lattera

mkdir /tmp/update

#update the host
hbsd-update -t /tmp/update -T

#update the jail
hbsd-update -t /tmp/update -DT -r /usr/jails/jail-01
hbsd-update -t /tmp/update -DT -r /usr/jails/jail-02

lattera

Delivered-To: shawn.webb@hardenedbsd.org
Received: by 2002:a05:6e04:81d:0:0:0:0 with SMTP id m29csp2761731imz;
        Sat, 24 Apr 2021 14:30:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxMCxhTldBA8rP/kPZJJwgcJXsyGdm4lDd9HwMSjKNFnpqg74+32TyctDt/s7vVEfaSiBhJ
X-Received: by 2002:a05:6214:1470:: with SMTP id c16mr11201345qvy.60.1619299819931;
        Sat, 24 Apr 2021 14:30:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619299819; cv=none;
        d=google.com; s=arc-20160816;
        b=R+rRdnvpN0QetcNLWfgeAdLiqrbg69XcZApGynPOxVxTMOLHRvPpmrb1r4YccIXXWD
         dBdDe2AZrV6eoawy6sGsNnsDRXTQv8nvJrDgXIMmZOF/MnQBTCWW7+iW/W98xw47OJVm

lattera

hostname="dns-01"
ifconfig_igb0="inet 192.168.99.10 netmask 255.255.255.0"
ifconfig_igb0_ipv6="inet6 2001:470:e1e1:1:20d:b9ff:fe49:bfbc prefixlen 64"
defaultrouter="192.168.99.1"
ipv6_defaultrouter="2001:470:e1e1:1::1"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_flags="-g"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable

lattera

server:
	logfile: "unbound.log"
	verbosity: 1
	interface: 0.0.0.0
	interface: ::0
	logfile: "unbound.log"
	log-queries: yes
	access-control: 192.168.99.0/24 allow
	access-control: 2001:470:e1e1::/48 allow

lattera

<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.1">
  <head>
    <title>The Old Reader</title>
    <dateCreated>Thu, 18 Mar 2021 22:56:44 GMT</dateCreated>
    <dateModified>Thu, 18 Mar 2021 22:56:44 GMT</dateModified>
    <ownerName>Lattera</ownerName>
    <ownerEmail>lattera@gmail.com</ownerEmail>
  </head>
  <body>

lattera

server:
	logfile: "unbound.log"
	verbosity: 1
	interface: 0.0.0.0
	interface: ::0
	access-control: 192.168.99.0/24 allow
	access-control: 2001:470:e1e1::/48 allow

	###########################
	#### Generic hardening ####

lattera

diff --cc .gitignore
index 244a353fabf4,5a022fb8f837..000000000000
mode 100644,100644..100755
--- a/.gitignore
+++ b/.gitignore
@@@ -1,5 -1,3 +1,8 @@@
++<<<<<<< HEAD
 +.clang_complete
 +.snap
++=======

lattera

CONFLICT (add/add): Merge conflict in usr.sbin/unbound/daemon/Makefile
Auto-merging usr.sbin/unbound/daemon/Makefile
CONFLICT (add/add): Merge conflict in usr.sbin/unbound/checkconf/Makefile
Auto-merging usr.sbin/unbound/checkconf/Makefile
CONFLICT (add/add): Merge conflict in usr.sbin/unbound/Makefile
Auto-merging usr.sbin/unbound/Makefile
CONFLICT (add/add): Merge conflict in usr.sbin/tcpdump/tcpdump/Makefile
Auto-merging usr.sbin/tcpdump/tcpdump/Makefile
CONFLICT (add/add): Merge conflict in usr.sbin/syslogd/syslog.conf
Auto-merging usr.sbin/syslogd/syslog.conf

lattera

$ ./hbsd-update -C -m
{
        "schemaver": 1,
        "local": {
                "fullstr": "hbsd-v1300061-63378ae429b5495cea76432e5f49c13031e90914",
                "src_ver": "63378ae429b5495cea76432e5f49c13031e90914",
                "hbsd_ver": "v1300061"
        },
        "remote": {
                "fullstr": "hbsd-v1300061-f4e6c057640bcde3d218340110126c921ec97249",

lattera

APP_NAME = HardenedBSD git master
RUN_USER = git
RUN_MODE = prod

[oauth2]
JWT_SECRET = [sanitized]

[security]
INTERNAL_TOKEN = [sanitized]
INSTALL_LOCK   = true