daemonhorn

Setup Nagios to monitor basic services on Debian

• ref: https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/quickstart.html
• ref: https://edsonkimuli.medium.com/install-nagios-4-on-nginx-ubuntu-20-04-93a112208232
• Using nginx as the webserver instead of apache in this example with default config fixes.
• This guide starts with the Debian packages versions of nagios4 instead of building from source, thus requires a few tweaks to enable nginx as the webserver.

Install

apt install nginx nagios4 php-fpm fcgiwrap -y
usermod -a -G nagios www-data
# Make a folder and symlink the native apache cgi into nginx

daemonhorn

References

• https://vdc-download.vmware.com/vmwb-repository/dcr-public/1addc72d-5822-40b9-bc10-8dde76a49c70/8401b705-742b-4192-8158-6b02a578cfa7/GUID-3034A439-E9D7-4743-ABC0-EE38610E15F8.html
• https://www.reddit.com/r/PowerShell/comments/dsqh7h/vmware_powercli_on_server_without_internet/
• https://docs.vmware.com/en/VMware-PowerCLI/latest/powercli/GUID-3034A439-E9D7-4743-ABC0-EE38610E15F8.html

Install Powershell on Debian

###################################
# Prerequisites

# Update the list of packages

daemonhorn

Auto-Update for Ubuntu/Debian using Unattended-Upgrades package

Install

Unattended-upgrades is installed by:

sudo apt install unattended-upgrades
sudo systemctl enable --now unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Configure

The default config is reasonable, but should be inspected.

daemonhorn

Use a Taglio PivKey smartcard with a self-signed certificate

The default instructions on the PivKey documentation site: https://pivkey.zendesk.com/hc/en-us do not provide any examples for configuring a self-signed certificate in any of the 25 slots. These instructions were tested with the PivKey C910 version, but likely most Taglio variants will work the same way.

Powershell New-SelfSignedCertificate

There is support in powershell 5.1+ on currently supported Windows OS (Server 2012+/Windows 10+) configurations for generating self-signed certificates with a wide variety of configuration parameters, including support for the Microsoft Smart Card Key Storage Provider to generate keys on a smartcard.

• Reference: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
• Setup mapping of generate certificate to certificate slots (see Powershell script snippet below) to automatically assign a slot by using the correct Application Policies OID configuration in in the initi

daemonhorn

# Place this file in our $profile location and restart powershell.
#  e.g.:   copy Downloads\example.ps1 $profile
#     $profile defaults to $HOME\Documents\PowerShell\Microsoft.PowerShell_profile.ps1
#     aka: c:\Users\username\Documents\PowerShell\Microsoft.PowerShell_profile.ps1
# If you want to sign it see function `user-sign-psscript` below for signing
# This enables the use of: 
#    set-executionPolicy -ExecutionPolicy AllSigned -Scope CurrentUser
# Or if you don't care about security on Powershell locally, you can ignore local signing, and just use:
#    set-executionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

daemonhorn

PfSense Air-gapped configuration

In certain environments, it is useful to have a router and firewall between two private vlans. When the WAN interface of PfSense is not able to access the internet (e.g. DNS Resolution, Update Checks, etc.) it can become sluggish to boot and configure. This guide attempts to capture configuration knobs that can improve the usability in these environments, and was written with PfSense CE 2.7.2 configuration as a baseline.

TODO

• Finish Documentation
• tcpdump -nn -i XXX pfsense at steady state air-gapped {for em0 (WAN), em1 (LAN), lo0 (loopback)} Loopback will show you all of the items that would have being queried via root.hints or other pfsense internals. Start with udp port 53 capture filter to look for DNS traffic.
• tcpdump pfsense at boot with WAN interface to look for extra ntp, dns, http, tls packets

Install

Installation from the PfSense CE ISO file can easily be done in these environments. Download the ISO from mirror (to avoid creatin

daemonhorn

Cloudflare WARP tunnel via Wireguard client

This example provides a simple configuration for a Debian client to have a Cloudflare tunnel while not installing the official Cloudflare WARP client. Note: Tunnel transport outbound to engage.cloudlflare.com on udp/2408 is default, with a dynamic listening udp port and a fwmark for packet matching by wireguard. Any applicable firewall rules may need to be adjusted.

• Top-level GitHub project to convert cloudflare endpoint to generic wireguard configuration file: https://github.com/ViRb3/wgcf

Install dependancies

sudo apt install openresolv wireguard-tools golang git

Get the latest client from Github and build using go

git clone https://github.com/ViRb3/wgcf.git

daemonhorn

Intro

This Quickstart receipe for Qemu assumes a recent FreeBSD release (stable/13 or newer), and provides an example configuration for running arm64 (aarch64) FreeBSD guest on an amd64 FreeBSD Host. Concepts can be applied to other architectures as desired, but syntax and capabilities will vary.

• Dependancies
• Getting Started
• Example Qemu guest startup script

Dependancies

• Install qemu pkg install qemu or pkg instal qemu-nox11. Latest pre-built package release as of this writeup is 8.1.0
• Sufficient disk space (50+GB) on a mounted FreeBSD Host disk (e.g.: /qemu-data in this example)

daemonhorn

FreeBSD Ports

Some random FreeBSD Ports information for future me

Configuration file: /etc/make.conf

• Add BATCH=YES to prevent questions and dialog4ports(1) from slowing you down.

Ports make targets from man ports(7)

• config to force a configuration display/choice (even if BATCH=YES has been defined)
• fetch and fetch-recursive to download the source packages if not cached
• install and reinstall to install and force-reinstall the port and register with package database
• deinstall to uninstall/remove the port and de-register from package database
• build-depends-list, run-depends-list, all-depends-list to just list the names of the dependancies

daemonhorn

import network
import time
from soldered_inkplate10 import Inkplate

ssid = "My_SSID"
password = "My_Pass"

# Function which connects to WiFi
# More info here: https://docs.micropython.org/en/latest/esp8266/tutorial/network_basics.html
def do_connect():