You’ll find the following subjects inside:
- Installing and Configuring Linux Jails in PC-BSD
- A simple DNS-DHCP Server for Small Business Network with dnsmasq
- Hardening FreeBSD with TrustedBSD and Mandatory Access Controls
- FreeBSD Enterprise Search with Apache Solr
- PostgreSQL: Schemas
- EuroBSDcon and MeetBSD California: Two Continents, One Community
8:45 Monday morning. I fill the espresso filter basket with a good measure of Italian coffee, flick the switch to espresso, and 60 seconds later am rewarded with a demitasse of viscous caffeine, complete with the requisite creamy head. Coffee is an essential part of the I.T. toolkit, especially when deadlines loom and the disconnect between customer, 3rd party supplier and the gap between expectations and reality becomes wider by the day…
Installing and Configuring Linux Jails in PC-BSD
Whether you prefer the CLI or a GUI, one thing most people can agree on, is that The Warden is a great tool for managing jails. The Warden has been available as an add-on in PC-BSD since version 8, and is available as a port in FreeBSD as well. It now comes built-in to version 9.1 of PC-BSD and TrueOS (a variant of PC-BSD included in the install DVD that consists of FreeBSD and enhanced command line versions of PC-BSD tools). This article explains how to use the Warden to create a Linux jail, configure nat for it and instal Linux packages in the jail.
FreeBSD Enterprise Search with Apache Solr (Part 4)
So far, we have used Solr to access and index content found in web pages, XML files, databases and external websites. But as far as using Solr in the enterprise is concerned, how can we access disparate documents such as PDF and Microsoft Word files? This is where Apache Tika is invaluable – supporting over 14 different types of document formats. In the final part of our series on Apache Solr the author will look at Apache Tika and demonstrate how to import and index document content with Apache Solr.
This article provides an introduction to schemas, a feature of PostgreSQL that allow Database Administrators (DBAs) to organize their database objects, mainly tables, into name spaces in order to either avoid naming conflicts and better structure the database itself. All the examples shown here have been tested on a PostgreSQL 9.1 cluster running on a FreeBSD 8.2-RELEASE machine; all the example source code is available in a GitHub repository.
A simple DNS-DHCP Server for Small Business Network with dnsmasq
From this article you will learn how to setup and manage a Small Business DNS/DHCP server. A real example of small LAN business network are the so called “SoHo” (single office/home office SOHO), namely a category of businesses that has 1 to 10 employees, but this is only the staring point. In fact, there are examples of deployable environment for Dnsmasq configurations used for more than 1000 hosts. On the other side of the coin there are still some limitations, such as a very basic support for IPv6 router advertisements for DHCPv6 to work and the inability to serve many zone files (many domains), but this project brought us many surprises in time and will only get better. Knowing the strengths and limits of this daemon, a network administrator can now decide whether to install Dnsmasq.
Hardening FreeBSD with TrustedBSD and Mandatory Access Controls (Part 4)
Most system administrators understand the need to lock down permissions for files and applications. In addition to these configuration options on FreeBSD, there are features provided by TrustedBSD that add additional layers of specific security controls to fine tune the operating system for multilevel security. Since version 5.0 of FreeBSD, the TrustedBSD extensions have been included with the default install of the operating system. By default, this functionality is disabled and requires support to be compiled in or kernel modules to be loaded at boot time. For the purpose of this article, support will be loaded in with kernel modules already available with FreeBSD 9. Part 4 of the TrustedBSD series will cover the basic configuration of the mac_seeotheruids module.
EuroBSDcon and MeetBSD California: Two Continents, One Community
This year’s EuroBSDcon and MeetBSD California took place just a few weeks apart in two very different locations but together demonstrated seamless solidarity on the part of the BSD community. MeetBSD in Sunnyvale, California was like a reunion for many speakers and attendees who had recently met in Warsaw, Poland for EuroBSDcon. Some familiar European faces such as Robert Watson and Alexander Motin even made appearances only at the more distant event, showing once again that the geography of BSD and its community is “the Internet”. Read the overview describing both these wonderful events. Check what you have missed or refresh your memory.
The sixth edition of the Italian PostgreSQL Day (PgDay) held at the Monash University Center in Prato, Tuscany, on November the 23th has been a success. The Italian community did respond very well to the event, and guests from all over the country came to discuss, acquire knowledge and share experience about this great database. Here is a great example of how passion can gather people together. Just follow their steps.
Download the December issue: Linux Jails in PC-BSD
You’ll find the following subjects inside:
NETGEAR Universal Wifi Adapter
The trend towards increased internet connectivity of media devices (TV’s, gaming consoles, DVR’s) has brought a work-around for one of few my frustrations with BSD operating systems – the limited support for newer wireless adapters. Many of these media devices have an ethernet port, but no way to attach a wireless adapter. Several companies have stepped up to this opportunity and have created universal wireless adapters that connect to the ethernet port rather than an expansion port. Since the device connects to the ethernet port, no driver is needed. Since no driver is needed, these devices should work with BSD operating systems. In this article, I will test Netgear’s Universal Wifi Adapter, model WNCE2001.
Automating the Deployment of FreeBSD and PC-BSD Systems
In PC-BSD 9.x every installation is fully-scripted, due to the the pc-sysinstall backend. This backend can also be used to quickly automate the deployment of FreeBSD servers and PC-BSD desktops using a PXE boot environment. In PC-BSD & TrueOS 9.1 and higher, this functionality is easy to setup and deploy using the “pc-thinclient” utility. PXE booting allows you to boot systems via the LAN interface, as opposed to using traditional media, such as DVD or USB. In order for clients to boot via PXE they will need a PXE capable network adapter.
Network Concepts, Routing and Firewalls
This article is aimed at anyone who wants to learn more about networking, routers and firewalls. We will discuss this topic in terms of a BSD/PF firewall/router.
FreeBSD as a NAT Instance in Amazon Cloud
Amazon VPC lets you launch instances in a virtual network that closely resembles a traditional network that you might operate in your own data center. You place publicly accessible servers (for example, web servers, DNS server etc.) into a public-facing subnet, and place your backend systems (databases, application servers etc.) in a private subnet with no Internet access. Instances in the private subnet can access the Internet only by routing their traffic through a NAT instance in a public subnet. This article is intended for beginners wanting to install and run FreeBSD as a NAT instance in Amazon Virtual Private Cloud (Amazon VPC).
PostgreSQL: Indexes (Part 2)
This article continues the previous one, presenting the readers with a few index examples and how the access costs are computed by the query planner. All the examples shown here have been tested on a PostgreSQL 9.1 cluster running on a FreeBSD 8.2-RELEASE machine; all the example source code are available in a GitHub repository.
FreeBSD Enterprise Search with Apache Solr (Part 3)
One of the important facets of enterprise search is to be able to search internal (Intranet) and external websites. On a smaller scale, it is relatively trivial to assemble some code in PHP or Perl to pull web pages from a site, extract the links from the HTML and then “wash, rinse, repeat”. The difficulty arises when we want to index, rank, and effectively manage these results on a large scale. Almost 10 years ago, Apache Nutch was developed as the key technology to crawl 100 million webpages, and has proved time and again that it is an efficient scalable solution. Nutch can be clustered, it is robots.txt friendly, and using modular plug-ins ans schemas, can be tuned to bias certain results first. While Nutch integration and tuning is quite specialized, it is fairly trivial to configure Nutch to dump results of a crawl session into MySQL (or any other JDBC based database for that matter), and rank / review these queries in Solr.
Download and read the whole magazine: Run FreeBSD as NAT Instance in Cloud
Welcome to the weekly (Free)BSD news round-up (week 44) where we have a mix of news snippets, links, howto’s and software/package updates for you all. These tid-bits are all very interesting and news worthy, yet too small to package as individual posts.
A FreeBSD Success Story
… Then, we switched the server to a new one, quad core, sixty gigabytes of ram and two terabytes of disk. This time, I chose FreeBSD because I knew that it would work greatly ! Linux could have worked too, maybe we could have more performance, but it would not be as easy to manage as our FreeBSD box… More
Bernhard Fröhlich joined the FreeBSD Ports Team in October.
2. M0n0wall 1.34b1 released
“A maintenance version in the m0n0wall 1.3 branch has been released: 1.34b1 includes the CSRF-related fixes recently made to the beta branch, as well as a few others security-relevant things. Nothing is high priority, but once 1.34b1 has received some wider testing, it will be re-released as 1.34, and 1.33 users will be recommended to upgrade.”
1. FreeBSD/Raspberry Pi
2 KNemo 0.7.4 receives major improvements for FreeBSD
KNemo is a tool that monitors the network traffic and provides a tray widget for every network interface, support for network statistics, and different icon themes.
Highlights of the release are:
• Bugs in the BSD backend has been fixed;
• Wrong traffic bug reported on FreeBSD has been repaired;
• Wrong encryption state for mixed WEP connections on FreeBSD has been fixed;
• Default gateway previously undetected on FreeBSD is now working properly;
• A monochrome icon theme has been added;
• Support for the legacy system tray icon has been removed;
• Embedded plotter code has been dropped in favor of libksignalplotter.
Websites / Social Media
As some of you may have seen already RootBSD has a new website. It looks very clean and slick and looks more ‘web 2.0’ than the previous version.
RootBSD was established with one goal in mind: to provide reliable, flexible, and supported BSD-based hosting services to professionals and businesses. Our extensive selection of FreeBSD, OpenBSD, and Linux hosting packages means there is a right package for almost everyone.
New FreeBSD Committers
In October 2012 the following people became new committers or were given enhanced FreeBSD update rights: Simon J. Gerraty (src), Erwin Lansing (src, ports) and Eitan Adler (src, ports, doc).
BSD / Unix Family News
OpenBSD 5.2 arrives with improved multi-core support.
The OpenBSD project has released version 5.2 of its free BSD-based UNIX-like operating system. According to its developers, the most important change in the new release is the switch from user-level to kernel-level threads. This allows programs with multiple threads to use multiple CPU cores. (via)
October’s issue of the BSD Magazine is now available: Network Security & Auditing (free PDF download).
You’ll find the following subjects inside:
- VX ConnectBot: Open Source SSH Client for Android Devices
- Installing Xfce Desktop Environment on OpenBSD 5.1
- Browse the Internet Differently
- FreeBSD Enterprise Search with Apache Solr (Part 2)
- PostgreSQL: Indexes
- Unix IPC with FIFOs
- Capture Session Data with Argus on FreeBSD
- Securing your Family with pfSense and IPSec
- Installation and Setup of the Halon Virtual Security Router
Thanks Charles (he wrote the article on Xombrero) for reminding me to post this.
“As you already may now, last half a year I’ve been working on making pf SMP-scalable and faster in general. More info can be found here:
Since that announce in June, I’ve been running experimental code for more than 2 months in production on several routers. Also, some brave people volunteered to be beta-testers and also run the experimental branch in last couple of months. Code proved to be stable enough.
The new code performs better in production: less CPU load, less jitter, more responsive system under high load. It performs better under synthetic benchmarks like random generated UDP flood. It performs much better when DoS comes in.”
We are now living in an age of cloud computing and sharing content and news, privately and publicly. However, it seems cloud companies struggle to keep our data private and don’t seem to always respect users’ privacy, so why not set up your own cloud?
If you want to stay in control of your own data and share it only with those you want to share it with, have a look at ownCloud. Kris Moore from the PC-BSD Project has an article showing how to set up ownCloud on PC-BSD. Very useful.
You’ll find the following subjects inside the latest issue of BSD Mag:
What’s New in PC-BSD 9.1
PC-BSD 9.1 adds many new features, ranging from more graphical utilities available within Control Panel, a redesigned installer, a server installation wizard, and improved jail management. This article introduces these new features. PC-BSD 9.1 is expected to be released during September, 2012. This article introduces some of the new features of this release.
Setting up Your OwnCloud Instance via the Warden™
In this article we will be taking a look at the OwnCloud software, specifically how to do the initial installation and configuration inside a jail run by PC-BSD’s® jail management utility, the Warden™. First we will take a look at a setup done from a PC-BSD graphical interface, and then explore the same setup from the command-line using TrueOS™, the server version of PC-BSD.
Nmap: The Network Swiss Army Knife
Nmap (“Network Mapper”) is a GPL utility for network discovery and security auditing. Many systems and network administrators find it very useful for network inventory, monitoring hosts and services uptime, debugging network related problems, and many other tasks. From this article you will learn the basic functionalities of Nmap 6.
Unix IPC with Pipes
This article explains one of the earliest forms of inter-process communication (IPC) in Unix. Pipes were the original form of Unix IPC and were present in Third Edition of Unix (1973). They can only be used to communicate between related processes, but despite this limitation they still remain one of the most frequently employed mechanisms for IPC.
FreeBSD Enterprise Search with Apache Solr
Back office integration and cross platform search has always posed major challenges especially in large organizations with many legacy systems. With Apache Solr these barriers can be overcome and the power of enterprise search realised. In this new series the author will show you step by step how to commission an Apache Solr search engine.
Hardening FreeBSD with TrustedBSD and Mandatory Access Controls (MAC)
Most system administrators understand the need to lock down permissions for files and applications. In addition to these configuration options on FreeBSD, there are features provided by TrustedBSD that add additional layers of specific security controls to fine tune the operating system for multilevel security. By reading this article you will learn the configuration of the mac_bsdextended module and how to use the ugidfw utility
Interview with Jeroen van Nieuwenhuizen
Jeroen van Nieuwenhuizen was the chair of the EuroBSDcon 2011 organizing committee. Currently, he is one of the members of the EuroBSDcon Foundation board. He came in contact with Unix in 1997 and started to work with the BSDs in 2002. In his daily life Jeroen works as a Unix Consultant for Snow B.V. BSD Magazine asked him some questions regarding event organization and opportunities to participate in organizing EuroBSDcon.
BSD Magazine has also a “Best of 2011? issue available for purchase.
From the table of contents:
Tuning ZFS on FreeBSD
By Martin Matuska
ZFS is a modern 128-bit file system based on the copy-on-write model. It originates from the OpenSolaris project and has first appeared in FreeBSD in 2008. ZFS has many innovative features including an integrated volume manager with mirroring and RAID capabilities, data checksumming and compression, writable snapshots that can be transferred between systems and many more. In this article the author is going to discuss several tuning options including sysctl(2) knobs and give examples how can ZFS performance and efficiency can be measured and evaluated. This article is intended for FreeBSD users with ZFS version 28 available since 8.3-RELEASE and 9.0-RELEASE.
MPD5 – VPN Server with FreeBSD Setup and Management
By Antonion Francesco Gentile
Mpd5 is a fast, flexible and secure way to make VPN connections on FreeBSD. It requires very few resources and supports a wide range of protocols, a great tool for network managers. By reading this article you will learn to setup and manage a VPN server PPTP based.
By Luca Ferrari
In the previous articles the main features of PostgreSQL, including server-side programming were shown. In this article a simple application scenario will be used to demonstrate the capability of partitioning huge amounts of data into different tables in different spaces transparently.
Securing DNS Transactions
By Paul Ammann
In the June 2012 issue, we outlined the threats, security objectives, and protection approaches for various DNS transactions. This article provides the steps involved in implementing those approaches, as well as operational best practices that go with those implementations.
MaheshaBSD Server Edition Has Been Just Released!
By Juraj Sipos
Many newcomers to FreeBSD find it difficult to setup their own FTP/WWW server quickly and, on the other hand, experienced users sometimes need to take precautions for unexpected crash situations – that is, to have a strategy for time economization and portability, as these two are valuable assets in our rushing world. From this article you will find out ow to run a simple and smart FTP/WWW server.
The July issue of BSD Magazine is Out!
Kerberos on OpenBSD:
How to Manage User Passwords and Single-sign-on?
Download here: Kerberos on OpenBSD