Posts tagged "OpenBSD":

05 Feb 2022

Automate OpenBSD anonymous public wifi log in

Security is somewhat cat and mouse game. This does not mean however you be careless or just live with what you are handed to when it comes to protecting yourself from ill-intentioned actors out in the wild. Generally, I recommend choosing security over convenience, speed or shiny features for your offline and online computing needs. To start with, you are much better protected if you start using secure defaults of the system you are using. For example, Firefox has HTTPS-Only Mode that you can enable especially if you find yourself using public wifi. If you happen to use OpenBSD, you are in a treat :). Below bash script will allow you to log in to public wifi using random MAC addresses each time you connect to it: NOTE: iwm0 is the wireless card name on my laptop and you need to replace it with yours.

#!/usr/bin/env bash

ssid="$1"
pass="$2"
doas ifconfig iwm0 up
sleep 3
echo Wireless card is up

if [[ -z "$pass" ]]; then
    doas ifconfig iwm0 nwid "$ssid" lladdr random
    echo Joining public $ssid
else
    doas ifconfig iwm0 nwid "$ssid" wpakey "$pass"
    echo Joining private $ssid
fi

sleep 3

doas dhcpleasectl iwm0

echo Renewing inet address
sleep 3

echo Visiting google.com to test connection
proxy=$(curl -s -L -I -o /dev/null -w '%{url_effective}' google.com)

firefox $proxy

29 Jan 2022

OpenBSD 7 Xfce Desktop

I blogged previously about why one should use OpenBSD and this time I would like to document steps to have a fully working Xfce Desktop with default installation. My goal is to keep the changes minimal only to absolutely required steps, nothing more nothing less. If you find steps missing (or did not work as expected) or not necessary, please drop me a line via k tuman at acm dot org so I can address and update this blog if needed.

Download the img and make USB boot disk:

curl -O https://cdn.openbsd.org/pub/OpenBSD/7.0/amd64/install70.img
sudo dd if=~/Downloads/install70.img of=/path/to/usb

Boot from USB disk. Press I and hit enter when you see the `Welcome to the OpenBSD/amd64 7.0 installation program.` and follow the prompt. It is pretty straightforward. Once it is done, just reboot, which will automatically downloads and installs needed firmwares for your laptop. --NOTE:– You can select whole disk and auto layout if you are not sure. Using wired connection for network interface is highly recommended.

Once you login, switch to root account, add needed packages and needed configs like this:

su  ## prompts for root password
pkg_add xfce xfce-extras ## install xfce desktop
sed -i 's/xconsole/#xconsole/' /etc/X11/xenodm/Xsetup_0 # no xconcole
usermod -G operator <user name> # so you can use xfce to log out, reboot etc
usermod -G wheel <user name> # so you can use doas
echo "permit persist :wheel" >> /etc/doas.conf # doas = sudo
rcctl enable messagebus ## enable dbus
rcctl start messagebus ## start dbus
rcctl enable apmd ## enable power daemon
rcctl start apmd  ## start power daemon
exit # switch to your user account
echo "exec startxfce4" > ~/.xsession ## auto launchs xfce4 desktop
doas reboot ## restart to have a xfce default desktop

Bonus Tips and Tricks

Your wifi most likely will just work. In case if you get unlucky, here is how you can get it working:

doas ifconfig # lists all supported interfaces
doas fw_update # to install missing driver for your card
dmesg | grep pci | grep <wifi card model> # report if not supported
doas ifconfig # again to check if your card listed
doas ifconfig join <Wifi name> wpakey <password> # to join your wifi
# Run following 2 lines if you want to auto join your wifi:
doas echo "join wifiname wpakey password" >> /etc/hostname.<wificardname>
doas echo "dhcp" >> /etc/hostname.<wificardname>
doas sh /etc/netstart # to restart the network
ping openbsd.org # to test your network

While default Xfce4 desktop is fully functional out of the box, I recommend following packages:
```
doas pkg_add xfce4-power-manager xfce4-whiskermenu
ln -s -f yourloginpics ~/.face # profile in whiskermenu and in lock screen
```
Add them to the panel and tweak them to your liking. One setting I highly recommend enabling following in `Window Manager Tweaks`:
- [✓] Hide title of windows when maximized

15 Feb 2020

OpenBSD laptop for the paranoid

Disclaimer: This is not a post about UNIX variants flame war. It is not my intention to recruit OpenBSD converts either as no one has influenced me to switch to it after 10 years of distro hopping. The main reasons I am using OpenBSD as my daily driver on both of my laptops (Thinkpad X220 and XPS 13 9365) are: Security, Stability, and Frugality.

Security

I am software generalist who knows enough about system (OS,Network and Application) security to be paranoid not just about online systems, which is far from enough to keep ourselves secure, but also on-prem system such as Operating Systems we all rely on for keeping us safe. While Linux could be made as secure as OpenBSD after much tinkering and tweaking, OpenBSD is more secure by default installation. Following quote from https://www.openbsd.org/ is very telling:

Only two remote holes in the default install, in a heck of a long time!

That quote is for what OpenBSD team calls base file set that includes the kernel and base system. Security is the utmost priority for packages being included in the port tree as well. For example, Chromium comes with `–enable-unveil` support, which means that it can only access `~/Downloads` folder to mitigate the attack surface if your browser ever gets hijacked.

Stability

OpenBSD favors stability over new features. Once installed and configured to your liking, it just stays out of your way allowing you focus on your task at hand. You will not see nagging notifications demanding you to click on installing updates. You can just setup a cron to run `syspatch` to bring in security fixes whenever and however you like. Releases are scheduled for every 6 months in a predictable way so you are in control to plan it ahead. I am running 6.6 release and following errata proves my point: https://www.openbsd.org/errata66.html

Frugality

Wikipedia has the best definition for this and I believe it genuinely applies to the Philosophy of OpenBSD project. `Less is more` is a pretty well known Unix tradition and the command `less` (which is a replacement of early UNIX command `more`) is seen in every UNIX variants. OpenBSD is not the most user friendly Unix out there not even among BSD flavors. It is targeted towards security and resource savvy power users who wants have control over every piece of software running on their system. Every line of code is audited for frugality and not needed code is removed. Development is not driven by any cooperate or financial interest as apposed to the Operating System development from big Corporations such as Microsoft, Apple and Google. You can use your old hardware as long as it meets your needs and will not find yourself at the mercy of them nagging you upgrade your hardware let alone your system so often.

All in all, it gives you a piece of mind compared to any OS out there when it comes to knowing you are safe by default. If you would like to know more about why OpenBSD, you can visit this site for technical details: https://why-openbsd.rocks/fact/

I am currently running OpenBSD 6.6 on Thinkpad X220 (everything work out of the box) and Dell XPS 13 2 in 1 9365 (all works except for suspend - same as some leading Linux distros). The installation process is not that complicated (mostly you just except the default prompt by hitting enter) but does need some config to make it to your liking. I might blog about the installation process and list my configs for `X` and `cwm` in the future.