This is a short how-to for securing Saltstack communication via spiped. (most of it is based on the how-to I wrote on securing Elasticsearch with spiped) At first: install spiped FreeBSD pkg install spiped Debian/Ubuntu apt install spiped CentOS edit /etc/yum.repos.d/spiped.repo [lsde-spiped] name=spiped repo baseurl=https://copr-be.cloud.fedoraproject.org/results/lsde/spiped/epel-7-$basearch/ type=rpm-md skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/lsde/spiped/pubkey.gpg […]
Estimated reading time: 4 minutes
OpenSSH 8.2p1 with FIDO2 support was recently added to MacOS (via Homebrew) and FreeBSD (via ports/pkg). Here’s a short how-to securely login to your FreeBSD servers via FIDO2 (Yubikey, Solokey et. al.). On your MacOS client: Open your terminal and install libfido2 and openssh (8.2p1) brew install openssh libfido2 Generate […]
Estimated reading time: 2 minutes
Stop the running jail and export it: iocage stop jailname iocage export jailname Move the backup files (.zip and .sha256) into Bastille backup dir (default: /usr/local/bastille/backups/): mv /iocage/images/jailname_2020-03-26.* /usr/local/bastille/backups/ for remote systems you could use rsync: rsync -avh /iocage/images/jailname_2020-03-26.* [email protected]:/usr/local/bastille/backups/ Import the iocage backup file (use zip file name) bastille […]
Estimated reading time: 56 seconds
HowTo create jails with Bastille TDLR of https://github.com/BastilleBSD/bastille Bastille is a very lightweight jail/container management for FreeBSD and HardenedBSD install bastille Bastille is very active so make shure you switch to latest pkg mirror change pkg mirror to “latest” vim /etc/pkg/FreeBSD.conf FreeBSD: { url: “pkg+http://pkg.FreeBSD.org/${ABI}/latest”, mirror_type: “srv”, signature_type: “fingerprints”, fingerprints: […]
Estimated reading time: 1 minute
TLDR for Redmine on FreeBSD 11.2 install redmine and a bunch of dependencies UPDATE 2019/03/11 redmine pkg is currently not available on quaterly mirror (make sure you use latest branch in /etc/pkg/FreeBSD.conf) pkg install redmine apache24 mysql56-server mysql56-client rubygem-passenger-apache vim /usr/local/etc/apache24/httpd.conf add the following lines to your httpd.conf or Inlcudes/redmine.conf […]
Estimated reading time: 3 minutes
HowTo Secure Elasticsearch using spiped on FreeBSD, Debian and CentOS Spiped makes it really easy to secure connections between clients and Elasticsearch databases. Keep in mind that the symmetric key (once compromised) can be used to intercept/mitm all connections. install spiped FreeBSD pkg install spiped Debian/Ubuntu apt install spiped […]
Estimated reading time: 1 minute
Logstash services failes on FreeBSD (11.x) No errors shown in logfile, just INFO outputs [2018-11-06T12:24:56,663][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>”fb_apache”, :directory=>”/usr/share/logstash/modules/fb_apache/configuration”} [2018-11-06T12:24:56,664][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>”netflow”, :directory=>”/usr/share/logstash/modules/netflow/configuration”} Did you add procfs/fdesc in /etc/fstab? did you add: vim /etc/fstab fdesc /dev/fd fdescfs rw 0 0 proc /proc procfs rw 0 0 mount […]
Estimated reading time: 41 seconds
If your Salt Minion fails to start with [salt.utils.process:754 ][ERROR ][5542] An un-handled exception from the multiprocessing process ‘SignalHandlingMultiprocessingProcess-1:59’ was caught: Traceback (most recent call last): File “/usr/local/lib/python3.5/dist-packages/salt/utils/process.py”, line 747, in _run return self._original_run() […] File “/usr/lib/python3.5/asyncio/base_events.py”, line 411, in run_forever ‘Cannot run the event loop while another loop is […]
Estimated reading time: 47 seconds
If you try to run Elasticsearch in a Jail without an external IP address you might get an error like: No up-and-running loopback addresses found, got [name:lo1 (lo1)] How to solve it? you need to bind your Elasticsearch to your Loopback address: /usr/local/etc/elasticsearch/elasticsearch.yml: network.host: 10.10.10.2
Estimated reading time: 25 seconds
If you see the following error after pkg upgrade or pkg install {anypackge} Shared object “libdl.so.1” not found Your FreeBSD version might be outdated. This currently happens on FreeBSD 11.1 if you use the latest/qarterly pkg mirror. How to fix it? freebsd-update -upgrade -r 11.2-RELEASE reboot freebsd-update install pkg update […]
Estimated reading time: 27 seconds