May 2, 2016

OpenBSD: After install


Connect to everything but block all incoming traffic

pyrrha# cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
# See pf.conf(5) and /etc/examples/pf.conf

# This was default
#set skip on lo
#block return # block stateless traffic
#pass # establish keep-state

# This is my pf.conf
pass from self to any
#a. Rule 1 blocks all traffic.
#b. Rule 2 passes all traffic originating on the laptop, going anywhere.

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010


First, make sure you belong to the class (not group) staff:

# user mod -L staff pau

Then give a bit more of RAM to programs

# Staff have fewer restrictions and can login even when nologins are set.

Secure screen after suspending

Use xdm: Since you do not want to leave a terminal open, do not start X with startx. This would leave open that terminal and launch X on another one. Since you are using xdm, you need a .xsession file instead of a .xinitrc. My .xsession file looks like

xmodmap -e "keycode 22 = BackSpace BackSpace BackSpace BackSpace BackSpace BackSpace"
pkill xidle
xidle -delay 5 -sw -program "/usr/X11R6/bin/xlock -mode blank" -timeout 90 &
exec cwm

The first line cancels the function Zap of X, which means that nobody can interrupt your X session by pressing CTRL+Alt+Backspace. xidle is necessary to launch the screensaver via xlock

Create /etc/apm/suspend and make it executable:

$ cat /etc/apm/suspend
pkill -USR1 xidle

Make sure apm is running everytime after boot. If it is not, while your laptop will suspend, the script suspend will not be executed, and the screen will not be locked. To test if apmd is running, type zzz from the terminal. A message like zzz: cannot connect to apmd: No such file or directory Will tell you that your apmd is NOT running.

To have apmd run after boot, add a flag to rc.conf.local:

$ cat /etc/rc.conf.local
pkg_scripts="dbus_daemon avahi_daemon"
mixerctl inputs.spkr.mute=on

Get to use skype messenger on your browser: Override user agend ID

I dislike skype very much. Unfortunately many of my collaborators are using it and I cannot stop talking to them and quite collaborations because I do not like a piece of software.

My fix for this, since fortunately OpenBSD is not accepting blobs, is to use the web interface with firefox to chat with my collaborators and friends and then use my smartphone to make calls.

For this, we have to make think that we are using an evil OS:

Point your browser to about:config, right click, New -> String

Enter general.useragent.override and then add e.g.

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

An alternative is to install an addon for chrome or firefox, such as User-Agent-Switcher. I have found that picking up “Opera for windows” gives the best results.

Customize xdm

You can for instance change the background by adding an image and using qiv. For this, make a directory to store background images, e.g. /usr/local/share/backgrounds/pau and add images there. Then

# vim /etc/X11/xdm/Xsetup_0

And change the console line to

#xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed -exitOnFail
/usr/local/bin/qiv -zr /usr/local/share/backgrounds/pau/*