OpenBSD in a simple way

SEJARAH

DI awali dari pencabangan proyek NetBSD . Theo de Raadt adalah orang yang memulai dan menajdi leader serta founder pada proyek OpenBSD ini. Release pertama di keluarkan pada 18 oktober 1995 yaitu 1.1/CVS.

MENGAPA MEMILIH MENGGUNAKAN OPENBSD

INOVASI OPENBSD

Software dan ide ide dari developer tertata rapi dan termaintain  oleh tim OpenBSD project  : http://www.openbsd.org/innovations.html

OPENBSD VERSION NUMBERS / PENOMORAN RILIS OPENBSD

  • Siklus rilis 2 x dalam  setahun , 6 bulan sekali.
  • Dengan penambahan 0,1 untuk setiap rilis terbaru

OPENBSD’S FLAVORS

  • -release, shipped every six months
  • -stable, release, plus patches (support for 6.4 & 6.5)
  • -current, development branch

CVS REPOSITORY

Choose your repository at: http://www.openbsd.org/anoncvs.html

CVSWEB

CVSweb is a WWW interface for CVS repositories with which you can browse a file hierarchy on your browser to view each file’s revision history in a very handy manner: http://cvsweb.openbsd.org

MANUAL PAGES

Or view it on your browser at: http://man.openbsd.org

INSTALASI

Really simple, ready in 5 minutes (KISS). A response file is emailed to the root user on next boot.

More information: http://www.openbsd.org/faq/faq4.html

AUTO-INSTALL

Use autoinstall(8) or you can try upobsd package for a full unattended install/upgrade process.

NETWORKING FILES

/etc/myname Default hostname
/etc/mygate Default gateway
/etc/hosts Known hosts on the network
/etc/resolv.conf Resolver (DNS)
/etc/hostname.if Configuration for each network interface, for example: /etc/hostname.bge0

Read: myname(5)hostname.if(5)resolv.conf(5)hosts(5)

NETWORKING


# Display the current configuration of network interfaces
ifconfig

# Set DHCP for 'em0' interface, on the fly
dhclient em0

# Perform network (re)initialisation
sh /etc/netstart

NETWORKING (SET AT STARTUP)

Contoh 1: konfigurasi static IP untuk em0


## file: /etc/hostname.em0
inet 192.168.0.58 255.255.255.0

Restart servicenetwork  sh /etc/netstart em0

Contoh 2: konfigurasi DCHP untuk bge0


## file: /etc/hostname.bge0
dhcp

Restart service sh /etc/netstart bge0 

Contoh 3: konfigurasi wireless


# First, see a list of available wireless networks: 
ifconfig iwn0 scan


## file: /etc/hostname.iwn0
nwid NAMA_ACCESS_POINT wpakey THE_SECRET_KEY
dhcp

# Or, for multiple access points
join AT_HOME wpakey THE_SECRET_KEY
join AT_WORK wpakey THE_SECRETKEY
dhcp

Restart service sh /etc/netstart iwn0

ROUTING


# Show the routing table (ipv4)
route -n show -inet

# Show the routing table (ipv6)
route -n show -inet6

# Delete all gateway entries from the routing table
route -n flush

CONTOH RULES PF


## file: /etc/pf.conf
# Proteksi server / laptop(hanya membolehkan ping / ssh dari 0.0.0.0)

set skip on lo
set fingerprints "/dev/null"
block log all
pass in on egress inet proto icmp all icmp-type echoreq
pass in on egress inet proto tcp from any to any port ssh
pass out

Read: pf.conf(5)

PF (PACKET FILTER)

(Useful commands)


# Disable PF
pfctl -d

# Enable PF and load the rules
pfctl -ef /etc/pf.conf

# Just load the rules (apply changes)
pfctl -f /etc/pf.conf

# View the loaded rules
pfctl -s rules

Read: pfctl(8)

Simple bukan , masih ada beberapa kemudahan berikut nya yang akan saya sambung pada artikel selanjutnya.

Leave a Reply

Your email address will not be published. Required fields are marked *