Playing with Sharememory (OpenBSD) Style
kern.shminfo.shmmax=204800000
kern.shminfo.shmall=40960000
FreeBSD Tweak for ZABBIX-1.8
kern.ipc.shmall=40960000
kern.ipc.shmmax=204800000
took me a while to see zabbix running =)
Saturday, December 12, 2009
Monday, October 19, 2009
Ruby 1.8.7 iconv issue
successfully build ruby 1.8.7 on OpenBSD 4.5
./configure && make && make test && sudo make install
Installed RubyGems -
running ruby I got the following error:
WARNING: No database support: LoadError no such file to load -- iconv
After doing some googling i found the following fix:
$ cd ruby-1.8.7-p174/ext/iconv/
$ ruby extconf.rb --prefix=/usr/local --with-iconv-dir=/usr/local
checking for iconv() in iconv.h... no
checking for iconv() in -liconv... yes
checking for const of iconv() 2nd argument... no
creating Makefile
$ make
gcc -I. -I. -I/usr/local/lib/ruby/1.8/i386-openbsd4.5 -I. -I/usr/local/include -fPIC -g -O2 -c iconv.c
gcc -shared -fPIC -o iconv.so iconv.o -L. -L/usr/local/lib -Wl,-R/usr/local/lib -L/usr/local/lib -Wl,-R/usr/local/lib -L. -Wl,-E -liconv -lm -lc
$ sudo make install
/usr/bin/install -c -m 0755 iconv.so /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd4.5
I'm using ruby for metasploit so having the following fix really save me a lot of trouble.
./configure && make && make test && sudo make install
Installed RubyGems -
running ruby I got the following error:
WARNING: No database support: LoadError no such file to load -- iconv
After doing some googling i found the following fix:
$ cd ruby-1.8.7-p174/ext/iconv/
$ ruby extconf.rb --prefix=/usr/local --with-iconv-dir=/usr/local
checking for iconv() in iconv.h... no
checking for iconv() in -liconv... yes
checking for const of iconv() 2nd argument... no
creating Makefile
$ make
gcc -I. -I. -I/usr/local/lib/ruby/1.8/i386-openbsd4.5 -I. -I/usr/local/include -fPIC -g -O2 -c iconv.c
gcc -shared -fPIC -o iconv.so iconv.o -L. -L/usr/local/lib -Wl,-R/usr/local/lib -L/usr/local/lib -Wl,-R/usr/local/lib -L. -Wl,-E -liconv -lm -lc
$ sudo make install
/usr/bin/install -c -m 0755 iconv.so /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd4.5
I'm using ruby for metasploit so having the following fix really save me a lot of trouble.
Saturday, October 10, 2009
OpenVPN on OpenBSD
I'm running OpenBSD 4.5 (Stable) on this setup
1.) download openvpn package through ports-tree or PKG_PATH
2.) cp -R /usr/local/share/example/openvpn/easy-rsa /etc/openvpn
3.) cd /etc/openvpn/easy-rsa/1.0 (freaking 2.0 is broken ./vars goes bonkers)
4.) . ./vars
5.) ./clean-all
6.) ./build-ca <-- this will build ca.crt
7.) ./build-key-server your-server-name <-- this will build server.crt/server.key
8.) ./build-dh
Adding Certificates:
1.) /etc/openvpn/easy-rsa/1.0
2.) . ./vars
3.) build-key your-client-name
Revoking Certificates:
1.) /etc/openvpn/easy-rsa/1.0
2.) . ./vars
3.) ./revoke-full your-client-name
== server ==
server.conf
local IP-TO-LISTEN
port 1194
proto udp
dev tun0
ca ca.crt
cert server-name.crt
key server-name.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0 <-- this is default you can change it
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
max-clients 50
user _openvpn
group _openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 9
mute 10
== client ==
follow the intstructions on
http://www.openvpn.net/index.php/open-source/downloads.html
Mac Users Like me: use "viscosity"
And your done!
NOTE vpn-keys are without a passphrase, you can change them at any time with the openvpn gui (change password)
enjoy... it was a smooth setup just don't get excited with the options.. the lesser the options the better chances of deploying it quickly .. once you have a working vpn server .. then you can play Little Einstein. =)
1.) download openvpn package through ports-tree or PKG_PATH
2.) cp -R /usr/local/share/example/openvpn/easy-rsa /etc/openvpn
3.) cd /etc/openvpn/easy-rsa/1.0 (freaking 2.0 is broken ./vars goes bonkers)
4.) . ./vars
5.) ./clean-all
6.) ./build-ca <-- this will build ca.crt
7.) ./build-key-server your-server-name <-- this will build server.crt/server.key
8.) ./build-dh
Adding Certificates:
1.) /etc/openvpn/easy-rsa/1.0
2.) . ./vars
3.) build-key your-client-name
Revoking Certificates:
1.) /etc/openvpn/easy-rsa/1.0
2.) . ./vars
3.) ./revoke-full your-client-name
== server ==
server.conf
local IP-TO-LISTEN
port 1194
proto udp
dev tun0
ca ca.crt
cert server-name.crt
key server-name.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0 <-- this is default you can change it
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
max-clients 50
user _openvpn
group _openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 9
mute 10
== client ==
follow the intstructions on
http://www.openvpn.net/index.php/open-source/downloads.html
Mac Users Like me: use "viscosity"
And your done!
NOTE vpn-keys are without a passphrase, you can change them at any time with the openvpn gui (change password)
enjoy... it was a smooth setup just don't get excited with the options.. the lesser the options the better chances of deploying it quickly .. once you have a working vpn server .. then you can play Little Einstein. =)
Saturday, October 3, 2009
Engine-X
Building Engine-X (nginx) on OpenBSD 4.5
nginx-0.7.62
./configure \
--prefix=/var/nginx \
--user=_nginx \
--group=_nginx \
--with-rtsig_module \
--with-select_module \
--with-poll_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_perl_module \
--http-log-path=/var/nginx/logs/access.log \
--error-log-path=/var/nginx/logs/error.log \
--http-client-body-temp-path=/var/nginx/client \
--http-proxy-temp-path=/var/nginx/proxy \
--http-fastcgi-temp-path=/var/nginx/fastcgi \
--with-cpp_test_module \
--with-pcre \
--with-md5-asm \
--with-sha1-asm
make
sudo make install
pretty cool huh?
nginx-0.7.62
./configure \
--prefix=/var/nginx \
--user=_nginx \
--group=_nginx \
--with-rtsig_module \
--with-select_module \
--with-poll_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_perl_module \
--http-log-path=/var/nginx/logs/access.log \
--error-log-path=/var/nginx/logs/error.log \
--http-client-body-temp-path=/var/nginx/client \
--http-proxy-temp-path=/var/nginx/proxy \
--http-fastcgi-temp-path=/var/nginx/fastcgi \
--with-cpp_test_module \
--with-pcre \
--with-md5-asm \
--with-sha1-asm
make
sudo make install
pretty cool huh?
Thursday, July 16, 2009
Haklam VS Level 10,000
I always thought that I'm messed up... but it looks like there are more people that are far more messed up than me...
http://www.facebook.com/people/Haklam-Aikiliz/614011748
http://www.facebook.com/people/Marcin-Misztal/774651903
http://www.facebook.com/people/Haklam-Aikiliz/614011748
http://www.facebook.com/people/Marcin-Misztal/774651903
Tuesday, July 14, 2009
Boo Hoo ISA proxy Crap.. Squid can talk with AD
This Post should serve as a reference, for someone who wants to build a proxy server using squid and is tied up with (bureaucracy, politics, Layer's 8 and 9, etc.) to play nice with Active Directory.
NOTE to Readers: I made this in order to serve as a guide, If it doesn't work you can ask out real questions through (squid-users at squid-cache.org). who knows i might see it there. anyways let the fun begin.
OS: OpenBSD 4.5 (Stable on HS20 IBM Blade Center)
Grab a Fresh Copy of the following:
- Squid (squid-3.0.STABLE16.tar.gz) - my favorite Proxy Cache
- Samba (samba-3.3.5.tar.gz) - used to make windows AD like our *nix box
- Berkeley DB (db-4.7.25.tar.gz) - needed by SquidGuard
- SquidGuard (squidGuard-1.4.tar.gz) - my favorite keyword filter
I have the following output on my pkg_info:
autoconf-2.59p3 automatically configure source code on many Un*x platforms
autoconf-2.61p3 automatically configure source code on many Un*x platforms
bison-2.3 GNU parser generator
bzip2-1.0.5 block-sorting file compressor, unencumbered
cyrus-sasl-2.1.22p4 RFC 2222 SASL (Simple Authentication and Security Layer)
gettext-0.17p0 GNU gettext
gmake-3.81p0 GNU make
gnutls-2.6.2 GNU Transport Layer Security library
help2man-1.29p0 GNU help2man
libgcrypt-1.4.3p0 crypto library based on code used in GnuPG
libgpg-error-1.5 error codes for GnuPG related software
libiconv-1.12 character set conversion library
libltdl-1.5.26 GNU libtool system independent dlopen wrapper
libtasn1-1.5 Abstract Syntax Notation One structure parser library
libtool-1.5.26p0 generic shared library support script
libutf8-0.8p0 provides UTF-8 locale support
lzo-1.08p1 portable speedy lossless data compression library
m4-1.4.11 GNU m4
metaauto-0.9 wrapper for gnu auto*
mutt-1.5.18-sasl-sidebar-compressed tty-based e-mail client, development version
ntp-4.2.4pl6p0 Network Time Protocol reference implementation
openldap-client-2.3.43 Open source LDAP software (client)
popt-1.7p0 getopt(3)-like library with a number of enhancements
qdbm-1.8.77 high performance embedded database library
rsync-3.0.5 mirroring/synchronization over low bandwidth links
tcl-8.5.6 Tool Command Language
wget-1.11.4 retrieve files from the web via HTTP, HTTPS and FTP
-- i have a lot of packages because some of them i build using the ports tree. --
create user = _squid (options: nologin, daemon, no password)
1.) Build Squid
./configure --prefix=/var/squid \
--enable-xmalloc-statistics \
--enable-icmp \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-ssl \
--enable-pf-transparent \
--enable-ntlm-fail-open \
--enable-cpu-profiling \
--enable-auth="ntlm,basic" \
--enable-external-acl-helpers="wbinfo_group"
--with-default-user=_squid
gmake
sudo gmake install
sudo chown -R _squid:_squid /var/squid
gmake clean
2.) Build Samba
tar zxvf samba-3.3.5.tar.gz
cd samba-3.3.5
source/./configure --prefix=/var/samba3 --with-winbind --with-ads (you can remove the --with-ads option but me I just like it! =P )
make && sudo make install
gmake clean
ldconfig -m /var/samba3/lib <-- you may need to add this on /etc/rc.local
3.) Build Berkeley DB
cd build_unix
../dist/configure --prefix=/usr/local/BerkeleyDB
make
sudo make install
make clean
ldconfig -m /usr/local/BerkeleyDB/lib
4.) Build squidGuard (the newest version of BerkeleyDB completely works with squidGuard 1.4 (tested)
./configure --prefix=/var/squidGuard --with-db=/usr/local/BerkeleyDB --with-squiduser=_squid
gmake
sudo gmake install
gmake clean
5.) Add the Configs
smb.conf
[global]
netbios name = KRAKEN
workgroup = DOMAIN
realm = DOMAIN.LAN
server string = Proxy Server
encrypt passwords = yes
security = ADS
password server =
log level = 3
log file /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
preferred master = no
dns proxy = no
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
cups options = raw
krb5.conf
[libdefaults]
default_realm = DOMAIN.LAN
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMA
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
CORP.PLC = {
default_domain= DOMAIN.LAN
kdc =
admin_server =
}
[domain_realm]
.DOMAIN.LAN = DOMAIN.LAN
[kdc]
profile =/etc/kerberosV/kdc.conf
[kadmin]
# This is the trickiest part of a Kerberos installation. See the
# heimdal infopage for more information about encryption types.
# For a k5 only realm, this will be fine
# default_keys = v5
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/ksadmin.log
kadmind = FILE:/var/heimdal/kadmind.log
kadm5.acl
*/KRAKEN@DOMAIN.LAN *
kdc.conf
[kdcdefaults]
acl_file = /etc/kerberosV/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /etc/kerberosV/krb5.keytab
v4_mode = noreauth
[libdefaults]
default_realm = DOMAIN.LAN
[realms]
DOMAIN.LAN = {
master_key_type = des-cbc-crc
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
krb5.keytab <-- we'll create this later.
As soon as all the configs are in, it's time to fire up samba (start smbd,nmbd,winbindd).
sudo kinit KRAKEN@DOMAIN.LAN
sudo klist
sudo /var/samba3/bin/net ads join -U KRAKEN -d1
If there are no errors then tap yourself in the back.. you just added your squid box into AD.
--- AD Certificate part --- This is through windows okei?
ktpass -out c:\temp\KRAKEN.keytab -princ host/KRAKEN.PROXY@DOMAIN.LAN -mapuser myhost -pType KRB5_NT_PRINCIPAL +rndpass
this key will let your squid box logged into AD automagically. As soon as it generates the key. copy it to your squid box and run the following command:
ktutil copy /path/to/KRAKEN.keytab /etc/kerberosV/krb5.keytab
delete the KRAKEN.keytab file from AD.
for the rest of the squid.conf config please refer to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory (you don't think that I'll just spoon fed you guys the entire time huh, bub? besides RTFM your using squid. not ISA crap.
after the config change run:
sudo /var/squid/sbin/squid -z (this will generate the cache file folders)
sudo /var/squid/sbin/squid (squid goes daemon mode. put this into /etc/rc.local)
NOTE to Readers: I made this in order to serve as a guide, If it doesn't work you can ask out real questions through (squid-users at squid-cache.org). who knows i might see it there. anyways let the fun begin.
OS: OpenBSD 4.5 (Stable on HS20 IBM Blade Center)
Grab a Fresh Copy of the following:
- Squid (squid-3.0.STABLE16.tar.gz) - my favorite Proxy Cache
- Samba (samba-3.3.5.tar.gz) - used to make windows AD like our *nix box
- Berkeley DB (db-4.7.25.tar.gz) - needed by SquidGuard
- SquidGuard (squidGuard-1.4.tar.gz) - my favorite keyword filter
I have the following output on my pkg_info:
autoconf-2.59p3 automatically configure source code on many Un*x platforms
autoconf-2.61p3 automatically configure source code on many Un*x platforms
bison-2.3 GNU parser generator
bzip2-1.0.5 block-sorting file compressor, unencumbered
cyrus-sasl-2.1.22p4 RFC 2222 SASL (Simple Authentication and Security Layer)
gettext-0.17p0 GNU gettext
gmake-3.81p0 GNU make
gnutls-2.6.2 GNU Transport Layer Security library
help2man-1.29p0 GNU help2man
libgcrypt-1.4.3p0 crypto library based on code used in GnuPG
libgpg-error-1.5 error codes for GnuPG related software
libiconv-1.12 character set conversion library
libltdl-1.5.26 GNU libtool system independent dlopen wrapper
libtasn1-1.5 Abstract Syntax Notation One structure parser library
libtool-1.5.26p0 generic shared library support script
libutf8-0.8p0 provides UTF-8 locale support
lzo-1.08p1 portable speedy lossless data compression library
m4-1.4.11 GNU m4
metaauto-0.9 wrapper for gnu auto*
mutt-1.5.18-sasl-sidebar-compressed tty-based e-mail client, development version
ntp-4.2.4pl6p0 Network Time Protocol reference implementation
openldap-client-2.3.43 Open source LDAP software (client)
popt-1.7p0 getopt(3)-like library with a number of enhancements
qdbm-1.8.77 high performance embedded database library
rsync-3.0.5 mirroring/synchronization over low bandwidth links
tcl-8.5.6 Tool Command Language
wget-1.11.4 retrieve files from the web via HTTP, HTTPS and FTP
-- i have a lot of packages because some of them i build using the ports tree. --
create user = _squid (options: nologin, daemon, no password)
1.) Build Squid
./configure --prefix=/var/squid \
--enable-xmalloc-statistics \
--enable-icmp \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
--enable-ssl \
--enable-pf-transparent \
--enable-ntlm-fail-open \
--enable-cpu-profiling \
--enable-auth="ntlm,basic" \
--enable-external-acl-helpers="wbinfo_group"
--with-default-user=_squid
gmake
sudo gmake install
sudo chown -R _squid:_squid /var/squid
gmake clean
2.) Build Samba
tar zxvf samba-3.3.5.tar.gz
cd samba-3.3.5
source/./configure --prefix=/var/samba3 --with-winbind --with-ads (you can remove the --with-ads option but me I just like it! =P )
make && sudo make install
gmake clean
ldconfig -m /var/samba3/lib <-- you may need to add this on /etc/rc.local
3.) Build Berkeley DB
cd build_unix
../dist/configure --prefix=/usr/local/BerkeleyDB
make
sudo make install
make clean
ldconfig -m /usr/local/BerkeleyDB/lib
4.) Build squidGuard (the newest version of BerkeleyDB completely works with squidGuard 1.4 (tested)
./configure --prefix=/var/squidGuard --with-db=/usr/local/BerkeleyDB --with-squiduser=_squid
gmake
sudo gmake install
gmake clean
5.) Add the Configs
smb.conf
[global]
netbios name = KRAKEN
workgroup = DOMAIN
realm = DOMAIN.LAN
server string = Proxy Server
encrypt passwords = yes
security = ADS
password server =
log level = 3
log file /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
preferred master = no
dns proxy = no
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
cups options = raw
krb5.conf
[libdefaults]
default_realm = DOMAIN.LAN
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMA
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
[realms]
CORP.PLC = {
default_domain= DOMAIN.LAN
kdc =
admin_server =
}
[domain_realm]
.DOMAIN.LAN = DOMAIN.LAN
[kdc]
profile =/etc/kerberosV/kdc.conf
[kadmin]
# This is the trickiest part of a Kerberos installation. See the
# heimdal infopage for more information about encryption types.
# For a k5 only realm, this will be fine
# default_keys = v5
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/ksadmin.log
kadmind = FILE:/var/heimdal/kadmind.log
kadm5.acl
*/KRAKEN@DOMAIN.LAN *
kdc.conf
[kdcdefaults]
acl_file = /etc/kerberosV/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /etc/kerberosV/krb5.keytab
v4_mode = noreauth
[libdefaults]
default_realm = DOMAIN.LAN
[realms]
DOMAIN.LAN = {
master_key_type = des-cbc-crc
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
krb5.keytab <-- we'll create this later.
As soon as all the configs are in, it's time to fire up samba (start smbd,nmbd,winbindd).
sudo kinit KRAKEN@DOMAIN.LAN
sudo klist
sudo /var/samba3/bin/net ads join -U KRAKEN -d1
If there are no errors then tap yourself in the back.. you just added your squid box into AD.
--- AD Certificate part --- This is through windows okei?
ktpass -out c:\temp\KRAKEN.keytab -princ host/KRAKEN.PROXY@DOMAIN.LAN -mapuser myhost -pType KRB5_NT_PRINCIPAL +rndpass
this key will let your squid box logged into AD automagically. As soon as it generates the key. copy it to your squid box and run the following command:
ktutil copy /path/to/KRAKEN.keytab /etc/kerberosV/krb5.keytab
delete the KRAKEN.keytab file from AD.
for the rest of the squid.conf config please refer to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory (you don't think that I'll just spoon fed you guys the entire time huh, bub? besides RTFM your using squid. not ISA crap.
after the config change run:
sudo /var/squid/sbin/squid -z (this will generate the cache file folders)
sudo /var/squid/sbin/squid (squid goes daemon mode. put this into /etc/rc.local)
Tuesday, June 30, 2009
OpenBSD doesn't like winbind
I just found out from ports that winbind doesn't go into the ports FLAVOR for samba due to it's nature of talking with nsswitch.conf which obsd folks don't support. but .. not all hope is lost. some cool folks at ports send out this patch that you can add into the samba ports to build winbind
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.105
diff -N -u -p -u Makefile
--- Makefile 30 Jun 2009 21:38:38 -0000 1.105
+++ Makefile 30 Jun 2009 23:20:08 -0000
@@ -60,7 +60,7 @@ CONFIGURE_ARGS= --disable-fam \
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -Wl,--export-dynamic"
-FLAVORS= cups ldap ads
+FLAVORS= cups ldap ads winbind
FLAVOR?=
MULTI_PACKAGES= -main -docs
@@ -93,6 +93,12 @@ CONFIGURE_ARGS+= --without-ads
.if ${FLAVOR:L:Mads}
WANTLIB+= crypto
+.endif
+
+.if ${FLAVOR:L:Mwinbind}
+CONFIGURE_ARGS+= --with-winbind
+.else
+CONFIGURE_ARGS+= --without-winbind
.endif
PKG_ARCH-docs= *
cvs server: Diffing inside files
cvs server: Diffing inside patches
cvs server: Diffing inside pkg
Index: pkg/PFRAG.winbind-main
===================================================================
RCS file: pkg/PFRAG.winbind-main
diff -N -u -p -u pkg/PFRAG.winbind-main
--- /dev/null 30 Jun 2009 17:20:08 -0000
+++ pkg/PFRAG.winbind-main 30 Jun 2009 23:20:08 -0000
@@ -0,0 +1,6 @@
+@comment $OpenBSD$
+bin/wbinfo
+include/wbclient.h
+lib/libwbclient.so
+lib/libwbclient.so.0
+libexec/winbindd
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v
retrieving revision 1.9
diff -N -u -p -u pkg/PLIST-main
--- pkg/PLIST-main 14 May 2009 17:05:46 -0000 1.9
+++ pkg/PLIST-main 30 Jun 2009 23:20:08 -0000
@@ -133,3 +133,4 @@ share/swat/include/footer.html
share/swat/include/header.html
@sample /var/spool/samba/
%%SHARED%%
+%%winbind%%
enjoy =)
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/samba/Makefile,v
retrieving revision 1.105
diff -N -u -p -u Makefile
--- Makefile 30 Jun 2009 21:38:38 -0000 1.105
+++ Makefile 30 Jun 2009 23:20:08 -0000
@@ -60,7 +60,7 @@ CONFIGURE_ARGS= --disable-fam \
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib -Wl,--export-dynamic"
-FLAVORS= cups ldap ads
+FLAVORS= cups ldap ads winbind
FLAVOR?=
MULTI_PACKAGES= -main -docs
@@ -93,6 +93,12 @@ CONFIGURE_ARGS+= --without-ads
.if ${FLAVOR:L:Mads}
WANTLIB+= crypto
+.endif
+
+.if ${FLAVOR:L:Mwinbind}
+CONFIGURE_ARGS+= --with-winbind
+.else
+CONFIGURE_ARGS+= --without-winbind
.endif
PKG_ARCH-docs= *
cvs server: Diffing inside files
cvs server: Diffing inside patches
cvs server: Diffing inside pkg
Index: pkg/PFRAG.winbind-main
===================================================================
RCS file: pkg/PFRAG.winbind-main
diff -N -u -p -u pkg/PFRAG.winbind-main
--- /dev/null 30 Jun 2009 17:20:08 -0000
+++ pkg/PFRAG.winbind-main 30 Jun 2009 23:20:08 -0000
@@ -0,0 +1,6 @@
+@comment $OpenBSD$
+bin/wbinfo
+include/wbclient.h
+lib/libwbclient.so
+lib/libwbclient.so.0
+libexec/winbindd
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/samba/pkg/PLIST-main,v
retrieving revision 1.9
diff -N -u -p -u pkg/PLIST-main
--- pkg/PLIST-main 14 May 2009 17:05:46 -0000 1.9
+++ pkg/PLIST-main 30 Jun 2009 23:20:08 -0000
@@ -133,3 +133,4 @@ share/swat/include/footer.html
share/swat/include/header.html
@sample /var/spool/samba/
%%SHARED%%
+%%winbind%%
enjoy =)
Wednesday, June 10, 2009
Get your kicks on route CVS
CVS just makes life easier, makes the blame game a bit more accurate. but overall simplifies the maintenance of everything that's text.
here's how i did it:
mkdir /cvs-server1
chmod 1770 /cvs-server1
export CVSROOT=/cvs-server1
cvs -d /cvs-server1 init
chown -R _cvs /cvs-server1
chgrp -R cvsgroup /cvs-server1
that's it.. ssh to the box
to import:
export CVS_RSH=/usr/bin/ssh
cvs -d:ext::/cvs-server1 import -m "desc"
to checkout:
export CVS_RSH=/usr/bin/ssh
cvs -d:ext::/cvs-server1 co
I used OpenBSD 4.5 sweetest operating system on the planet. comes with cvs =)
i used _cvs user to tagged the folder as "cvs" it's locked
i used cvsgroup as a group to put in all the cvs-users i have in mind.
it's a simple setup all in all, i didn't even bother to chroot the box since i use this box for one thing. CVS nothing more.
here's how i did it:
mkdir /cvs-server1
chmod 1770 /cvs-server1
export CVSROOT=/cvs-server1
cvs -d /cvs-server1 init
chown -R _cvs /cvs-server1
chgrp -R cvsgroup /cvs-server1
that's it.. ssh to the box
to import:
export CVS_RSH=/usr/bin/ssh
cvs -d:ext:
to checkout:
export CVS_RSH=/usr/bin/ssh
cvs -d:ext:
I used OpenBSD 4.5 sweetest operating system on the planet. comes with cvs =)
i used _cvs user to tagged the folder as "cvs" it's locked
i used cvsgroup as a group to put in all the cvs-users i have in mind.
it's a simple setup all in all, i didn't even bother to chroot the box since i use this box for one thing. CVS nothing more.
Tuesday, June 2, 2009
All UID's should be accounted for their actions
I got this off my copy of the openbsd list, this clearly shows how openbsd's state of mind with regards to security.. which makes perfect sense.
from Theo de Raadt
to patrick keshishian
cc ports@openbsd.org
date Mon, Jun 1, 2009 at 11:20 PM
subject Re: user and syslog question for pptp client
mailed-by openbsd.org
hide details 11:20 PM (5 hours ago)
Reply
Follow up message
> Hmm.. kinda feels like a waste to create a new user/group.
> The app doesn't write to any files nor does it have any
> config files (ATM).
>
> How about I stick with nobody?
How about everyone just share the root account?
What are you afraid of, that we'll run out of users and groups?
There are very good documented reasons why we have all daemons
use different uids. Much security is failed from seperation.
from Theo de Raadt
to patrick keshishian
cc ports@openbsd.org
date Mon, Jun 1, 2009 at 11:20 PM
subject Re: user and syslog question for pptp client
mailed-by openbsd.org
hide details 11:20 PM (5 hours ago)
Reply
Follow up message
> Hmm.. kinda feels like a waste to create a new user/group.
> The app doesn't write to any files nor does it have any
> config files (ATM).
>
> How about I stick with nobody?
How about everyone just share the root account?
What are you afraid of, that we'll run out of users and groups?
There are very good documented reasons why we have all daemons
use different uids. Much security is failed from seperation.
Wednesday, January 28, 2009
nspluginwrapper
A bold step, Flash is still Evil from OpenBSD fans alike. I personally get by my regular work without it. but there are some folks that find Flash attractive .. in any case .. here's a good link.
http://openbsd.stanleylieber.com/txt/openbsd_firefox_flash_player_7.txt
TEXT Format: just in case the file goes away
------------------------------------------------------------------------------------------------
.----------------------------------------------------------------------------.
| |
|---------------/ Flash Player 7 and OpenBSD native Firefox 3 /--------------|
| |
`----------------------------------------------------------------------------'
openbsd@stanleylieber.com ================== htt://openbsd.stanleylieber.com
[ Why ]
Flash is a necessary evil. If you disagree, why keep reading?
[ How ]
This document assumes ports/www/firefox3 is already installed and running
on your system.
Install Fedora and the Opera Flash plugin from ports:
# cd /usr/ports/emulators/fedora && make install && make clean
# cd /usr/ports/www/opera-flashplugin && make install && make clean
Add the following to /etc/sysctl.conf:
kern.emul.linux=1
Enable Linux compatibility for the running system:
# sysctl -w kern.emul.linux=1
Unpack port-nspluginwrapper.tgz[1] into /usr/ports/www and install:
# cd /usr/ports/www/nspluginwrapper && make install && make clean
If the package build fails on your machine you will have to manually
copy the relevant files to their proper locations:
# cd /usr/ports/www/nspluginwrapper/w-nspluginwrapper- \
0.9.91.5/fake-i386/usr/local
# cp bin/nspluginwrapper /usr/local/bin/
# cp -R lib/nspluginwrapper /usr/local/lib/
Install Opera's Linux Flash Player in Firefox 3:
# nspluginwrapper -i /usr/local/lib/opera/plugins/libflashplayer.so
Start or restart Firefox to enable the plugin. Enter about:plugins in
the address bar to verify the plugin is installed.
[ Acknowledgments ]
Thanks to Benoit Chesneau[2], seveninety.com[3] and the original authors[4]
for their work on nspluginwrapper.
[ References ]
[1] http://openbsd.stanleylieber.com/ports/www/port-nspluginwrapper.tgz
[2] http://www.nabble.com/-NEW--nspluginwrapper%2C-mozilla-flashplugin \
-td10314619.html#a10314619
http://babilu.metavers.net/openbsd/nspluginwrapper
[3] http://seveninety.com/openbsd/flashplayer9.htm
[4] http://gwenole.beauchesne.info//en/projects/nspluginwrapper
.---------------------------------------------------------------------------.
| |
| -sl |
| |
`---------------------------------------------------------------------------'
EOF
------------------------------------------------------------------------------------------------
Poster's NOTE:
I've tried this on my 4.4 box and i have to do a pkg_delete to take out rpm (RH package manager util) and re-run the opera-flashplugin.
All credits are given to the author of the port nspluginwrapper although the port is not official (based on what I've read *maybe it is*)
Enjoy OpenBSD fans!
http://openbsd.stanleylieber.com/txt/openbsd_firefox_flash_player_7.txt
TEXT Format: just in case the file goes away
------------------------------------------------------------------------------------------------
.----------------------------------------------------------------------------.
| |
|---------------/ Flash Player 7 and OpenBSD native Firefox 3 /--------------|
| |
`----------------------------------------------------------------------------'
openbsd@stanleylieber.com ================== htt://openbsd.stanleylieber.com
[ Why ]
Flash is a necessary evil. If you disagree, why keep reading?
[ How ]
This document assumes ports/www/firefox3 is already installed and running
on your system.
Install Fedora and the Opera Flash plugin from ports:
# cd /usr/ports/emulators/fedora && make install && make clean
# cd /usr/ports/www/opera-flashplugin && make install && make clean
Add the following to /etc/sysctl.conf:
kern.emul.linux=1
Enable Linux compatibility for the running system:
# sysctl -w kern.emul.linux=1
Unpack port-nspluginwrapper.tgz[1] into /usr/ports/www and install:
# cd /usr/ports/www/nspluginwrapper && make install && make clean
If the package build fails on your machine you will have to manually
copy the relevant files to their proper locations:
# cd /usr/ports/www/nspluginwrapper/w-nspluginwrapper- \
0.9.91.5/fake-i386/usr/local
# cp bin/nspluginwrapper /usr/local/bin/
# cp -R lib/nspluginwrapper /usr/local/lib/
Install Opera's Linux Flash Player in Firefox 3:
# nspluginwrapper -i /usr/local/lib/opera/plugins/libflashplayer.so
Start or restart Firefox to enable the plugin. Enter about:plugins in
the address bar to verify the plugin is installed.
[ Acknowledgments ]
Thanks to Benoit Chesneau[2], seveninety.com[3] and the original authors[4]
for their work on nspluginwrapper.
[ References ]
[1] http://openbsd.stanleylieber.com/ports/www/port-nspluginwrapper.tgz
[2] http://www.nabble.com/-NEW--nspluginwrapper%2C-mozilla-flashplugin \
-td10314619.html#a10314619
http://babilu.metavers.net/openbsd/nspluginwrapper
[3] http://seveninety.com/openbsd/flashplayer9.htm
[4] http://gwenole.beauchesne.info//en/projects/nspluginwrapper
.---------------------------------------------------------------------------.
| |
| -sl |
| |
`---------------------------------------------------------------------------'
EOF
------------------------------------------------------------------------------------------------
Poster's NOTE:
I've tried this on my 4.4 box and i have to do a pkg_delete to take out rpm (RH package manager util) and re-run the opera-flashplugin.
All credits are given to the author of the port nspluginwrapper although the port is not official (based on what I've read *maybe it is*)
Enjoy OpenBSD fans!
Thursday, January 8, 2009
Subscribe to:
Posts (Atom)
Posts
