OpenBSD

From Nerdica Wiki
Revision as of 10:22, 29 April 2012 by Travis (Talk | contribs) (Fixed formating)

Jump to: navigation, search

Packet Filter

Logs

Real-time display of Packet Filter Logs:

sudo tcpdump -n -e -ttt -i pflog0 src host not 174.0.204.1 and dst port not 6882

Tables

Update/replace a table:

sudo pfctl -t retards -T replace -f /etc/pf.d/tables/blacklist.txt


Display a table called 'retards':

pfctl -t retards -T show


Show the current state table:

sudo pfctl -s state

sudo pfctl -ss

Configuration Files

Load a Packet Filter configuration file:

pfctl -f /etc/pf.conf


Parse a configuration file but do not load it:

pfctl -nf /etc/pf.conf


Load only the NAT rules from the file:

pfctl -Nf /etc/pf.conf


Load only the filter rules from the file:

pfctl -Rf /etc/pf.conf


Show states

Show the current NAT rules:

pfctl -sn


Show current filter rules:

pfctl -sr


Show filter stats and counters:

pfctl -si


Show everything it can show:

pfctl -sa

Updating OpenBSD Via Source

Grab source from CVS

First Time

For -current:

cd /usr
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P src

For -stable:

cd /usr
cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_5 -P src

Updating

For -current:

cd /usr/src
cvs -q up -Pd

For -stable:

cd /usr/src
cvs -q up -rOPENBSD_4_5 -Pd

Rebuilding the Kernel

# cd /usr/src/sys/arch/i386/conf
# /usr/sbin/config GENERIC
# cd /usr/src/sys/arch/i386/compile/GENERIC
# make clean && make depend && make

Rebooting with the new kernel

# cd /usr/src/sys/arch/i386/compile/GENERIC
# make install          (Safely install new kernel)
# reboot

Rebuilding the userland binaries

# rm -rf /usr/obj/*
# cd /usr/src
# make obj
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build


Updating Ports Via CVS

First Time

For -current:

# cd /usr
# cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P ports

For -stable:

# cd /usr
# cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_5 -P ports

Updating

For -current:

# cd /usr/ports
# cvs -q up -Pd

For -stable:

# cd /usr/ports
# cvs -q up -rOPENBSD_4_5 -Pd

Building

Making a release

Read [1]

If this is not your first time building a release, clean out the Destination and Release directories:

# rm -rf /usr/dest/*
# rm -rf /usr/rel/*

If this is the first release you're building since a clean installation, make the release directories:

# mkdir /usr/dest
# mkdir /usr/rel

Define our DESTDIR and RELEASEDIR environment variables:

# export DESTDIR=/usr/dest
# export RELEASEDIR=/usr/rel

We now clear the DESTDIR and create the directories if needed:

# test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}.old && rm -rf ${DESTDIR}.old &
# mkdir -p ${DESTDIR} ${RELEASEDIR}

RELEASEDIR does not normally need to be empty before starting the release process, however, if there are changes in the release files or their names, old files may be left laying around. You may wish to also erase this directory before starting.

We now make the release itself:

# cd /usr/src/etc
# make release

After the release is made, it is a good idea to check the release to make sure the tar files are matching what is in the DESTDIR. The output of this step should be very minimal.

# cd /usr/src/distrib/sets
# sh checkflist

You now have complete and checked release file sets in the RELEASEDIR. These files can now be used to install or upgrade OpenBSD on other machines. The authoritative instructions on making a release are in release(8).

Note: if you wish to distribute the resultant files by HTTP for use by the upgrade or install scripts, you will need to add an "index.txt" file, which contains the list of all the files in your newly created release.

# /bin/ls -1 >index.txt

Once you have the complete release made, you can use those files for a standard install or upgrade on another machine, or if updating a machine to a new -stable, simply unpack the tar files in the root directory of the target machine.

Making X

Hardware Sensors

Check hardware sensors

# sysctl -a | grep "hw.sensors"