Tubsta – Tech and other stuff

Creating a Chroot in OpenBSD

Foreword

This article describing the practical use of chroot on OpenBSD was originally written by Karsten Pedersen on 20 July 2014 and was located here until the IBM developerWorks connections platform was sunset at 2 January 2020. It has been kept in its entirety to help others that may have stumbled on an old Google search result.

Introduction

Chroots have many uses in UNIX-like operating systems and the chroot(8) command is not unique to OpenBSD. They are often used for security reasons in order to run a potentially vulnerable service in its own environment so that if it becomes compromised and an attacker manages to escalate their privileges to that of the compromised service, they are still constrained to the chroot that the service has been run in.

Camera SD card under OpenBSD

As file sizes increasingly become bigger in cameras such as Go Pro and Canon EOS D, the FAT file system has become unfit for purpose. As such, instead of looking to an open source file system (probably due to no support in the Windows or Mac platforms), these camera manufacturers have just done a bump to a more recent version of a Microsoft proprietary file system, exFAT. Continue reading “Camera SD card under OpenBSD”

OpenBSD and SNMPd

OpenBSD comes with a SNMP v2c and v3 daemon in base. Simplistic and privileged separated, this SNMP service is easy to configure and secure – putting Simple, backing into Simple Network Management Protocol (SNMP).

Recently, I have needed to flick on snmpd(8) to provide data to the Cacti logging service. The default configuration in /etc/examples/snmpd.conf will get most people going while only letting the daemon listen on the localhost interface, keeping your SNMP service reasonably secure. Continue reading “OpenBSD and SNMPd”

Reliable Bare Metal Server using TrueOS/FreeBSD

I currently have a project need for a simple FreeBSD base install that is hooked up to a NAS/SAN back end. Coming from a Solaris background, most SPARC machines (like the V220/V420) came rack mountable and space for 2 primary hard drives simply for the OS. You would spin up your OS install, install Solstice DiskSuite (Solaris Volume Manager), apply your secret sauce of configuration and you were away. One disk could fail and you could either hot swap replace and resilver or power down, boot off the disk that was functioning and then resilver to bring the new disk online (yes, I know there are more steps than this but that is out of scope for this article).

I wanted a similar, modern day solution like this, using commodity hardware and a free, open source and liberally licensed operating system.

While FreeBSD 10.x has a stable, binary update method for maintaining production machines, this doesn’t allow you to follow –HEAD to get the latest technology for the project that you are working on. The reason that I use OpenBSD so much in production, apart from the security aspect, is that you don’t have to wait long for new technology to appear in –release. This is why I think FreeBSD –HEAD is more suitable for my needs. Continue reading “Reliable Bare Metal Server using TrueOS/FreeBSD”

Swiffy plugin for WordPress

I have just moved a WordPress instance from a standard cPanel installation, into a custom OpenBSD host. Everything ran smoothly from a data point of view but when I went to test the installation I got a 500 error. Turning on php error logging gave me the information I needed to start debugging the issue. Continue reading “Swiffy plugin for WordPress”

OpenBSD 5.7 Released

The start of May is the release time for yet another edition of OpenBSD and 2015 brings the release of OpenBSD 5.7. This edition brings some excellent hardware support that will improve the users experience with the operating system, a range of installer improvements, removal of Nginx and Sendmail from the base, IPv6 has been further integrated into the kernel and a large range of security improvements. Continue reading “OpenBSD 5.7 Released”

OpenBSD on Digital Ocean

For OpenBSD users, it has been pretty disappointing that Digital Ocean didn’t launch other BSDs with introduction of FreeBSD, even though the technical barrier had been removed to allow it.

Today, I thought I’d try doing an OpenBSD load again (I have tried before without success due to CPU feature issues) and the results were pleasing – you can now enjoy OpenBSD on Digital Ocean. Continue reading “OpenBSD on Digital Ocean”

OpenBSD audio in virtualisation

While some use the documentation correctly and search the mailing lists, sometimes the answers don’t come up correctly due to formatting or google having issues indexing.

As I use OpenBSD more and more as a daily driver (be it still in VMWare Workstation on one machine and Virtual Box on the other), I still don’t have it on raw workstation hardware. I want my audio and video to work but out of the box on the above platforms, but my audio was either sketchy or non-existent. Continue reading “OpenBSD audio in virtualisation”

py-boto and LibreSSL

Having just recently performed an upgrade of OpenBSD 5.6 to OpenBSD 5.7, duplicity (my backup tool), stopped working for no apparent reason.

At first, I thought it had something to do with the 0.6 branch becoming deprecated, but in the end I found out that this was just a warning message. Continue reading “py-boto and LibreSSL”

Boto for Python Issues

Using a few utilities in the past couple of days, I have noticed a few issues with boto either ignoring the AWS variables or not addressing buckets correctly. Continue reading “Boto for Python Issues”