OpenBSD or CentOS 5 for VPN (Not A HOW TO)

Still no activity from me to do something better, just trying my vpn working. Tweak here, tweak there nothing much change. Still getting no where. Already tried OpenBSD + OpenVPN, OpenBSD + POPTOP, CENTOS 5 + POPTOp.....


Same results from those trials, well maybe i shouldn't be here anyway. Please, if someone wants to teach me about vpn ( OpenVPN or POPTOP ) you will be my guest, you are welcome ^^ I just suck at the firewall, all connection already thru the tunnel but it didnt come back to the client. Gosh...

After this succeed I'll post it rite away, k?

Read more!

First Time, Ubuntu 7.10 Gutsy

It's been along time that I never use another OS for my desktop. Well this time I really went for it, I really installed it. After downloaded the iso, I just installed it, and after that my jaw was dropped. Looking the effects that Ubuntu has offer me...


Cool themes, cool effects ...everything so amazed me at the first time. Comparing my previous OS, its so 'square' ^_^ I followed all the Ubuntu instructions, it told me to upgrade the system.

Well then I changed the repo, taken from the local repo, here at Indonesian repo, so it was kinda fast. And sure I was glad, and also I installed my restricted driver for my ATI card.

But, after all the upgrade was done, I rebooted and I found something that really bothered me. I lost all the effects. Cause of the ATI wont let me use it, damn eh.

I tried to work on it, but it kept failed. Maybe next time I will succeed. Coz I aint got time to do that now...

The conclusion is I love it, well Im happy tho.

Read more!

FluxBox 1.0 Came Again

Fluxbox came up again after 1 year, many bug fixes and lots of themes check it all tho ...

• New default style: bloe
• New styles: ostrich zimek_darkblue, zimek_green, zimek_bisque, carp, arch, bora_black, bora_blue, bora_green, green_tea, bloe
• Fixed shape handling, now shaped corners have border
• Allow negative numbers in command "Workspace"
• Added utility fluxbox-remote
• Allows script access to most fluxbox
commands
• Support must be turned on in the init file with session.screen.allowRemoteActions; the syntax is, e.g., fluxbox-remote "CustomMenu ~/.fluxbox/custommenu"
• Added keycommands :AddWorkspace and :RemoveLastWorkspace
• Added some missing Open Office entries and window managers, plus some other minor changes in fluxbox-generate_menu

Updated languages:

• Swedish
• Chinese
• German
• Spanish
• English (US)
• English (UK)
• Russian
• French
• Finnish
• Portuguese

Through the bug fixes we can see updates for compiling with gcc 4.3, fixed resource usage due to Skype 1.4, fix submenu placement with xinerama after moving the menu between heads, fixed some window placement issues and many many more. For a detailed changelog, please visit this page.

What is Fluxbox?

Fluxbox is a window manager for UNIX/Linux and BSD operating systems. It's based on the Blackbox 0.61.1 code. Fluxbox looks like Blackbox and handles styles, colors, window placement and similar things exactly like Blackbox (100% theme/style compatibility).

• Configurable window tabs
• Iconbar (for minimized/iconified windows)
• Wheel scroll changes workspace
• Configurable titlebar (placement of buttons, new buttons etc)
• KDE support
• New native integrated keygrabber (supports emacs like keychains)
• Maximize over slit option
• Partial GNOME support
• Extended Window Manager Hints support
• Slit dockap ordering

Read more!

Install FTP @ OpenBSD

Setting up anonymous FTP Service

So easy working with OpenBSD, you can install OpenBSD without no problem at all. All you have to do just put /usr/bin/false to the /etc/shells.

# echo /usr/bin/false >> /etc/shells



And all set, now all you need is add nu user :

# adduser

Use option ``-silent'' if you don't want to see all warnings and questions.

Reading /etc/shells
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: pnyet
Enter full name []: ftp-user
Enter shell authpf csh false ksh nologin sh [ksh]: false
Uid [1002]:
Login group pnyet [pnyet]:
Login group is ``pnyet''. Invite pnyet into other groups: guest no
[no]: no
Login class _mysql authpf daemon default staff [default]:
Enter password []:
Enter password again []:

Name: pnyet
Password: ****
Fullname: ftp-user
Uid: 1002
Gid: 1002 (pnyet)
Groups: pnyet
Login Class: default
HOME: /home/pnyet
Shell: /usr/bin/false
OK? (y/n) [y]: y
Added user ``pnyet''
Copy files from /etc/skel to /home/pnyet
Add another user? (y/n) [y]: n
Goodbye!

Directory Setup

You do not need to make a /home/ftp/users or /home/ftp/bin directory. Because when you add new user you automatically make new directory.

* /home/ftp - This is the main directory. It should be owned by root and have permissions of 555.
* /home/ftp/etc - This is entirely optional and not recommended, as it only serves to give out information on users which exist on your box. If you want your anonymous ftp directory to appear to have real users attached to your files, you should copy /etc/pwd.db and /etc/group to this directory. This directory should be mode 511, and the two files should be mode 444. These are used to give owner names as opposed to numbers. There are no passwords stored in pwd.db, they are all in spwd.db, so don't copy that over.
* /home/ftp/pub - This is a standard directory to place files in which you wish to share. This directory should also be mode 555.

Start The FTP Service

All you need now is start the ftp service using the inetd or from the rc. If you want the users using their home directories you have to edit a little at the /etc/ftpchroot.

Now its ready transfer files ...

Read more!

Manipulating with pfctl

Stay with your OpenBSD tho, coz its so much fun. This tutorial about working with pf and pfctl. Specially with tables, we can manipulate the table using the pfctl.

Tables can be manipulated on the fly by using pfctl(8). For instance, to add entries to the table created above:

# pfctl -t spammers -T add 218.70.0.0/16


This will also create the table if it doesn't already exist. To list the addresses in a table:

# pfctl -t spammers -T show

The -v argument can also be used with -T show to display statistics for each table entry. To remove addresses from a table:

# pfctl -t spammers -T delete 218.70.0.0/16

For more information on manipulating tables with pfctl, please read the pfctl(8) manpage.

This howto taken from the OpenBSD PF FAQ

Read more!

Why OpenBSD ?

After 7 months I have been using OpenBSD, I never so right about the OS that I chose. This puffy really rocks. From the freedom till the security, Theo and the other developers really pay attention to its community.


Today I read the http://undeadly.org and found that Linux use the Reyk's driver (Atheros wireless driver) and try GPL'd the driver. Last time they attacked OpenBSD developer in public, and I hope that OpenBSD wont do the same thing like Linux Developers did.

And noticed that http://kerneltrap.org/node/14229, Theo is trying to make better OS. As I quoted his words :
"Then along came Reyk, and a few others who helped him, who wrote a
completely free replacement for the non-free atheros driver. But did
the NetBSD and FreeBSD developers choose to participate and help him?

No, in fact they actively work through postings to reduce developer's
desire to work with Reyk. A few years ago there were even core
developers in those projects passing along a meme that Reyk's code was
illegal or immoral in some sense. Shame on them.
",Theo said.

Well, I know Theo dance on them. But, Theo hit the jackpot once again this time. And NetBSD and FreeBSD should think about their community. Not those politic craps. Well cheers for OpenBSD, Theo, OpenBSD Developers and the communities.

I never so right about this. Freedom !!!

Read more!

MRTG With OpenBSD

This tutorial helps you to build your own MRTG server, to capture traffic from your router, switch or other things.
So I'm gonna make quick tutorial, so I'm gonna cut the craps.

Firstly we need to make sure we already have these :

- gd
- mrtg
- net-snmp
- zlib
- libpng

If you already got those, shall we move on. If not you have to install it first, using packages or just download the binary package from their website. You can check them use the pkg_info, for example :

$ pkg_info | grep gd
gd-2.0.34 library for dynamic creation of images


Now we need to configure the snmpd.conf

$ locate snmpd.conf
/etc/snmp/snmpd.conf

# System contact
syscontact technical@mrtg.net
syslocation Jakarta
# sec.name source community (password)
com2sec MRTG 192.168.8.99 COMMUNITY

#
# group.name sec.model sec.name
group RWGroup V1 ROUTER
group ROGroup V1 LocalLan
#
# incl/excl subtree mask
view all included .1 80
view system included system fe
#
# context sec.model sec.level prefix read write notif
access ROGroup "" V1 noauth exact all none none
access RWGroup "" V1 noauth exact all all all
access Others "" V1 noauth exact system none all

For further info you can check it from here http://net-snmp.sourceforge.net/ .
Now we need to activate the snmpd :

#/usr/local/sbin/snmpd -c /etc/snmp/snmpd.conf

If want to snmpd automatically start on boot you need to put it in the /etc/rc.local

#echo "/usr/local/sbin/snmpd -c /etc/snmp/snmpd.conf" >> /etc/rc.local

And after that we need to know is it the snmpd active or not, by doing this :

#/usr/local/bin/snmpwalk -Os -c [community-string] -v 1 [ip-number]

You have to fill the community string and the ip number. After that you can see outputs.

bla-bla-bla ......................
snmpInTotalReqVars.0 = Counter32: 6778
snmpInTotalSetVars.0 = Counter32: 0
snmpInGetRequests.0 = Counter32: 1440
snmpInGetNexts.0 = Counter32: 1742
snmpInSetRequests.0 = Counter32: 0
snmpInGetResponses.0 = Counter32: 0
snmpInTraps.0 = Counter32: 0
snmpOutTooBigs.0 = Counter32: 0
snmpOutNoSuchNames.0 = Counter32: 0
snmpOutBadValues.0 = Counter32: 0
snmpOutGenErrs.0 = Counter32: 0
snmpOutGetRequests.0 = Counter32: 0
snmpOutGetNexts.0 = Counter32: 0
snmpOutSetRequests.0 = Counter32: 0
snmpOutGetResponses.0 = Counter32: 3192
snmpOutTraps.0 = Counter32: 0
snmpEnableAuthenTraps.0 = INTEGER: disabled(2)
snmpSilentDrops.0 = Counter32: 0
snmpProxyDrops.0 = Counter32: 0

Congrats, you just installed your snmp.


As we know apache is jailed (chroot-ed) at the /var/www or you can use the '-u' flag. Then you have to make folder in the /var/www/mrtg. Now I want to capture traffic from my router ( OpenBSD Router ) 192.168.8.2, I had snmp installed there. So I make another folder at the /var/www/mrtg/router/ or just use the router's IP /var/www/mrtg/192.168.8.2.

#cfgmaker --global 'WorkDir: /var/www/mrtg/192.168.8.2/' \
--global 'Options[_]:bits,growright' \
--output /var/www/mrtg/192.168.8.2/192.168.8.2.cfg \
COMMUNITY@192.168.8.2

You can check that 192.168.8.2.cfg already there ( /var/www/mrtg/192.168.8.2 ), now we need to run this. We need to add these lines to the /var/www/mrtg/192.168.8.2/192.168.8.2.cfg

LoadMIBs: /usr/share/snmp/mibs/UCD-SNMP-MIB.txt
RunAsDaemon: Yes

#/usr/local/bin/mrtg /var/www/mrtg/192.168.8.2/192.168.8.2.cfg

You will see so many errors output, that's normal. Now put that line to the crontab.
#crontab -e
*/5 * * * * /usr/local/bin/mrtg /var/www/mrtg/192.168.8.2/192.168.8.2.cfg

And save your work, it will run for every 5 minutes ( man crontab). Now we need an index.html so we can easily access it from the browser. Run this command to make your index

#indexmaker --output=/var/www/mrtg/192.168.8.2/index.html /var/www/mrtg/192.168.8.2/192.168.8.2.cfg

Whamm, now you already have your own index.html at the /var/www/mrtg/192.168.8.2.
Now, all we need to configure the httpd.conf. And you are ready to go.

*PS : You need to install the snmp to the machine you want to capture, it will be the same way.

Read more!