Install FreeBSD From Linux With Root on ZFS

Do you use a VPS which doesn’t support FreeBSD? Or your VPS supports FreeBSD but their install is trash and you want Root on ZFS? Hopefully your VPS gives you the option to boot in to a Linux rescue distribution (i.e. some kind of “live” environment). If so, you can quite easily install FreeBSD and put Root on ZFS. Introducing mfsBSD, a tiny bootable image that gives you a minimal

A RISC OS server using RPCEmu

A very long time ago I used telnet talkers. Around the time that ICQ was popular and before MSN Messenger. gerph, who was very well known in the RISC OS scene (and went on to work for RISC OS Ltd working on RISC OS 4), wrote a telnet talker in BASIC called TalkerD to demonstrate his excellent EasySocket library and I adapted TalkerD to be more NUTS-like. This became known

Using acme.sh For Certificate Management

Back in 2016 I wrote some notes on issuing and renewing certificates through Let’s Encrypt and using EFF’s CertBot to facilitate this. Today I revisited this after seeing acme.sh on OPNsense. What’s super impressive with acme.sh is that it’s a shell script. And it’s super easy to use. Installing acme.sh is simple. After following these instructions you’re all set. Note that acme.sh is installed in to $HOME. It’s not installed

Building a ZeroTier Bridged Network

I was listening to a recent Packet Pushers Priority Queue podcast called Meet ZeroTier – Open Source Networking and decided to give ZeroTier a go, to see if it really worked as described. TL;DR: Yes it really does work as described! If you’re unfamiliar with ZeroTier I highly recommend listening to this podcast to understand why, what and how. If you’re unsure on the why, what and how, this blog post

Creating a Highly Interactive Honeypot With HonSSH

HonSSH is essentially an SSH proxy, acting like a Man-in-The-Middle attack. It sits between the attacker and a honeypot and proxies the SSH connections. By doing this it can log all interactions, spoof (rewrite) login passwords and even capture files downloaded by the attacker on to the honeypot for later analysis. Below is my topology: Configuring the Honeypot Server For the honeypot server (the server attackers will login to), I’m using Ubuntu 14.04

A Guide to Using Let’s Encrypt

Up until a few moments ago, I was using CAcert for all my certificate needs. A free service offering SSL/TLS certificates. The only issue with CAcert is that their Root Certificate is not included in all mainstream Operating Systems or browsers, meaning users will get a certificate error unless they choose to install the Root Certificate. But now Let’s Encrypt is on the scene. A free, open and automated certificate authority that is

Reviving an Acer Aspire One ZG5 Netbook

I was given an Acer Aspire One ZG5 (A110) and asked to try to update it. There were a few problems with it. Firstly, it was running Ubuntu 12.04 but the upgrade to Precise Pangolin had broken and wasn’t easily recoverable. Secondly, the battery appeared to be dead and wouldn’t charge. In addition I also found that a BIOS password (“user” and “supervisor”) had been set but the password wasn’t

Disabling WordPress XML-RPC and Banning Offenders With fail2ban

This isn’t something new. SANS ISC reported on this 2 years ago. The bad guys love anything that can be used in a reflection DoS and the WordPress XML-RPC functionality is a prime candidate. There are various ways to disable it, through WordPress plugins for example, or by hacking away at code. All of these are fine if you’re in control over what gets installed on the web server. In a shared

Banning Repeat Offenders With fail2ban

More and more I see fail2ban banning the same hosts repeatedly. One way to tackle this could be to increase the ban time but you could also have fail2ban monitor itself to find “repeat offenders” and then ban them for an extended period of time. Firstly, create a filter definition: [Definition] failregex = fail2ban\.actions\[\d+\]: WARNING \[.*\] Unban <HOST>$ ignoreregex = fail2ban\.actions\[\d+\]: WARNING \[repeat-offender\].*$ This will be used against the fail2ban log and

loadbalancer.org Linux Feedback Agent

I’ve been working with some loadbalancer.org appliances recently, load balancing traffic over MySQL and Apache servers running Linux. The load balancer supports a feedback agent where it can query the real server to gauge how utilised it is based on, for example, CPU load and then distribute the request to the real server that should perform the best. Over on the loadbalancer.org blog is an article about the feedback agent and how to implement it