CA Trust in FreeBSD

These are my notes on managing Trust in FreeBSD.

Predestined search paths for Trusted CA:

/etc/ssl/cert.pem
/usr/local/etc/ssl/cert.pem

If the certificate can’t be found, fall back to OpenSSL’s default location.

And when it comes to your web-browser, fear not for certutil allows you to manage the nssdb:


CA_TRUSTED_CERT=~/MY-CA-CERT
certutil -d sql:$HOME/.pki/nssdb -A -t "CP,,CP" -n basename ${CA_TRUSTED_CERT} -i ${CA_TRUSTED_CERT}.pem

Converting p7b Files and Certificate Chains to PEM files: (common with MSAD CA)

View certificate contents:

openssl -pkcs7 -print_certs -in cert.p7b -inform der -text

Convert Certificate:

openssl -pkcs7 -printcerts -in cert.p7b -inform der -out cert.pem

Sizing your Internet/WAN Edge

The internet is getting faster and faster. I now have Gigabit Fiber delivered to within a foot of my home router. The carrier then is kind enough to provide a smart jack that converts the fiber delivery to a Gigabit Copper handoff.

More bandwidth is better right? Well kinda… Unfortunately, I hadn’t planned on one thing I am now much more vulnerable to denial of service attacks. Why is this an issue? Whats an engineer to do? Read on.. Continue reading

Cisco Auto-Provisioning Lab

So I have had need to quickly build a provisioning server for a lab to auto provision devices as they come online. This is the basic steps to accommodate this. Note there are far more complex and secure methods to utilizing something similar in production. Feel free to use this as a learning tool, but understand in a production environment, this is not recommended as critical pieces of information would be sent in clear text.

Continue reading

fully dynamic fluxbox menu

I needed the ability to generate a menu dynamically in Fluxbox for various things that change on a regular basis.

Unfortunately, there doesn’t appear to be a facility built into fluxbox to allow for this. So I spent some time and built a partially dynamic menu that updates with the click of an ‘update’ menu item at the root menu.

I was trying to come up with a good way for the menu to update on the fly. Since fluxbox simply reads a menu file (when you use the [include] function) I needed a file that when read, it returns a dynamic response and begins the process again. It’s not completely in time, but it at least refreshes on the fly. So what is a file that provides these properties?

Continue reading

Execution Performance, Linguistics, Totalitarian Elitism, and of course Python: Language as a construct of action

I’m an elitist in the worst way sometimes, so this is probably the pot calling the kettle black. But I simply want to pose a question, that no doubt will spark great debate among a very divided culture:

Why does the coding style we use to imply organization of the characters in the document representing code need to be so explicitly tied to the keywords, syntax, semantics, operators, closure, and the most important part… the resulting libraries that make up the development environment we seek to develop within?

It’s always the same argument Braces and Semi’s versus Linguistic command flow.

Continue reading

Debian 7 Wheezy Installation in FreeBSD 10 Jail

I decided to collapse the multiple systems I have running various flavours of Linux and BSD into a  single system. For a long time I had been using Windows Small Business Server. Well I don’t really want to spend the money to upgrade to 2016 and since it appears Microsoft has abandoned its purist Unix roots by trading the tight and tidy SFU (Interix) for the wildly fat Ubuntu and a Linux ABI. In the advent of this change, I figured I would flip back to FreeBSD, which in my not-so-humble opinion is still the closest thing to Unix you can get. In fact, it actually derives its original sources from none other than Research UNIX, and while it’s wildly more advanced, the distribution holds it’s origin close to it’s heart.

Either way, the task: Support the ever growing number of ‘Appliance’ installs on top of FreeBSD. In this first iteration I have found several guides and worked through getting Debian 7 functional in a FreeBSD 10-STABLE Jail. No guarantees on stability, but I’ll update this if I come across any oddities. This task was performed on FreeBSD 10.3.

Continue reading

Negative Overflow of 4-byte AS in Solarwinds Orion Output

4-byte (32-bit) BGP Neighbor Information with AsDotNotation

A problem currently exists within Solarwinds where 4-byte (32-bit) ASNs overflow into a negative number when utilizing a portion of the private scoped ASN space specifically, the ranges 2,147,483,648 (32768.0) through 4,294,967,296 (65535.65535) overflow into -2,147,483,648 through -1 respectively.

To show the correct data, we created a custom table utilizing the following WSQL to generate the correct information. See past the snippet for an explanation as to how and why this works.

Continue reading