tcpwrappers replacement

tcpwrappers moved out from OpenBSD 5.6, which can be implemented similarly by AllowUsers in sshd_config to restrict users and ip range.

Compile Wireshark on OpenBSD

Wireshark (older version, say 1.0.0) can be compiled on OpenBSD (--with-krb5=no) following this article: http://cromwell-intl.com/linux/compiling-wireshark-on-openbsd.html .

OpenBSD upgrade with firmware

upgrading with bsd.rd can utilize firmware installed previously! then fw_update will download proper updates after system upgrade.

HiR's Secure OpenBSD, Apache, MySQL and PHP Guide

Install php-mysql and mysql-server. This will install all necessary dependencies, including php, libiconv and several perl modules needed by the MySQL scripts.

$ sudo pkg_add php-mysql mysql-server
Ambiguous: choose package for php-mysql
 a       0: 
         1: php-mysql-5.2.17p16
         2: php-mysql-5.3.27
Your choice: 2
Ambiguous: choose dependency for php-mysql-5.3.27: 
 a       0: php-5.3.27
         1: php-5.3.27-ap2
Your choice: 0

REF: http://www.h-i-r.net/p/hirs-secure-openbsd-apache-mysql-and.html

Match Address for root login

# vi /etc/ssh/sshd_config
Match Address 127.0.0.1
 PermitRootLogin yes

REF: http://blog.dhampir.no/content/ssh-how-to-permit-root-login-only-from-local-network-ip

install m:tier thin client

0) Download the thin client python code:

http://www.mtier.org/products/thin-client/

1) install from pkg_add: gtk+3 , python3.

2) install from src: pycairo, pygobject .

PYTHON=python3.2 ./configure

(http://stackoverflow.com/questions/7065310/how-to-install-pygobject-with-python-3-support)

Makefile err may need to be corrected manually.

3) modify /etc/X11/xinit/xinitrc for startx automatically.

p.s. *.pc files for pkg-config  need to be linked to /usr/lib/pkg-config .

(http://people.freedesktop.org/~dbn/pkg-config-guide.html)

snmpd setup (renewed)

1) edit /etc/snmpd.conf and modify listen_addr
2) enable snmpd in /etc/rc.conf on startup
3) apply access control via /etc/pf.conf