HeX LiveCD development in 2011

This is the 3rd post relating to planned development for FreeBSD-based O/S this yea (1: PC-BSD, 2: pfSense)

HeX LiveCD is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools, the HeX Live CD also contains tools to perform network forensics.

HeX 2.0, released in October 2008, is based on FreeBSD 7.0 and comes with Fluxbox as the default desktop environment. Development has slowed down with no new releases since, but the team has plans to change this in 2011.

C.S. Lee, project leader writes with regards to his 2011 development plans:

“We don’t have clear roadmap for what we are going to do with HeX in 2011, however the HeX 3.2 beta version will be released once we go through the testing phase, actually we have the HeX that is based on FreeBSD 8.2 in our closed development, and we will release the beta after we have tested ourselves.

Though we don’t have any roadmap specifically for this year, we do have todo

  • Split development – HeX will have 3 versions – Workstation, Sensor, Server(We really hope to get this done for a while but all the members are busy with own works). Right now we have HeX workstation only that’s available for security analyst to do packet post processing.
  • Remain bsd spirit, while we use HeX for many situation, especially for our security consulting works, it will remain free and open.
  • Improve the installer, not many actually know we have the easiest installer even before pc-bsd having one, we have modified version of bsd installer to get HeX installed to your laptop or vm, and many don’t know about it.
  • Largest packet processing and analysis tools in HeX workstation, you can compare ours with the rest of liveCD and you will definitely find we have almost all packet analysis tools in HeX, and all of them are categorized professionally
  • NSM Console improvement – you may have never heard of NSM Console, we actually have NSM Console that glue all the packet analysis tools together, it’s very modular and flexible where you can include any tools by writing the simple module. It’s like metasploit for packet analysis. NSM Console is written in ruby. We will ask for feedback and also suggestion to improve the tool.
  • HeX USB Stick – We actually have this in house, and we will release it soon, the reason we don’t release previously because FreeBSD has a lot of hard time when trying to boot from USB device until the USB stack has improved lately.
  • Include more tools, if you know any packet analysis tools that want to be included into HeX, let us know.
  • So for HeX Server and Sensor, I would like to explain a bit, for the server it will be a central server to collect all the network data from the sensor
  • For the HeX Sensor they will have tools like snort, bro, argus and many others, they will collect the network data and send to the HeX Server, then we can use HeX workstation to login to HeX Server and do the analysis.
  • HeX will also take advantage from the FreeBSD network stack development, for example in 8.2 BPF zero copy i implemented, and people may not heard about freebsd ringmap, so we may include ringmap implementation for our HeX Sensor, it’s currently in the testing and can be used with freebsd stable. Thanks to Alexandar for his work on that.

I would like to emphasize that with HeX normally you get almost full scale packet analysis platform, e.g, if you want to do ids/ips you can use snort/bro, if you want to do netflow analysis you can use argus/silktools/nfdump/fprobe/etc, and if you want to do statistical analysis you can use ourmon/tcpdstat/darkstat, if you want to do packet visualization, you can use afterglow, etherape and so forth.”

Thanks for the update, Mr Lee, and wishing you and the team all the best for 2011.

If you have used HeX LiveCD in the past or are still using it, what is your experience and what would you like to be added or changed? Let us know in the comments below.

pfSense development in 2011

Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.

As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. (m0n0wall vs pfSense).

Chris Buechler emailed the following update for 2011:

“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.

After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”

Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.

If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.

pfSense website | pfSense blog

PC-BSD development in 2011

I’ve contacted the lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Let’s start with PC-BSD today.

As you all know, PC-BSD is a free, open-source operating system based on rock-solid FreeBSD, focusing on ease-of-use and and double-click package installation (PBI). The PC-BSD project is now part of iXsystems, a company that builds storage solutions, pre-configured servers, and customised servers utilizing open source hardware and software.

Today Kris Moore, the project’s founder, announced PC-BSD 8.2RC1 and with regards to his plans for 2011 he writes:

“For 8.2, it is mainly a release to include the latest FreeBSD 8.2 / KDE 4.5.4. Also some
bug fixes are present for advanced partitioning, letting the user select between MBR/GPT,
and easily toggle between UFS+S/ZFS.

On the 9.0 front, we’ve implemented a new system of “meta-pkgs” which will let users customize their particular desktop based upon the available packages in the release. This means we can now select alternative desktop environments, such as Gnome/KDE/LXDE/XFCE and others. In order to accomplish this, all of our tools have been re-written in pure QT4, removing any requirements for KDE4 to be present.

Related to this, we’ve re-implemented our PBI system to be 100% shell, allowing it to run on native FreeBSD and not be particular about the window-manager being used. This newer PBI format also includes features to reduce the duplication of library files, digital signatures, repository management, binary patching and more. For the non-technical end user the PBI system will appear mostly the same, but for advanced users a whole set of command-line utilities will make the managing of PBI files easier and more powerfull than before.

Also on 9, we’ve switched to using UFS+SUJ (Soft-Updates Journaled) file-system by default, which is a great way to eliminate the need for a long fsck after a crash / power-loss, while not having the heavy requirements of ZFS.” (Bold by GvE)

I’ve used PBI’s since version 0.7.8. Though they worked, it was evident that PBI technology was only just born, but it’s now growing up and maturing nicely.

You’re doing a great job, Kris, and we’re all looking forward to PC-BSD 9.0, and beyond. Thanks to iXsystems for providing the support and hardware to make PC-BSD better with every release.

To check progress of PC-BSD 9.0, you may have a look at the PC-BSD 9.0 todo and the PBI 9 and beyond sections of the wiki.

Available: PC-BSD 8.2-RC1

The PC-BSD Team has announced the availability of the first Release Candidate for PC-BSD 8.2.

Version 8.2-RC1 contains a number of enhancements, improvements, and bug fixes in response to previous 8.2 testing snapshots. Some of the notable changes are:

  • Updated to FreeBSD 8.2-RC1
  • Fixed issue detecting the proper video card driver
  • Fixed some crashes when adding new users / groups
  • Added /sbin/nologin as a shell choice in the user manager
  • Let created users have a homedir of /nonexistant via the GUI
  • Fix customizing desktop languages when using a () in the description

Version 8.2-RC1 of PC-BSD is available for download from the mirrors. Everyone is encouraged to test this beta and to report any bugs to the testing mailing list. Instructions for beta testers can be found in the PC-BSD Handbook.

Kylin OS – more details and download links

My last post on Kylin, China’s secure, FreeBSD based operating system, has raised quite a bit of interest and people have been asking for download links.

I’ve done some more research into Kylin, and came across the main Kylin website: kylin-os.com (Chinese). The government seems to have set up a company, Kyrin,  to research, develop, promote, educate and deploy Kylin in government departments and commercial enterprices, e.g.

  • China Construction Bank
  • North China Electric Power
  • Xiangcai Securities
  • Shanghai Unicom

Kirin also develops load balancing servers, NAS storage systems,  secure network storage (SecStor) and a Linux based Kylin version.

It’s interesting to note that NeoKylin, or any replacement for Kylin, is developed by China Standard Software and the National University of Defense Technology, and not by Kirin.

What is the reasoning (for the government) to begin developing a new product? Was Kylin with its proprietary security layer not secure enough? Or, is NeoKylin just another domestic Chinese product built with government sponsorship and funding like redflag-linux?

For the record, Kylin 2.1 is Freebsd 5.3 + linux_base-fc4. If you’re familiar with Chinese, you may download Kylin 2.1 from freebsdcentral.com:

I’ve not been able to get my fingers on Kylin 3.0 (yet).

More on Kylin OS (use Google Translate):

NeoKylin. China’s new domestic FreeBSD based desktop O/S

Two respected Chinese software companies of two operating systems used in China are said to be joining forces (20/12/2010) to create a domestic operating system called NeoKylin.

China Standard Software and the National University of Defense Technology have signed a strategic partnership to launch an operating system brand known as “NeoKylin” that will be used for national defense and all sectors of the country’s economy.

China Standard Software said via a spokesman that the agreement was meant to pave the way for a stronger domestic operating system environment for China. No information has been offered on a timetable for any product launches under the new brand.

China Standard is the maker of the NeoShine Linux desktop series, which includes operating systems built to run in government organisations, business and personal computers.

Academics at the National University of Defense Technology (NUDT), on the other hand, are responsible for the Kylin operating system, a secure and FreeBSD based alternative to foreign software such as Microsoft Windows.

The Chinese government seems to be in favour of developing domestic operating systems and being less dependent on the West, i.e Microsoft Windows, out of security considerations (CIA/FBI backdoors??) and as a way to support the local economy. They are determined to kick Windows out of government departments and to make NeoKylin China’s new preferred O/S.

It is not clear whether Kylin will be used as server O/S and NeoKylin as desktop system, or whether NeoKylin will be deployed for both server and desktop use. Neither is it yet known when NeoKylin OS will be released in China.

Do you know have any information on NeoKylin? It would be great if you could share them with us all.

(via pcw)

Kylin, a Chinese FreeBSD based, secure O/S

The Kylin operating system is a server operating system focusing on high performance, availability and security. Its initial developement was  funded by a Chinese government-sponsored Research and Development (R&D) program in 2002. The first public version of Kylin was released in 2007.

Kylin is based on FreeBSD 5.3 with some proprietary security extensions to add an extra level of security to that operating system. Kylin, named after qili, a mythical beast, has been organised in a hierarchy model, including the basic kernel layer which is responsible for initializing the hardware and providing basic memory management and task management, the system service layer which is based on FreeBSD providing UFS2 and BSD network protocols, and the desktop environment which is similar to Windows. It has been designed to comply with the UNIX standards and is compatible with Linux binaries.

Operating systems currently used in China are mainly developed overseas, and it seems to become clearer that it is a national strategy to develop China-owned computer software to replace proprietary software produced in the West. Kylin is approved for use by the People’s Liberation Army and has apparently been deployed in Chinese military, national defence and sensitive government organisations since 2007. Kylin is also being used in finance, governance and education.

(sources used: EuroBSDCon 2005 lecture and Wikipedia)

FreeBSD quick news and links (week 52)

Below some links to news articles and blog posts relating to FreeBSD, it’s development, howto’s etc, and other interesting bits and bops connected with the FreeBSD operating system.

1. Automatic Install with FreeBSD 64-bit on RootBSD.

All new RootBSD orders are now able to select FreeBSD 8.1-RELEASE 64-bit as an option in the order form. Although manual install is still an option, this selection will prompt our new automated installer for FreeBSD 64-bit that allows your VPS to be set up in a matter of minutes like our current 32-bit offering once your order is approved. FreeBSD 32-bit is still recommended for most users.

2. FreeBSD Foundation fund raising drive (2010)

This is a last plea from the FreeBSD Foundaion for 2010 donations. Can you help?

3. FreeBSD on Amazon EC2

FreeBSD 9.0 headed to the cloud as 8.2 nears release (internetnews.com). Related to this is Collin’s updated FreeBSD on Amazon’s EC2 FAQ

4. GhostBSD – Preview for the next release.

New Logo, new theme for GhostBSD 2.0 and plans to make it faster.

5. Running Pinta on FreeBSD (rhyous.com - howto).

Pinta is a drawing/editing program modeled after Paint.NET. It’s goal is to provide a simplified alternative to GIMP for casual users. It is currently early in development.

6. ZFS in Debian

ZFS is coming to Debian! Of course, it will be arriving there via the FreeBSD kernel. ZFS v28 s imminent in FreeBSD. Testers need to check out the new patch (via Ivan Voras’ blog).

7. Oracle highligts Solaris UNIX Plans

The OS will feature next-generation networking capabilities for scalability and performance, said John Fowler, Oracle executive vice president of systems, at a company event in Santa Clara, Calif. “It’s a complete reworking of [the] enterprise OS,” he said. Oracle took over Solaris when the company acquired Sun Microsystems early this year.

Full post:  Oracle highlights Solaris UNIX plans (computerworld.com)

Talking about UNIX, Novell has moved to quell growing concerns that it has sold Linux out to Microsoft as part of its Attachmate deal: Novell keeps Unix copyrights from Microsoft

8. FreeBSD: High Performance Packet Capture
Summary and background information: FreeBSD: High Performance Packet Capture

9. Marketing Assistant for Open Source Hardware Manufacturer

Ever wanted to work for a FreeBSD focused company? If ‘Marketing’ is your thing and you’re at ‘assistant level’, have a look at this vacancy with iXsystems: Marketing Assistant for Open Source Hardware Manufacturer

iXsystems is looking for a Marketing Assistant with developed writing skills and the ability to do some digital graphic work as well. The ideal candidate is both creative and hardworking with the ability to develop innovative ideas for ads and print related to open source servers and software. Applicants will need to be able to work five days a week from 10 am – 6pm. Some flex time is permitted, but minimum amount of time required in the office is 3 full days per week.

10. Trying PC-BSD 8.2-BETA2 (taosecurity). Richard Bejtlich took PC-BSD 8.2-BETA2 for a spin. His feedback here.

11. KDE Software Compilation 4.4.5 in ports