OpenBSD tuning with Samba and NTFS to allow 1 Gbit/s tranfert. 1st August 2018

When it comes to mount an USB3 NTFS disk, performances can be quite low, if you add a Samba sharing directory it can be even worse. We’ll see how we can do some sysctl and configuration adjustements to greatly boost our speed transfert rate. OpenBSD NTFS support OpenBSD sysctl tuning OpenBSD network tuning Samba setup […]

Configure OpenSMTPd under OpenBSD with MySQL / SSL / Postfixadmin / Amavis / Clamav / SpamAssassin / Packet Filter / DKIM / DMARC 1st August 2018

As you can see, this article is really big, it took me a lot of time to write it, and I tried to be very precise, especially with detailed schemas. The goal of this article is to explain how to make the most complete SMTP server configuration with OpenSMTPd : OpenSMTPd with MySQL and SSL […]

Secure your SSH server with blacklistd and PacketFilter under FreeBSD 8th September 2017

Many of us know and use Fail2ban, a very powerfull log parser able to block everything you want if you create the good rules for your services. But, when it comes to just secure our SSHd, it can be a little… overkill ! So, a daemon named blacklistd(8) showed up few months ago on the […]

Quick and secure Samba setup under FreeBSD 16th August 2017

Many of us may not be Windows enthusiasts but sometimes it may be worthwhile to benefit from a file sharing service allowing Windows clients to connect. You’ll tell me : « To share your files you can use SSHFS, FTP, etc…» Short answer : And it’s true ! But when it comes to watch movies […]

Easy system monitoring with Cacti under OpenBSD and nginx 4th August 2017

Cacti is a great monitoring tool based on RRDTool and SNMP, I use this solution for more than 10 years, the project is very active, easy to manage and to maintain. But… when you want to run it under OpenBSD with a chrooted httpd it can be very painfull to setup and it will make […]

OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot 13th July 2017

This article is the translation of my previous paper in French. During the 2013 AsiaBSDCon, the team of OpenBSD presented its mail solution named OpenSMTPD. Developped by the OpenBSD team, we find the so much appreciated philosophy of its developpers : security, simplicity / clarity and advanced features. Security : The daemon runs unprivileged and […]

Deploy Ghost under Raspbian with MySQL / nginx / Let’s Encrypt / strong SSL 12th July 2017

Introduction Ghost is a wonderful blogging platform developped with node.js. It’s easy to use, fast (You mean, like DC COMICS Flash ? Yeah dude ! Superpowers !) it manages SEO, mardown, and the default theme : Casper is sooooooo beautiful. So now, we’ll learn how to setup Ghost on your Raspberry PI, with Raspbian (of […]

OpenBSD’s httpd(8) server with PHP/MYSQL/SSL and PacketFilter firewalling 28th June 2017

Since the version 5.7, OpenBSD integrates its own http server named httpd(8). We’ll see how to deploy / configure / secure it.

Avoid OS detection on OpenBSD 26th June 2017

You know what we say about OpenBSD : Free, Functional, and… Secure. Hosting a public server can lead to many different attacks. Mostly random attacks, but you may be targeted by a “real attacker” who, at first, will gather informations such as the kind of operating system you are running. Actually, finding what system runs […]

OpenBSD – Configure your static IPv6 network 9th October 2016

If your internet provider gives you an IPv6 connectivity, you can add one or multiple addresses to your workstation/server. In my case, Orange, my provider, gives me the following IPv6 (bloc/prefix) : 2a01:cb06:3e0:eb00::/56 Under OpenBSD, the static configuration is made with two files :