I run an OpenBSD instance with encrypted root on Vultr VPS since v6.2. It has never been reinstalled. I only used the OpenBSD native upgrade methods. Using 6.5, I used sysupgrade(8). And it went as smooth as expected. Continue reading “(sys)Upgrade encrypted OpenBSD 6.5 to 6.6 on Vultr hosting”
The other day, I stumbled upon NomadBSD ; a live system for USB drives. I don’t use FreeBSD… but I liked to look of that “(…) desktop system that works out of the box (…)”. So I decided to give a little make up to my already-running-out-of-the-box OpenBSD.
When for some reasons, the Let’s Encrypt certificate has not be renewed on your Synology and those bloody stupid Web browsers won’t let you connect to the DSM for “Security Reasons”, you can still count on SSH to solve the problem. Simply run:
# /usr/syno/sbin/syno-letsencrypt renew-all
Where there’s shell, there’s a way.
I own a server at Online.net which now runs VMware ESXi free edition. The thing is VMs have to access the Wild Wild Web and provide public services while still being protected. So let’s configure OpenBSD to do so. Continue reading “Protect the ESXi virtual machines with OpenBSD”
My ESXi is provided by Online.net and accessible from Internet. Reading the VMware documentation, one can see:
ESXi includes a firewall that is enabled by default.
At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for services that are enabled in the host’s security profile.
But the default security profile is way too loose! So here’s how to harden it a bit.