__________ .__ _________ \______ \____ ____ |__|__ ___ / _____/__________ ____ ____ | ___/ _ \ / \| \ \/ / \_____ \\____ \__ \ _/ ___\/ __ \ | | ( <_> ) | \ |> < / \ |_> > __ \\ \__\ ___/ |____| \____/|___| /__/__/\_ \ /\ /_______ / __(____ /\___ >___ > __________.____ ________ ________ \/|__| \/ \/ \/ \______ \ | \_____ \ / _____/ | | _/ | / | \/ \ ___ | | \ |___/ | \ \_\ \ |______ /_______ \_______ /\______ / \/ \/ \/ \/ Follow my sorry ass on Twitter @RainbowHacks Contact: Rainbow@ponix.space PGP:0x5F94763A Posts will always be first to last, as this is maintained in a single text file. Dat ASCII art bruh. Blog is maintained with an 80 character line-limit. Who needs a 4k display when you have 80 x 25? Whee! ___ __ ____ __ / _ \___ ___/ /_ / _/__ ___/ /____ __ / ___/ _ \(_-< __/ _/ // _ \/ _ / -_) \ / /_/ \___/___|__/ /___/_//_/\_,_/\__/_\_\ To find a specific post, you can use Ctl+F and type the post date. I'll try and keep this index up to date! Post 1: Do I look like I care? 08/10/2015 Post 2: Easy FreeBSD on a Linode 08/10/2015 Post 2: Addendum - GLish (Graphical Console) Post 3: Reformatting 08/11/2015 Post 4: Why I Moved to ZFS 08/12/2015 Post 5: BronyCAN 08/20/2015 Post 6: Windows Server (Linode) 09/17/2015 ___ __ ___ _ ___ ____ __ __ / _ \___ ___/ /_ < / (_) / _ \___ / _/ / /__ ___ / /__ / ___/ _ \(_-< __/ / / _ / // / _ \ _/ / / / _ \/ _ \/ '_/ /_/__ \___/___|__/ /_/_(_)_/____/\___/ /___/_/_/\___/\___/_/\_\ / / (_) /_____ / _/ / ___/__ _______/__ \ / /__/ / '_/ -_) _/ / / /__/ _ `/ __/ -_)__/ /____/_/_/\_\\__/ /___/ \___/\_,_/_/ \__(_) 08/10/2015 The title says it all. A blog? In plain text? No pretty pictures,no linkbacks/tweeting/sharing unless I want to actually copy and paste the URL? What is this, 1995? Yup. I'm all about the old-school hacker philosphy and mindset. One thing should do one thing well and do it right without to many bells and whistles, and puzzles are meant to be solved. I'm a hacker in the modern security sense as well, and that means fairly massive paranoia! Too much? Naw, certainly not once you're aware of the shit out there. There are so many terrible Blogging platforms out there, and they're all just awful. The joke in many circles is that Wordpress is wonderful.....if you need a good remote shell. A co-worker recently turned me onto a platform build on $FlavorOfTheMonth.js... Why would I install yet another buggy pile of waste that "front-end developers" go nuts over? This is my server. I don't pay for someone else to administer it. Security is MY problem. This means I want to obviously keep my attack surface as small as possible. So, no fancy buggy PHP, no $FlavorOfTheMonth.js Frameworks.... Just good old-fashioned plaintext. If you care enough to read what I say, you'll care enough to manually open the page once in a while to read it. ___ __ ___ _ ____ / _ \___ ___/ /_ |_ | (_) / __/__ ______ __ / ___/ _ \(_-< __/ / __/ _ / _// _ `(_-< // / /_/___\___/___|__/ /____/_(_)_/___/\_,_/___|_, / / __/______ ___ / _ )/ __/ _ \ /___/ / _// __/ -_) -_) _ |\ \/ // / /_/ /_/ \__/\__/____/___/____/ __ ___ ___ ___ _ / / (_)__ ___ ___/ /__ / _ \/ _ \ / _ `/ / /__/ / _ \/ _ \/ _ / -_) \___/_//_/ \_,_/ /____/_/_//_/\___/\_,_/\__/ 08/10/2015 Once again, a title that says exactly what the post is about. Holy crap, a pattern! No clickbait here folks, just mediocre writing with a mild penchant for the sarcastic and cynical. While I've got a packaged VM ready to go and am happy to clone it and transfer it to you, I decided a writeup of what exactly I did might be more helpful to the community as a whole! Important bits: Linode uses LISH, the Linode Shell, to provide a console for your Xen or KVM Linode. Lish is basically a serial console. This means that both your installation media and eventual installation must be aware of the serial console. Secondarily, we'll be using RAW disks. That means no resizing the disk later, no Linode Backup Service, etc. ZFS ZPools roughly solve the issue of "Oh crap I need more disk space" though! Step 1. Download the latest memstick.img or mini-memstick.img from: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/ Step 2. Mount said memstick.img In FreeBSD you can do this with #mdconfig -f $filename and then mount it where ever you like. Once you've done so, cd to the directory and run: echo 'console="comconsole"' > ./boot/loader.conf This will make our memstick serial-aware. I have provided a download of a serial-aware 10.1 memstick.img at the following link for anyone that is interested. http://cloudsdale.ponix.space/~rainbow/FreeBSD-10.1-RELEASE-amd64-memstick- SerialConsole.img Step 3. Create a RAW disk 800 Mb in size (or 300 if you're using the mini- memstick) Now boot your Linode in Rescue mode, and dd the image up! On your home computer: dd if=FreeBSD-memstick.img | ssh root@$IpAddress "dd of=/dev/sda" If you use my provided image, you can simply run the following command in Rescue Mode: curl http://cloudsdale.ponix.space/~rainbow/FreeBSD-10.1-RELEASE-amd64-memstick -SerialConsole.img | dd of=/dev/sda Step 4. Once this completes, shut your Linode down. Create a new Raw disk at your preferred size. Set up a configuration profile to boot the installer disk you just finished creating as /dev/sda and your new raw disk as /dev/sdb! Make sure to turn off ALL of the Linode helpers, they can't do anything for Raw disks. Step 5. Boot the installer. Run through it. I prefer to keep lib32 and src, and uncheck ports, docs, and games. You can always get a more up to date ports via #portsnap fetch extract later. Make sure you ONLY install to da1, not da0. da0 is your installation media. Ensure you turn on DHCP for IPv4 and SLAAC for IPv6. Step 6. *** IMPORTANT IMPORTANT IMPORTANT *** If you do not take this step LISH WILL NOT WORK. After pressing exit, you will be asked if you wish to chroot into your new system. CHOOSE YES! Upon doing so, edit /boot/loader.conf with vi and append console="comconsole" at the very end of the file. Make any other desired changes, and shut down with shutdown -p now. Step 7. Once the shutdown finishes, feel free to edit your configuration profile to only boot your main disk. BAM, you've got a FreeBSD Linode. Awwwwww yiss. Finished, you might look something like https://twitter.com/RainbowHacks/status/630833198545637377 If you're new to FreeBSD, I STRONGLY suggest reading the handbook: https://www.freebsd.org/doc/handbook/ That's all till next time. Feel free to email me with any comments for this post! If I don't hate you, I just might append them. ___ __ ___ ___ __ __ __ / _ \___ ___/ /_ |_ | ____ / _ |___/ /__/ /__ ___ ___/ /_ ____ _ / ___/ _ \(_-< __/ / __/ /___/ / __ / _ / _ / -_) _ \/ _ / // / ' \ /_/ \___/___|__/ /____/ /_/ |_\_,_/\_,_/\__/_//_/\_,_/\_,_/_/_/_/ 08/28/2013 Update: Linode has released GLish to Public Beta. GLish removes the requirement for the serial console modifications to the image. You can simply use the following command in Rescue Mode: curl ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/10.2/ FreeBSD-10.2-RELEASE-amd64-memstick.img | dd of=/dev/sda to set up your installation media. To use Lish AND Glish, modify your /boot/loader.conf to the following: boot_multicons="YES" boot_serial="YES" comconsole_speed="115200" console="comconsole,vidconsole" ___ __ ____ _ / _ \___ ___/ /_ |_ / (_) / ___/ _ \(_-< __/ _/_ < _ /_/___\___/___|__/ /____/ (_) __ __ _ / _ \___ / _/__ ______ _ ___ _/ /_/ /_(_)__ ___ _ / , _/ -_) _/ _ \/ __/ ' \/ _ `/ __/ __/ / _ \/ _ `/ /_/|_|\__/_/ \___/_/ /_/_/_/\_,_/\__/\__/_/_//_/\_, / /___/ 08/11/2015 Nothing to see here folks. Just reformatting the blog to wrap at 80 characters. ___ __ ____ _ _ ____ ____ / _ \___ ___/ /_ / / / (_) | | /| / / / __ __ / _/ / ___/ _ \(_-< __/ /_ _/ _ | |/ |/ / _ \/ // / _/ / /_/ \___/___|__/ /_/ (_) |__/|__/_//_/\_, / /___/ __ ___ __ __ ___/___/______ / |/ /__ _ _____ ___/ / / /____ /_ / / __/ __/ / /|_/ / _ \ |/ / -_) _ / / __/ _ \ / /_/ _/_\ \ /_/ /_/\___/___/\__/\_,_/ \__/\___/ /___/_/ /___/ 08/12/2015 Cloudsdale (the host this blog is on) got a shiny new update last night! (And I got to go through the hell of setting up a new box!) What update, you ask? I moved everything to ZFS! Now, for those of you who don't know, ZFS is a filesystem originally developed by Sun Microsystems, for their Solaris (SunOS) UNIX SysV OS! It has a number of security and usability features that make it far superior to most filesystems out there, including the dreaded ext2/3/4 pile of crap used by most Linux distributions. (Seriously, it's not 1996 anymore guys....) I personally chose ZFS for the security features. I back up regularly, so snapshots aren't as big a thing for me. As this server sits on a host that already has hardware RAID and SSDs in play, the Z-Raid and caching features also don't matter very much to me. I chose ZFS because of the ease of administration, ability to alter and create datasets on the fly, and the sheer number of configuration options available when creating datasets (like setting a homefolder noexec nosetuid without having to do crazy weird partitioning). The problems, however, began as soon as I decided to retire the first Cloudsdale. Installing non-Linux on a Linode is....suffice to say, a challenge indeed. The recommended method of installing was to install your OS within VirtualBox and dd the disk up...... yeah no. I have terrible internet and wasn't waiting 12 hours. I figured, why not try uploading installation media to a disk on a Linode and running it locally? That's just what I did! Problem? LISH, the Linode Shell (your Out-of-band access) accesses the serial console. While the BTX loader worked perfectly using Direct Disk boot, beyond that the installer just didn't work! The FreeBSD USB installer isn't serial-aware, as I detailed in Post 2: Easy FreeBSD on a Linode. Once I made the installer serial-aware, I was able to finish the installation as previously detailed. Once that was done, I ran into a whole host of new problems. None of them were unsolvable, however learning to use features of a filesystem on the fly is never fun. I'd never needed to use user quotas before, so figuring that out, as well as how to chain other properties and the appropriate syntax was fun! Protip: zfs create -o setuid=off -o exec=off -o quota=500M -o compress=lz4 \ zroot/home/USERNAME is a great way to quickly lock down a user's homefolder! After that, it was just the usual nightmare of figuring how to get crap off without unmounting the disk from the old server. A lot of configurations and files bounced through canterlot.local last night. Thank Celestia for vi and scp, amirite? Backing up said files along the way was just good process, and something I'd been needing to do anyway. It took a little while, but Cloudsdale is up again, and rocking out the ZFS! Keep an eye on this space, I'll be detailing getting a Solaris installation working on a Linode in the near future! ___ __ ____ _ ___ ________ _ __ / _ \___ ___/ /_ / __/ (_) / _ )_______ ___ __ __/ ___/ _ | / |/ / / ___/ _ \(_-< __/ /__ \ _ / _ / __/ _ \/ _ \/ // / /__/ __ |/ / /_/ \___/___|__/ /____/ (_) /____/_/ \___/_//_/\_, /\___/_/ |_/_/|_/ /___/ 08/20/2015 I'll be at BronyCAN in Vancouver all weekend! Come say hi! ___ __ ____ _ / _ \___ ___/ /_ / __/ (_) / ___/ _ \(_-< __/ / _ \ _ /_/ \___/___|__/ \___/ (_) ____ | | /| / (_)__ ___/ /__ _ _____ / __/__ _____ _____ ____ | |/ |/ / / _ \/ _ / _ \ |/|/ (_-< _\ \/ -_) __/ |/ / -_) __/ |__/|__/_/_//_/\_,_/\___/__,__/___/ /___/\__/_/ |___/\__/_/ _/_/ / (_)__ ___ ___/ /__ | | / // /__/ / _ \/ _ \/ _ / -_)/ / / //____/_/_//_/\___/\_,_/\__//_/ |_| /_/ 09/17/2015 Part 2 of my series of weird OS posts on Linode! Now that GLish is a thing, we can do graphical installs. My Long Promised Solaris guide is coming soon, but first I figured let's get Windows Server running! To start, we'll need a Windows Server installer image, and a KVM Linode set up with 1 large disk for the OS. Create the configuration profile, choose full virtualization, and disable ALL the helpers. You know the drill. Due to the lack of reliable methods to create bootable Windows Server .IMGs, go ahead and install Windows Server in virtualbox. Leave SLAAC and DHCP enabled Once you've installed it, boot into a Linux distro like Finnix or RIP in virtualbox, and dd up the installed disk. This will take a while, and is not the ideal method for installing via KVM, but is the only option unless you have a bootable Windows Installer USB img. As Windows is a non-free non-open OS, I can not and WILL NOT provide you with an image. Once the upload has finished, boot! Paravirtualization mode should work if you installed the requisite drivers. You can get a download link to the VirtIO drivers here: https://fedoraproject.org/wiki/Windows_Virtio_Drivers If not, full virt all the way! Now that you're done, look in the mirror and realize what you've just done. Cry and apologize to Dennis Ritchie and Ken Thompson.