Vim & Vision

You searched for articles tagged with NetBSD.

[ #215 ] fail2ban on NetBSD for ssh Permalink

NetBSD, SSH Added less than a year ago

Check out fail2ban - it's a great way of securing your system using firewall rules (to block offending IPs) when hack attempts like numerous failed ssh logins occur.

To set it up on NetBSD, install it from source - it's Python so you can just:

$ sudo python setup.py install

Then add an rc script:

#!/bin/sh
#
# PROVIDE: fail2ban
# REQUIRE: NETWORKING syslogd

. /etc/rc.subr

name="fail2ban"
rcvar=$name
command="/usr/pkg/bin/fail2ban-client"
pidfile="/var/run/${name}/${name}.pid"
extra_commands="reload"

fail2ban_start()
{
    if [ -n "${the_fail2ban_pid}" ]; then
        echo "${command} already running as pid ${the_fail2ban_pid}."
        return 1
    fi
    echo "Starting ${name}"
    ${command} start
}

fail2ban_stop()
{
    if [ -z "${the_fail2ban_pid}" ]; then
        echo "${command} not running? (check ${pidfile})."
        return 1
    fi
    echo "Stopping ${name}"
    ${command} stop
}

fail2ban_status()
{
    if [ -z "${the_fail2ban_pid}" ]; then
        echo "${command} is not running? (check ${pidfile})."
    else
        echo "${command} is running as pid ${the_fail2ban_pid}."
    fi
}

fail2ban_reload()
{
    if [ -z "${the_fail2ban_pid}" ]; then
        echo "${command} not running? (check ${pidfile})."
        return 1
    fi
    echo "Reloading fail2ban"
    ${command} reload
}

start_cmd="fail2ban_start"
stop_cmd="fail2ban_stop"
status_cmd="fail2ban_status"
reload_cmd="fail2ban_reload"
the_fail2ban_pid=`check_pidfile ${pidfile} /usr/pkg/bin/python`

load_rc_config $name
run_rc_command "$1"

(don't forget to add fail2ban=YES to your /etc/rc.conf)

And setup your jail.conf with a section like this:

[ssh-ipfilter]

enabled  = true
filter   = sshd
action   = sendmail-whois[name=SSH, dest=youremail@email.com, sender=fail2ban@yourbox]
           ipfilter[name=SSH, port=ssh, protocol=tcp]
logpath  = /var/log/authlog
maxretry = 5

(Read the fail2ban docs or the message after installation to determine where your jail.conf and other conf files are. Mine are in /etc/fail2ban/)

Then start it up like this:

$ sudo /etc/rc.d/fail2ban start

Check out all the other actions and filters too... fail2ban is not just for blocking failed ssh authentications!

I get an email whenever fail2ban is started or stopped - and also whenever it blocks a possible attacking IP. It works great!

[ #214 ] NetBSD - Using sup Permalink

NetBSD Added less than a year ago

If you want to use sup and you get an error like this:

SUP: Can't find my host entry '(null)'

You need to:

$ hostname yourbox
$ domainname yourdomain
Ensure you have a 127.0.0.1 yourbox yourbox.yourdomain line in your /etc/hosts file

[ #170 ] NetBSD 5.0.1 on Mac Mini G4 (PPC) Permalink

NetBSD, OSX Added less than a year ago and last edited less than a year ago

Here are my notes from installation. I used these resources: NetBSD on a Mac Mini, Notes from installing on a G4 Mac Mini and the INSTALL.html from the ISO.

I will clean these up shortly (hopefully.)

Use the OSX CD to boot the OSX installation program on your Mac Mini hold down C while booting)
Use Disk Utility to create two partitions: HFS named Boot; UFS named BSD
quit Disk Utility
On other computer, copy ofwboot.xcf and netbsd kernels (netbsd-GENERIC.gz) to USB stick
Insert USB stick in Mac Mini
Open Terminal
In shell:
1. cp ofwboot.xcf and netbsd kernels to /Volumes/Boot
Quit Terminal
Reboot Mac Mini
Start up to openfirmware
Eject OSX CD
Insert NetBSD installation CD in Mac Mini
In Open Firmware:
1. boot cd:,ofwboot.xcf netbsd.macppc
Start in shell (not install)
In shell:
1. pdisk /dev/wd0c
  1. leave apple partition map
  2. leave hfs 'boot'
  3. delete ufs 'netbsd'
  4. create new partition as / type (a)
  5. create new partition as swap type (b)
  6. write, exit
In shell:
1. newfs /dev/rwd0a (yes, note the r)
2. mount /dev/wd0a /mnt
3. cd /mnt/
4. mkdir etc
5. cat > etc/fstab
  - /dev/wd0a / ffs rw 1 1
  - /dev/wd0b none swap sw 0 0
  - ^D
6. cd /
7. umount /mnt
8. sysinstall
Select 're-install sets...' from sysinstall menu
Reboot Mac Mini
In Open Firmware:
1. boot hd:,ofwboot.xcf netbsd-GENERIC.gz
In shell: passwd adduser -m you passwd you
Reboot
In Open Firmware:
1. setenv auto-boot? false
2. setenv boot-device hd:,ofwboot.xcf
3. setenv boot-file netbsd-GENERIC.gz
4. reset-all
Now when you start your mac mini you will always go to openfirmware - just type 'boot' to start

[ #117 ] Build nginx from Source on NetBSD 5.0 Permalink

nginx, NetBSD Added a year and a bit ago and last edited about two months ago

Here's my configure line:

./configure --prefix=/usr/local/nginx --with-pcre=/full/path/to/pcre/src --with-http_ssl_module

[ #107 ] pkgsrc on OS X Permalink

OSX, Shell, NetBSD Added a year and a bit ago

I've tried fink and macports but found both of them very broken at some stages. They have quite recent ports in them though which is good... but not good enough when you look at how frequently they fell over.

It turns out the NetBSD port tree (pkgsrc) can be used on Mac OS X!

This page describes the process you need to install it.

Very nice!

[ #69 ] Forwarding X Permalink

X, NetBSD, OSX Added a year and a bit ago and last edited a year and a bit ago

My host is Mac OS X, and my guest is a NetBSD VM running on the host. This will show you how I forward X apps from guest to the host.

Ensure host has X11

On Mac OS X you can install X11 from the OS install disk that came with your computer.

Start X11 on host

On Mac OS X, start /Applications/X11.app

Get display list on host

In the xterm that was opened up on Mac:

host$ xauth list
YourBox.local/unix:0  MIT-MAGIC-COOKIE-1  dfa82d25b775957b7571f76727e51f3c
10.1.1.2:0  MIT-MAGIC-COOKIE-1  dfa82d25b775957b7571f76727e51f3c

We are interested in the one that does not have "unix" in it, i.e. the second line. Copy this line, we will be using it below. (The above is an example, yours will look different.)

Ensure guest has X11Forwarding enabled

guest$ grep X11Forwarding /etc/ssh/sshd_config 
X11Forwarding yes

... change if it's not enabled, and remember to restart sshd.

SSH to guest

host$ ssh -X guest

... the X flag enables X11Forwarding over this ssh connection.

Export display

guest$ export DISPLAY=10.1.1.2:0  # use the IP:Number combination that you got from xauth list
guest$ xauth add 10.1.1.2:0  MIT-MAGIC-COOKIE-1  dfa82d25b775957b7571f76727e51f3c

Run an X App

guest$ xlogo

... and watch it appear on your host.

[ #63 ] NetBSD mDNS Permalink

NetBSD Added a year and a bit ago and last edited a year and a bit ago

To setup mdns on NetBSD you need to:

Install

... the package net/mDNSResponder-nss (which also installs net/mDNSResponder)

Start

... the daemon, mdnsd

Edit

... the /etc/nsswitch.conf file - just put the text mdns on the hosts line, between files and dns

Setup

... an rc script /etc/rc.d/mdnsd - or (naughty, naughty!) just add a line to /etc/rc.local that starts the mdnsd daemon.

[ #61 ] NetBSD VM Permalink

NetBSD, OSX, X Added a year and a bit ago

... and the new NetBSD VM is working. pkgsrc is the packages system for NetBSD. If you are looking for mod_perl it is in www/ap2-perl. pkgsrc has a cool feature with sysutils/open-vm-tools being their port of VMWare tools. So you can just:

# cd /usr/pkgsrc/sysutils/open-vm-tools
# make && make install

... instead of installing the VMWare tools normally by mounting the fake CD image. NetBSD isn't officially supported by VMWare anyway, though they reckon the normal tools will work if you pretend it is a FreeBSD system and have FreeBSD emulation on.

Here is an XF86Config that I stole from somewhere (see the comments section, thanks guy.) It works great for the MacBook:

# xorg.conf to get OpenBSD 4.4-beta (2008/07/11 18:54 snapshot) to display the
# screen at 1280x800 resolution on VMware Fusion 1.1.3 on a late 2007 MacBook
# running Mac OS X 10.5.4
#
# Modified from http://blog.durables.org/wp-content/uploads/2007/03/xorgconf.txt
# Context: http://blog.durables.org/2007/03/02/vmware-fusion-beta-2-is-out/
#
# MacBook refresh rates and 1280x800 modeline from:
# http://rubenerdshow.com/blog/x11-freebsd-parallels/

Section "ServerLayout"
    Identifier     "Default Layout"
    Screen      0  "Screen0" 0 0
    InputDevice    "Keyboard0" "CoreKeyboard"
EndSection

Section "InputDevice"
    Identifier  "Keyboard0"
    Driver      "kbd"
    Option      "XkbModel" "pc105"
    Option      "XkbLayout" "us"
EndSection

Section "Monitor"
    Identifier "vmware"
    VendorName "VMWare, Inc"
    ModelName "Monitor"
    HorizSync 31.5 - 100.0
    VertRefresh 59.0 - 75.0
    Modeline "1280x800" 83.46 1280 1344 1480 1680 800 801 804 828
EndSection

Section "Device"
    Identifier  "Videocard0"
    Driver      "vmware"
EndSection

Section "Screen"
    Identifier "Screen0"
    Device     "Videocard0"
    Monitor    "vmware"
    DefaultDepth     24
    SubSection "Display"
        Viewport   0 0
        Depth     24
        Modes "1280x800"
    EndSubSection
EndSection

(Nothing Older) ... (Nothing Newer)

Colophon

Django Python 960.gs Git Vim NetBSD Nginx

The Author

This is the blog of Brad Willis, a software engineer living in Brisbane.

Links

ChoppingBoard, DaveMisc, Project365, RageQuit