OpenBSD tuning with Samba and NTFS to allow 1 Gbit/s tranfert. 1st August 2018

When it comes to mount an USB3 NTFS disk, performances can be quite low, if you add a Samba sharing directory it can be even worse. We’ll see how we can do some sysctl and configuration adjustements to greatly boost our speed transfert rate. OpenBSD NTFS support OpenBSD sysctl tuning OpenBSD network tuning Samba setup […]

Configure OpenSMTPd under OpenBSD with MySQL / SSL / Postfixadmin / Amavis / Clamav / SpamAssassin / Packet Filter / DKIM / DMARC 1st August 2018

As you can see, this article is really big, it took me a lot of time to write it, and I tried to be very precise, especially with detailed schemas. The goal of this article is to explain how to make the most complete SMTP server configuration with OpenSMTPd : OpenSMTPd with MySQL and SSL […]

Setup a desktop environment under OpenBSD with XFCE 19th September 2017

How many times I’ve heard : « OpenBSD is a system made for servers not desktops » Well… that’s so wrong ! This paper is not aiming to be very technical as the setup is really easy, its goal is to help you see OpenBSD as a system you can use everyday for almost everything […]

Setup OpenBSD 6.3 with Full Disk Encryption 19th September 2017

This article has been updated for the OpenBSD 6.3 release. Here is a quick way to setup (in 7 steps) OpenBSD 6.3 with the encryption of the filesystem.

Easy system monitoring with Cacti under OpenBSD and nginx 4th August 2017

Cacti is a great monitoring tool based on RRDTool and SNMP, I use this solution for more than 10 years, the project is very active, easy to manage and to maintain. But… when you want to run it under OpenBSD with a chrooted httpd it can be very painfull to setup and it will make […]

Build a fake SSH server under OpenBSD with PacketFilter and sshesame 3rd August 2017

Introduction : If you host a public server with a SSH daemon, you should be familiar with bruteforce attacks… $ cat /var/log/authlog Aug 3 12:00:47 blog sshd[25418]: Failed password for root from 1.164.135.169 port 35320 ssh2 Aug 3 12:00:51 blog sshd[25418]: error: maximum authentication attempts exceeded for root from 1.164.135.169 port 35320 ssh2 [preauth] Aug […]

OpenSMTPD and Dovecot under OpenBSD with MySQL support and SPAMD 13th July 2017

This article is the continuation of my previous tutorial OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot. We’ll use the same configuration and add some features so we can : Use our domains, aliases, virtual users with a MySQL database (MariaDB under OpenBSD). Deploy SPAMD with OpenSMTPD for a strong antispam solution. Jump in!

OpenSMTPD under OpenBSD with SSL/VirtualUsers/Dovecot 13th July 2017

This article is the translation of my previous paper in French. During the 2013 AsiaBSDCon, the team of OpenBSD presented its mail solution named OpenSMTPD. Developped by the OpenBSD team, we find the so much appreciated philosophy of its developpers : security, simplicity / clarity and advanced features. Security : The daemon runs unprivileged and […]

OpenBSD’s httpd(8) server with PHP/MYSQL/SSL and PacketFilter firewalling 28th June 2017

Since the version 5.7, OpenBSD integrates its own http server named httpd(8). We’ll see how to deploy / configure / secure it.

Avoid OS detection on OpenBSD 26th June 2017

You know what we say about OpenBSD : Free, Functional, and… Secure. Hosting a public server can lead to many different attacks. Mostly random attacks, but you may be targeted by a “real attacker” who, at first, will gather informations such as the kind of operating system you are running. Actually, finding what system runs […]