Time based ACL (access control lists) features do not exist in BSD’s packet filter (PF). Having your network “shut down” at certain times (for instance, allow certain network ranges or specific IP addresses only during “business hours” or a specific time range), can be achieved with a simple PF table and a cronjob. First, let’s…
Same as in the previous article, full countries can be easily blocked on OpenBSD firewall using the pf command and https://ipdeny.com/. The zone files provided by https://ipdeny.com/ need to be stored locally. A simple way to achieve this is by having a cronjob downloading those periodically (for instance once per day): We store them directly…
Certain server setups do not require access for all countries or just want to block certain countries since they are know for their malicious activity. One simple (not full bullet-proof) way of doing this, is by setting up block rules on firewall level, which can be achieved on Linux servers with iptables and zone files…
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and OpenBSD. There is no OSSEC package available on the OSSEC website or in the OpenBSDs ports repositry,…
Since the release of OpenSSH 6.2, two new configuration parameters have been added: AuthorizedKeysCommand AuthorizedKeysCommandUser These parameters allow to create any kind of authentication method for OpenSSH, including LDAP authentication, and therefore patches like the LPK patch for OpenSSH are not required anymore. The only thing the script needs to do is return either an…
A secure and very random password generator module written in Perl.It can be used to generate passwords or unique strings which can be used in sorts of operations. The default character set is alpha-numerical based, but can be set to any kind of character list. The complete handling and generating is implemented in a module,…
Recently I have been asked to write a Syslog event generator, but not just a normal syslog generator, it had to be able to generate events coming from different hosts. The normal ‘logger’ command sends Syslog messages using the machine’s IP address, so logger wasn’t very useful. The only thing useful seem to be, to…
