and will not find yourself at the mercy of them nagging you upgrade your hardware let alone your system so often.
</p>
<p>
All in all, it gives you a piece of mind compared to any OS out there when it comes to knowing you are safe by default. If you would like to know more about why OpenBSD, you can visit this site for technical details:
<a href="https://why-openbsd.rocks/fact/">https://why-openbsd.rocks/fact/</a>
</p>
<p>
I am currently running OpenBSD 6.6 on Thinkpad X220 (everything work out of the box) and Dell XPS 13 2 in 1 9365 (all works except for suspend - same as some leading Linux distros). The installation process is not that complicated (mostly you just except the default prompt by hitting enter) but does need some config to make it to your liking. I might blog about the installation process and list my configs for `X` and `cwm` in the future.
</p>
</div>
</div>
<div class="taglist"><a href="https://www.birkey.co/tags.html">Tags</a>: <a href="https://www.birkey.co/tag-openbsd.html">OpenBSD</a> </div><div id="archive">
<a href="https://www.birkey.co/archive.html">Other posts</a>
</div>
</div>
<div id="postamble" class="status"><br><center>
<div style="display: inline-block; vertical-align:middle;"></div></div>
</body>
</html>