moar slides
Thomas Lindner
parent
26a3cf7abc
commit
1f77793991
101
presentation.md
101
presentation.md
|
|
@ -14,9 +14,9 @@ date:
|
|||
::: columns
|
||||
|
||||
:::: column
|
||||
- x von NetBSD geforked
|
||||
- 1995 von NetBSD geforked
|
||||
- Halb-jährliche Releases
|
||||
- Security-Fokus
|
||||
- Entwickelnde&Security-Fokus
|
||||
- Heimat von OpenSSH, tmux, LibreSSL, ...
|
||||
::::
|
||||
|
||||
|
|
@ -30,13 +30,24 @@ date:
|
|||
demo?
|
||||
|
||||
# ports vs base
|
||||
- Base-System ist vollständiges Betriebssystem (nicht nur Kernel)
|
||||
- Hackbar: ein Source-Tree, ein Build-System ([`man release`](https://man.openbsd.org/release))
|
||||
- `release` / `-current` / `-stable`
|
||||
- `sysupgrade` / `syspatch`
|
||||
|
||||
# Upgrades / Updates
|
||||
. . .
|
||||
|
||||
- Dritt-Software aus Ports-Tree
|
||||
- Vorgebaute Binärpakete (Bauen aus dem Tree erzeugt auch Pakete)
|
||||
- `pkg_add` / `pkg_delete` / `pkg_info` / ...
|
||||
|
||||
# Startup
|
||||
- Kernel startet `init`
|
||||
- `init` führt `/etc/rc` aus (ein Shell-Script)
|
||||
- Konfiguration in `/etc/rc.conf.local`
|
||||
|
||||
. . .
|
||||
|
||||
```
|
||||
apmd_flags=-A
|
||||
httpd_flags=
|
||||
|
|
@ -53,6 +64,7 @@ xenodm_flags=
|
|||
rcctl set transmission_daemon rtable 1
|
||||
rcctl enable transmission_daemon
|
||||
rcctl start transmission_daemon
|
||||
...
|
||||
```
|
||||
|
||||
# rc.d
|
||||
|
|
@ -89,14 +101,17 @@ join 36C3 wpaakms 802.1x
|
|||
inet autoconf
|
||||
inet6 autoconf
|
||||
```
|
||||
- Kann bei Änderungen mit `sh /etc/netstart iwm0` wieder angewendet werden
|
||||
- `inet/inet6 autoconf` markiert das Interface für DHCP bzw. IPv6-Autokonfiguration
|
||||
|
||||
. . .
|
||||
|
||||
- Kann bei Änderungen mit `sh /etc/netstart iwm0` angewendet werden
|
||||
|
||||
# WireGuard mit `ifconfig`
|
||||
- WireGuard kann komplett mit ifconfig konfiguriert werden
|
||||
```
|
||||
ifconfig wg0 create
|
||||
ifconfig wg0 wgkey aGllciBrb21tdCBkZXIgcHJpdmF0ZSBrZXkgaGluLgo=
|
||||
ifconfig wg0 \
|
||||
wgkey aGllciBrb21tdCBkZXIgcHJpdmF0ZSBrZXkgaGluLgo=
|
||||
ifconfig wg0 \
|
||||
wgpeer HQHCrq4J6bSpdW1fI5hR/bvcrYa6HgGgwaa5ZY749ik= \
|
||||
wgendpoint 185.213.155.73 51820 \
|
||||
|
|
@ -105,8 +120,16 @@ ifconfig wg0 destroy
|
|||
```
|
||||
|
||||
# Routing Domains
|
||||
- Host kann mehre unabhängige Routing-Tabellen haben (Routing Domains)
|
||||
- Interfaces
|
||||
- Host kann mehre unabhängige Routingtabellen haben (Routing Domains)
|
||||
- Interfaces gehören zu einer Routing Domain (default 0)
|
||||
```
|
||||
ifconfig wg0 rdomain 1
|
||||
```
|
||||
- Programme laufen in einer Routing Domain und nutzen die zugehörige Routingtabelle und Interfaces für Netzwerkverbindungen
|
||||
```
|
||||
rcctl set transmission_daemon rtable 1
|
||||
route -T 1 exec curl ifconfig.co
|
||||
```
|
||||
|
||||
# Routing Domains - `/etc/hostname.lo1`
|
||||
```
|
||||
|
|
@ -129,12 +152,37 @@ inet6 fc00:bbbb:bbbb:bb01::1:693/128
|
|||
```
|
||||
|
||||
# pf
|
||||
- Stateful
|
||||
- Letztes `pass`/`block` das matched gilt
|
||||
|
||||
# smtpd
|
||||
. . .
|
||||
|
||||
```
|
||||
block return # block stateless traffic
|
||||
pass out # establish keep-state
|
||||
```
|
||||
|
||||
. . .
|
||||
|
||||
```
|
||||
# transmission web ui
|
||||
pass in on rdomain 0 proto tcp to {127.0.0.1,::1} \
|
||||
port 9091 rtable 1
|
||||
```
|
||||
|
||||
. . .
|
||||
|
||||
```
|
||||
# Port build user does not need network
|
||||
block return out log proto {tcp udp} user _pbuild
|
||||
```
|
||||
|
||||
# OpenSMTPD
|
||||
::: columns
|
||||
|
||||
:::: column
|
||||
bla
|
||||
- Seit OpenBSD 4.6
|
||||
- "E-Mail für Menschen"
|
||||
::::
|
||||
|
||||
:::: column
|
||||
|
|
@ -144,7 +192,7 @@ bla
|
|||
:::
|
||||
|
||||
|
||||
# smtpd - `/etc/mail/smtpd.conf`
|
||||
# OpenSMTPD - `/etc/mail/smtpd.conf`
|
||||
```
|
||||
table aliases file:/etc/mail/aliases
|
||||
|
||||
|
|
@ -158,7 +206,7 @@ match from local for local action "local_mail"
|
|||
match from local for any action "outbound"
|
||||
```
|
||||
|
||||
# smtpd - `/etc/mail/smtpd.conf`
|
||||
# OpenSMTPD - `/etc/mail/smtpd.conf`
|
||||
```
|
||||
table aliases file:/etc/mail/aliases
|
||||
|
||||
|
|
@ -173,19 +221,22 @@ match from local for local action "local_mail"
|
|||
match from local for any action "outbound"
|
||||
```
|
||||
|
||||
# smtpd
|
||||
# OpenSMTPD
|
||||
Empfangen werden benötigt bissl mehr Arbeit ... (Reverse DNS, SPF/DKIM, DMARC)
|
||||
|
||||
Mehr Infos:
|
||||
|
||||
- `man smtpd.conf`
|
||||
- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/)
|
||||
- c3 talk
|
||||
- [Chehade, Gilles (2019). *Setting up a mail server with OpenSMTPD, Dovecot and Rspamd*](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/)
|
||||
|
||||
# httpd
|
||||
geschichte
|
||||
- Früher erst Apache in base, dann nginx
|
||||
- Maintainance-Aufwand (Patchsets für Priviledge Separation)
|
||||
- Zu viele Features (mehr Code -> mehr Bugs)
|
||||
|
||||
# httpd - `/etc/httpd.conf`
|
||||
. . .
|
||||
|
||||
- Seit OpenBSD 5.6 eigener `httpd`
|
||||
```
|
||||
server "example.com" {
|
||||
listen on * port 80
|
||||
|
|
@ -243,14 +294,18 @@ server "example.com" {
|
|||
```
|
||||
|
||||
# Andere Features
|
||||
- vmd
|
||||
- unwind
|
||||
- resolvd
|
||||
- OpenBGPD
|
||||
- doas
|
||||
- unwind / resolvd
|
||||
- spamd
|
||||
- OpenBGPD / OpenOSPFD
|
||||
- ...
|
||||
|
||||
# Downsides
|
||||
- Altes filesystem
|
||||
- "Altes" filesystem
|
||||
- Kein Wayland (yet)
|
||||
|
||||
# Q & A
|
||||
Fragen?
|
||||
Noch Fragen?
|
||||
|
||||
# Secret Bonus-Slide
|
||||
|
||||
|
|
|
|||
BIN
presentation.pdf
BIN
presentation.pdf
Binary file not shown.
Binary file not shown.
|
After Width: | Height: | Size: 161 KiB |
Loading…
Reference in New Issue