Openbsd

I finally got some free time and decided to use it for improving the security of my home network. The most effective measures for my environment would be any additional controls on the network level so that both the LAN and IOT networks could benefit from it. I recently setup a recursive nameserver using Unbound and have forced all DNS traffic to go through that. It’s nice because I get visibility on all DNS traffic which I monitor using Splunk. But now, it’s time to add some additional hardening to the DNS service using the publicly available blocklist from OISD. ...

Long story short, I need to be able to access my home machine(s) from the Internet. Unfortunately my ISP provides me with a dynamic IP address so I need to jump to another hoop to get where I want. Luckily there’s a lot of Dynamic DNS providers out there, for reason(s) I opted to use Duck DNS. So go over to Duck DNS and sign-in to create an account, claim your subdomain and grab the token. ...

OpenBSD does not provide many good options for shipping logs to a remote destination. Well known solutions like Fluentd, fluent-bit, Cribl, etc are just not (yet) available :( In this blog post I describe how I’m shipping Zeeks logs from my firewall using Rsyslog into my logging infrastructure which currently consists of Cribl and Splunk running on Linux VM’s. Enable JSON logging in Zeek The default TSV logging format of Zeek is fine when working with the logs locally with tools like cat, grep and zeek-cut. But when forwarding logs to a SIEM I prefer to use the JSON format. To make Zeek create logs in JSON you have to load the json-logs module in the site local configuration. ...

Every now and then I want to re-install OpenBSD on my little APU2 system, this time I wanted to benefit from the recent FFS2 improvements which requires filesystems to be recreated. It seems I struggle with remembering some bits and pieces of this process as I get older ;). This blog post is here to document what stuff I need to get the OpenBSD installer going! Yes, that also means I’m not documenting the OpenBSD installer here. ...