Saturday, November 25, 2006

nessus ko ga ada ?

baru kali ini nyoba nessus online :p dulu cuman coba di localhost, udah bedabange euy
liat liat beberapa plugin, ada tuh yang OS specified, liat liat ada yang buat linux distro fedora,centos, FreeBSD ampe AIX segala juga ada, tapi yang agak anaeh kok ga ada
OpenBSD .... why ?? :D guest what ?
Posted by at No comments:
Labels: ,

Thursday, November 02, 2006

my first 4.0 OpenBSD

OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) D CPU 2.66GHz ("GenuineIntel" 686-class) 2.66 GHz
real mem = 534540288 (522012K)
avail mem = 479662080 (468420K)
using 4256 buffers containing 26828800 bytes (26200K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 05/04/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfba60 (65 entries)
bios0: Intel Corporation D865GSA
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xa400!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02: aperture at 0xf0000000, size 0x8000000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2
pci1 at ppb0 bus 1
rl0 at pci1 dev 3 function 0 "Realtek 8139" rev 0x10: irq 5, address 00:16:76:94:9d:b2
rlphy0 at rl0 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 1 drive 0:
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: irq 9
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: irq 9, ICH5 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0)
audio0 at auich0
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask ff4d netmask ff6d ttymask ffef
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Posted by at 1 comment:
Labels: ,

Wednesday, November 01, 2006

0 0 * */6 * donload OpenBSD



Inilah rutinitas yang harus dilakukan tiap 6 bulan sekali, sungguh menyenangkan
Posted by at No comments:
Labels: ,

Wednesday, August 02, 2006

dovecot di openbsd

dovocot chroot, di postfix+postfixadmin, virtual domain, dengan database mysql, scheme bawaan dari postfixadmin. POP dan imap di listenkan di port 11000 dan 14300, untuk imap, gw pake imapproxy, listen di 143, trus di konekin ke imap yg asli di 14300, sedangkan untuk pop, gw pake redirect pf.

ni konfigurasinya :

imapproxy.conf

server_hostname 127.0.0.1
cache_size 4272
listen_port 143
listen_address 127.0.0.1
server_port 14300
cache_expiration_time 300
proc_username nobody
proc_groupname nobody
stat_filename /var/run/pimpstats
protocol_log_filename /var/log/imapproxy_protocol.log
syslog_facility LOG_MAIL
syslog_prioritymask LOG_WARNING
send_tcp_keepalives no
enable_select_cache no
foreground_mode no
force_tls no

pf.conf :

rdr on re0 proto tcp from any to re0 port 110 -> 127.0.0.1 port 11000
rdr on re0 proto tcp from any to re0 port 143 -> 127.0.0.1 port 143

#re0 -> public interface#

dovecot.conf :

base_dir = /var/dovecot/
protocols = imap pop3
protocol imap {
listen = 127.0.0.1:14300
}
protocol pop3 {
listen = 127.0.0.1:11000
}

ssl_disable = yes
disable_plaintext_auth = no
login_dir = /var/dovecot/login
login_chroot = yes
login_user = _dovecot
login_greeting = Mail Server Ready to use :) .
default_mail_env = maildir:/home/virtual/%d/%n
mmap_no_write = yes

protocol imap {
login_executable = /usr/local/libexec/dovecot/imap-login
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
}

protocol pop3 {
login_executable = /usr/local/libexec/dovecot/pop3-login
mail_executable = /usr/local/libexec/dovecot/pop3
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

auth_executable = /usr/local/libexec/dovecot/dovecot-auth

auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot.sql.conf
}
userdb sql {
args = /etc/dovecot.sql.conf
}
user = root
}

dovecot.sql.conf :

driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=password
default_pass_scheme = PLAIN
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir,1000 as uid,1000 as gid FROM mailbox WHERE username = '%u'
Posted by at No comments:
Labels:

Friday, June 30, 2006

Apache config, limiting some file type access on OpenBSD

Dissallow *.inc *.class from anywhere


<VirtualHost <server_ip>>
  ServerAdmin myname@mydomain
  DocumentRoot /var/www/htdocs/mydir
  ServerName myserver
  ErrorLog logs/error_log
  TransferLog logs/access_log
  <Directory "/var/www/htdocs/mydir">
    Satisfy All
    Order deny,allow
    Deny from all
    Allow from <trusted_ip>
    AuthType Basic
    AuthUserFile /var/www/htdocs/mydir/.htpasswd
    AuthName Auth_Here
    require valid-user
    <Files ~ "\.(inc|class)$*">
      Deny from all
    </Files>
  </Directory>
</VirtualHost>
Posted by at No comments:
Labels: ,

cacti squid snmp on OpenBSD

on squid server

copy squid mib to snmp dir
#cp squid-x.x.xx/src/mib.txt /usr/local/share/snmp/mibs/SQUID-MIB.txt

in squid.conf

acl snmp src 127.0.0.0/8
acl snmppublic snmp_community myconfig
snmp_port 3401
snmp_access allow snmppublic snmp

#squid -k reconfigure

in snmpd.conf
proxy -v 1 -c mycommunity localhost:3401 .1.3.6.1.4.1.3495.1

#kill -9

re-run snmpd
#snmpd

trap testing
#snmpwalk -v 1 -c mycommunity localhost:3401 .1.3.6.1.4.1.3495.1

got some thing like this :
SNMPv2-SMI::enterprises.3495.1.1.1.0 = INTEGER: 6148
SNMPv2-SMI::enterprises.3495.1.1.2.0 = INTEGER: 2154718
SNMPv2-SMI::enterprises.3495.1.1.3.0 = Timeticks: (6303804) 17:30:38.04
...
...
...


on cacti server

donwload and install this, see README for detail :
http://forums.cacti.net/download.php?id=79

create device, and test using verbose query :), (sorry it's jumping step :D)
Posted by at No comments:
Labels: ,

Thursday, June 29, 2006

sarg on OpenBSD

dulu pas install sarg ver 2.1 harus ngelakuin kayak gini dulu

diff index.c~ index.c
372c372
< sprintf(warea,"sort -t';' +6.5n +6.2M +6.0n '%s' -o '%s'", wdir_tmp, wdir_tmp2);
---
> sprintf(warea,"sort -t';' +6.5n +6.2 +6.0n '%s' -o '%s'", wdir_tmp, wdir_tmp2);
374c374
< sprintf(warea,"sort -t';' +6.5nr +6.2Mr +6.0nr '%s' -o '%s'", wdir_tmp, wdir_tmp2);
---
> sprintf(warea,"sort -t';' +6.5nr +6.2r +6.0nr '%s' -o '%s'", wdir_tmp, wdir_tmp2);

tapi baru aja install ver 2.2.1 langsung bisa :)
Posted by at No comments:
Labels: ,

squid delay pools di OpenBSD manis juga

#####DELAY POOLS
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.org

#We don't want to limit downloads on our local network
acl magic_words1 url_regex -i 192.168

#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwidth

#We have two different delay_pools
delay_pools 2

#First delay pool
#W don't want to delay our local traffic
#There are three pool classes; here we will deal only with the second
delay_class 1 2

#-1/-1 mean that there are no limits
delay_parameters 1 -1/-1 -1/-1

#magic_words1: 192.168
delay_access 1 allow magic_words1

#Second delay pool
#we want to delay downloading files mentioned in magic_words2
delay_class 2 2

#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s

delay_parameters 2 5000/150000 5000/120000
delay_access 2 allow magic_words2
Posted by at No comments:
Labels: ,

Friday, June 23, 2006

my uptime

iseng-iseng liat uptime komputer desktop yang tak pake :

arip@skimpi:~$ uptime
17:47:54 up 13 days, 11 min, 4 users, load average: 0.06, 0.11, 0.15
arip@skimpi:~$

udah 13 hari ga mati :p
Posted by at No comments:
Labels: ,

Wednesday, June 14, 2006

PHP array_search() ... notice

Coba-coba kok ada yang aneh di array_search, gak bisa search first array element, ternyata harus ada perlakuan khusus.

if ( FALSE === array_search($qname,$this->qname_array) ) {
echo "Sorry, your queue name is suck :D";
exit;
}
Posted by at No comments:
Labels: ,

Thursday, June 01, 2006

PF rate

Udah lama nggak mainan PF, setelah baca-baca and nyoba, HFSC nya pf top abis, kemaren nyoba limit koneksi 16kbps, share 2 point, 8kbps each. Selama ini blom pernah nyoba gimana tuh pake 'rate', setelah dicoba, ck ck ck ... keren, 1KBps bisa didapet tiap share point. Trus ini yang jadi masalah selama ini, software HFSC klo dihajar software kayak `massdownloader` tu gimana, selama ini asumsi gw, HFSC kalah/menceng :D, tapi pas liat kemaren waktu pake rate ... massdownloadernya KO tetep ke limit total 1KBps ... coool, selanjutnya .... max connection limiting (nik ra males :D)
Posted by at No comments:
Labels: ,

Monday, May 01, 2006

1 mei



emm tanggal 1 mei, tadi pas liat tv ktanya hari ini disebut may day, banyak orang demo :p, tapi ada yang seru juga di tanggal 1 mei, OpenBSD 3.9 release :D setelah nunggu semingguan akhirnya semua paket base 3.9 sudah ada di ftp ftp mirror nya OpenBSD. Yup sekarang waktunya donload.

Ada yang seru ni, biasanya gw pake mirror ftp://muk.kd85.com, tadi langsung iseng aja main wget mirror package ... eh ternyata di site ini blom lengkap package-nya, tadi liat terakhir baru di-upload sampe package yang huruf "i" eeh beberapa menit kemudian gw refresh udah sampe "j" ... wah wah baru pertama kejadian nih, biasanya beberapa hari setelah release OpenBSD baru gw baru donload, tapi hari ini ( 1 mei ) kyaknya kecepeten deh downloadnya :D
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)