DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 4th December 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by Entropic View Post
... it seems provisioning isn't necessary for my em0 ethernet (and thus internet) to work.. right?
No. During boot, rc(8) executes netstart(8) which provisions NICs from hostname.if(5) files. Without a provisioning file, a NIC will not be provisioned automatically on boot. Otherwise, the admin must manually issue ifconfig(8) commands to configure network connections.

During installation, the install script asks the admin which physical NICs to provision and creates these hostname.if(5) files.
Quote:
If by "correct" you mean the hostname.tun0 shows up in an ls command...
I meant that the contents were confirmed correct. Use a pager such as less(1), an editor such as vi(1), or a cat(1) command to display the contents of the file and confirm it contains no mistakes.
Quote:
To re-ask: is my "appending" (see previous post) at the top of the hostname.tun0 file "correct".. Still waiting on a response to this if anyone can help..
Your asking me to explain terminology used by the author of an unassociated, third-party web page. I believe -- without any actual knowledge -- that the use of the word "append" is unintentional, and that the author meant to use the word "create". But for clarity, you should reach out to the author directly. I can see that the website supports comments, where you might be able to reach out and obtain needed clarity about their published content.
Quote:
Why for example, would a prompt for authentication be of concern here? You seem to relate it to netstart not being interactive, but as I demonstrated above, it seems netstart isn't involved or necessary for my internet connection (em0) to work.. yet alone for OpenVPN...
It absolutely is a concern. The netstart(8) utility is not intended to support interaction. The second line of your hostname.tun0 file executes a command which (as configured) prompts for interactive input. I can be wrong, of course, but I don't believe it should.
Quote:
What I have noticed since creating the hostname.tun0 file in /etc/openvpn is that when I start my OpenBSD system, it no longer goes straight through to the x-window login screen with the blowfish pic. Instead it prompts me beforehand, in terminal, for the user authentication and pw. I assume this is the openvpn daemon starting up at startup?
Probably. But I cannot tell you if your responses are captured by the program or not.
Quote:
Either way, when I enter the details (user and pass), and go through and login normally at the main login screen, a "ifconfig tun0" reveals "down" still for my openvpn connection, and thats in spite of having working internet otherwise.
How is em0 provisioned, if you do not have a hostname.em0 file in /etc?
Quote:
I tried $ pgreg -lf openvpn and it says pgreg is not known in ksh..
As noted, you had a typo. The pgrep(1) command is a process finder, named after the many "grep" utilities that parse regular expressions.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Vlan setup Crypt OpenBSD Security 6 13th August 2020 01:25 AM
Your OpenBSD shell setup hanzer OpenBSD General 11 23rd October 2017 09:35 PM
OpenBSD Multiple VPN Setup Dr-D OpenBSD Security 10 7th April 2014 10:50 AM
OpenBSD VPN Setup Dr-D OpenBSD Security 2 4th April 2014 01:23 PM
how setup arpwatch for OpenBSD mfaridi OpenBSD Packages and Ports 1 11th December 2008 05:22 PM


All times are GMT. The time now is 12:34 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick