SECURITY : OPENBSD VS FREEBSD

This blog post by

openBSDOpenBSD and FreeBSD are both great OS that I admire and use. OpenBSD is considered more secure since it is its main goal, but FreeBSD can be tweaked to be pretty well hardened as well. Depending on the forums or to who we ask, we will have different opinions. But what are the facts? Which OS is more secure and why?

I am not asking the question about which one is globally better, as “better” has a different meaning depending on the context and the needs (ISP routers, datafreebsd-logo-largebase servers, home gateway, desktop system, storage server or appliance, etc…). On some enterprises doing a major OS upgrade every 6 months or every year is doable, on others, it’s not possible at all. Also, it depends if one needs performance for streaming (Netflix), or if security is a top priority for a redondant firewall. Everyone needs is different, and both OS are highly useful.

If we strictly focus on security, how FreeBSD compares to OpenBSD security wise? In what follows, we will dig into memory protection, system and network security features, and default “out of the box” security. The purpose is to give unbiased facts, to compare point by point both OS. I am not trying to find the “best” OS and discredit the other, I love and use both :-) Let us try to find out the integrated security features of both OS, the visit continues below!

Check out the full comparison here – http://networkfilter.blogspot.com/2014/12/security-openbsd-vs-freebsd.html

Install Samba 3.6.x, BASH, and Webmin on FreeBSD

These short tutorials by Julian’s Corner shows us how to install Samba, BASH, and Webmin on FreeBSD.

Install Samba 3.6.x on FreeBSD
  • Update the ports snapshot
portsnap fetch update
  • Install Samba 3.6.x
cd /usr/ports/net/samba36
make install clean
  • Select the options that you want, then click OK.

Install BASH shell on FreeBSD

Bash is an sh-compatible command language interpreter that executes commands read from the standard input or from a file. csh / tcsh (C shell with file name completion and command line editing) is the default shell under FreeBSD. However, you can easily install and use bash as shell.

Installation
  • Update the ports snapshot
portsnap fetch update
  • Install BASH
cd /usr/ports/shells/bash
make install clean
Configure FreeBSD to use BASH
  • To update existing users to use BASH, enter:
chsh -s /usr/local/bin/bash {username}

Install Webmin on FreeBSD
Installation
  • Update the ports snapshot
portsnap fetch update
  • Install webmin
cd /usr/ports/sysutils/webmin
make install clean
  • Accept the default options for perl.
Configuration
  • Configure webmin on startup
vi /etc/rc.conf
  • Append following line:
webmin_enable="YES"
  • Save and close the file.
  • Run the Webmin configuration setup file and anwser the questions.
/usr/local/lib/webmin/setup.sh

Original page: https://julianscorner.com/bsd/start

Buffer Overflow Vulnerability in FreeBSD Discovered by Norse

Norse_LNorse announced today that they discovered a buffer overflow vulnerability in FreeBSD which they privately disclosed to the FreeBSD security team, who subsequently issued a security advisory with some details on the flaw and options for remedy (FreeBSD-SA-14:27.stdio).

FreeBSD is an advanced computer operating system employed to power modern servers, desktops and embedded platforms, according to the project’s organizers, who have collaborated with a large community of developers for more than thirty years.

Read the full blog with instructions on how to patch: http://blog.norsecorp.com/2014/12/10/buffer-overflow-vulnerability-in-freebsd-discovered-by-norse/

How To: Install OTRS 4.0.2 on FreeBSD 10.1 (with ZFS, MySQL56, Apache24)

User kuantem wrote this tutorial on how to install OTRS Help Desk software onto FreeBSD.

http://www.otrs.com/wp-uploads//2013/10/OTRS_Logo.pngAfter dealing with OTRS Help Desk on Ubuntu Server for a couple of years (which actually worked quite well for our small IT firm!), I’ve finally decided to migrate this great Help Desk platform over to FreeBSD, simply because I love it! I’m no FreeBSD master, but I’ve figured out just enough to get this working. So here we go…
~Alex

Step 1: Pre Installation Tasks

(Assuming you have a new FreeBSD 10.1 installation with ZFS. Which I’ve installed on MS Hyper-V Server 2012 R2.)

Edit /etc/rc.conf and verify the hostname of your FreeBSD/OTRS server as well as the static IP address. Which may look something like this:

Code:
# Networking
hostname="OTRS"
ifconfig_de0="inet 192.168.1.20 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
sshd_enable="YES"
zfs_enable="YES"
apache24_enable="YES"
mysql_enable="YES"

Full instructions here: https://forums.freebsd.org/threads/how-to-install-otrs-4-0-2-on-freebsd-10-1-with-zfs-mysql56-apache24.49365/

 

FreeBSD Foundation 2014 Year-End Fundraising Appeal

logo_freebsdfoundationDear FreeBSD community,
 
I’m writing to you today because I know you are passionate about FreeBSD. You care that it’s innovative, secure, stable, reliable, well engineered and documented, and loved.
 
For 14 years, the FreeBSD Foundation has been providing funding and support for the FreeBSD Project and community worldwide. We are fully funded by donations from people like you. That’s why I’m excited to tell you that we’ve kicked off our year-end fundraising campaign!
 
This has been an exciting time for the Foundation and FreeBSD community. As you may have heard, we kicked off this fundraiser with the largest donation we’ve ever received. Whether you are a developer, writer, advocate, organizer, user, or investor, this donation is a positive reflection on the work you are doing for FreeBSD…..

Read the rest of the announcement from Deb Goodkin here: http://freebsdfoundation.blogspot.com/2014/12/freebsd-foundation-2014-year-end.html

ruBSD 2014 (13 December, Moscow)

ruBSD, a Russian technical BSD conference set up last year, will again take place this year on 13 December in Moscow.

The conference is free to attend, though registration is required as there are only a limited number of places.

The talks will be around highly loaded web servers, ZFS and iSCSI, package management, embedded-systems and IPv6 use in practice.

Among the presenters are Scott Long from Netflix, FreeBSD developer Baptiste Daroussin and Aleksandr Motin from iXsystems.

For more information visit the ruBSD 2014 event page.

8,000,000 Mogofoo-ops (BSD Now 65)

BSDNow.tv has uploaded another, weekly, video: 8,000,000 Mogofoo-ops (BSD Now 65).

“Coming up on the show this week, we’ve got an interview with Brendan Gregg of Netflix. He’s got a lot to say about performance tuning and benchmarks & even some pretty funny stories about how people have done them incorrectly.”

To view a summary of what Kris Moore and Alan Jude chat about or for other audio/video formats visit the BSD Now 65 page on Jupiter Broadcasting or click here for the youtube link.

64-bit ARM architecture project update

logo_freebsdfoundationIn this month’s project update we will take a look at the ongoing FreeBSD 64-bit ARM port. AArch64 is the official name for the 64-bit ARM architecture, but it is also known as ARMv8 and arm64. The 64-bit ARM architecture is expected to find use in traditional server markets, in contrast to the embedded and mobile markets where 32-bit ARM is widely adopted.

The FreeBSD Foundation is collaborating with ARM, Cavium, Semihalf and Andrew Turner to port FreeBSD to arm64. Cavium is contributing directly to the Foundation, supplying engineering expertise and hardware for the development community. Cavium’s ThunderX platform provides a great match for FreeBSD’s strength as a server operating system, and it supports up to 48 cores in a single package. ThunderX will be the initial reference target for this project, but ports to other arm64 platforms are expected later on.

Read the full announcement here: http://freebsdfoundation.blogspot.com/2014/11/64-bit-arm-architecture-project-update.html