-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-03-19; Last revised on 2015-03-20. Affects: All supported versions of FreeBSD. Corrected: 2015-03-20 07:11:20 UTC (stable/10, 10.1-STABLE) 2015-03-20 07:12:02 UTC (releng/10.1, 10.1-RELEASE-p8) 2015-03-20 07:11:20 UTC (stable/9, 9.3-STABLE) 2015-03-20 07:12:02 UTC (releng/9.3, 9.3-RELEASE-p12) 2015-03-20 07:11:20 UTC (stable/8, 8.4-STABLE) 2015-03-20 07:12:02 UTC (releng/8.4, 8.4-RELEASE-p26) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2015-03-19 Initial release. v1.1 2015-03-20 Reverted a portion of change that should not belong to the advisory and did not end up in the final OpenSSL release. The patch is also revised to include fixes for CVE-2015-0209 and CVE-2015-0288. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique. II. Problem Description Continue reading
In this tutorial, user M.el Khamlichi shows us how to set up Tomcat 8 on FreeBSD 10/10.1.
Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation (ASF). Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a pure Java HTTP web server environment for Java code to run in. In the simplest config Tomcat runs in a single operating system process. The process runs a Java virtual machine (JVM). Every single HTTP request from a browser to Tomcat is processed in the Tomcat process in a separate thread.
My testbox details:root@Freebsd-unixmen:~ # uname -a FreeBSD Freebsd-unixmen 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 #0: Tue Feb 24 19:00:21 UTC 2015 firstname.lastname@example.org:/usr/obj/usr/src/sys/GENERIC amd64 root@Freebsd-unixmen:~
This article has been edited from old article about install apache 7 on freebsd 9.3
Install Tomcat 8 In FreeBSD 10
I was trying to install from the ports (/usr/ports/www/tomcat7 ) then i got many issues, finally i stopped the installation and started with the pkg tool.
Now, lets start:root@Freebsd-unixmen:~ # pkg install tomcat8 Updating FreeBSD repository catalogue... Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 Fetching packagesite.txz: 100% 5 MiB 486.0kB/s 00:11 Processing entries: 100% FreeBSD repository update completed. 24086 packages processed The following 5 packages will be affected (of 0 checked): New packages to be INSTALLED: tomcat8: 8.0.18 openjdk: 7.76.13_1,1 java-zoneinfo: 2015.a javavmwrapper: 2.5 jakarta-commons-daemon: 1.0.15 The process will require 165 MiB more space. 57 MiB to be downloaded. Proceed with this action? [y/N]:
Sam Varghese of iTWire interviews longtime FreeBSD user and sysadmin Allan Jude about the use of FreeBSD on the server.
For years now, Linux has been all the rage. But in recent times, there have been murmurings among some veterans — long-time users — after the introduction of systemd, the init system that seems to overstep its boundaries.And this talk is all about the old UNIX culture, the way one utility or application is used to do a job, do it well, and hand over the output to a second utility to process. Linux, in short, is becoming something like a Swiss army knife — complicated — and there has been talk of switching to an alternative. This is where FreeBSD comes in.Some time back, iTWire discussed the possibility of PC-BSD being used on the desktop instead of Linux. PC-BSD is more or less the same as FreeBSD; in the words of Kris Moore, it has “a vanilla FreeBSD kernel/world with some unique installation options and a slew of graphical or command-line utilities to make FreeBSD on the desktop ‘easy’.”
But Linux is more widely used on the server, where FreeBSD can be a more than adequate replacement. To get an idea of the strengths and weaknesses of this operating system, iTWire interviewed Allan Jude, the vice-president of operations at ScaleEngine, a global HTTP and video streaming content distribution network; he makes extensive use of the ZFS filesystem on FreeBSD.
Jude (pictured above) is also the host of the video podcasts BSD Now (with Moore) and TechSNAP on JupiterBroadcasting.com.A FreeBSD committer, Jude is focused on documenting ZFS and further improving the manageability of FreeBSD. He taught FreeBSD and NetBSD administration at Mohawk College in Hamilton, Canada from 2007-2010 and has 12 years of experience as a systems administrator of BSD UNIX systems.And above all, he communicates using language that any layman can understand.
iTWire: Why would you recommend FreeBSD over other server operating systems?
This tutorial by user weirdbricks shows us how to get CARP set up on FreeBSD 10.
Some quick notes on setting up CARP on FreeBSD.
Most of this is based on the FreeBSD Handbook page
1. Add the carp kernel module – edit the file /boot/loader.conf and add the linecarp_load="YES"
^ Make sure that this is done on all hosts
To load the module without rebooting:kldload carp
2. Then on the host you want to act as the master edit the /etc/rc.conf and add:hostname="freebsd10-master" ifconfig_em0="inet 192.168.2.21 netmask 255.255.255.0" ifconfig_em0_alias0="inet 192.168.2.50/32 vhid 100 advskew 100 pass lampros" defaultrouter="192.168.2.1"
In the above the 192.168.2.50 is going to be the “floating IP” address.
3. On the host you want to act as a backup:
Bsdtalk podcast discussing Verisign and FreeBSD.
A talk from vBSDCon in 2013 titled Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien CharbonFile info: 47Min, 22MB
This tutorial by user Gianugo shows us how to set up FreeBSD jails on the Microsoft Azure platform.
I set up this blog on Azure as an excuse to play with the new FreeBSD VM Depot image, learn more about jails and write the occasional blog post about random stuff. I took extensive notes while at it and I will be posting them here for future reference and to help the occasional search engine user.
I will skip all the clicking through that can easily get to a running FreeBSD VM in Azure. There is tons of FreeBSD documentation, including specific Azure tutorials that my team and others have written. I am lazy, so I will just point out specific Azure differences and how to take care of them.
A word of caution: please don’t consider what you read here to be authoritative. I’m doing this for fun and my free time is what it is, so don’t think I researched this stuff thoroughly. It worked for me and seems to be still working as I write this – that’s all I needed.
Let’s start with networking. Every public cloud has their own approach, and Azure is no different. Two things to remember about Azure IP management:
In this week’s BSD Now episode, hosts Kris Moore and Allan Jude interview Lawrence Teo regarding Calyptix’s use of OpenSBD in their line of routers. In addition, they introduce BSD to Windows admins unexpectedly. Click play below to tune in:
Original post – http://www.bsdnow.tv/episodes/2015_03_18-puffy_in_a_box
This article by InfySim shows us how to set up Root access through SSH protocol on FreeBSD.
By default FreeBSD does not allow root access over ssh protocol.
So if you need to log on to your system and need root privilege, then you have to allow root to access for ssh login.
In this example I am using VIM as the text editor but if you don’t have VIM editor then you have to use the default EE or VI editor.
If you want to install VIM editor please have a look at the following link:
Installing VIM editor on FreeBSD
To do so, You will need to edit the SSH daemon configuration file.
Find the below line in the above file:
The preceding # mark shows that this line is commented.
You just have to un-comment the line and modify the “no” at the end of file to “yes” (Of course without the quotes).
After modification the line should be looking like as following:
Save the file and quit vim editor.
Now to reflect the change, you have to restart the ssh daemon by typing the following command on the console:
# /etc/rc.d/sshd restart
After the above steps if you try accessing your system from another host over ssh protocol, you must be able to login to your system.
If you need to know more on VIM commands then please have a look at the following link:
VIM commands for day to day usage
The FreeBSD Foundation is celebrating 15 years of supporting the FreeBSD Project. Congratulations!! In this blog they discuss their Spring fundraising initiatives. Make a donation today and help keep FreeBSD alive.
I’m so excited to announce our spring fundraising campaign. I know it’s not officially spring yet, but it sure feels like it here at Foundation headquarters in Boulder, Colorado. We’re kicking off our fundraising campaign in conjunction with some other exciting events. There’s so much to celebrate. First, we are proud to be a Platinum sponsor of AsiaBSDCon. This is the tenth AsiaBSDCon, with over 140 attendees planned, and 31 talks, providing a venue for all things BSD in Asia. People from around the world attend this conference to learn about the BSD operating systems, share their knowledge and experience, and work together to develop, hack, fix, improve, and document the various BSD operating systems.
According to Phoronix.net, USB-based DisplayLink graphics adapters are now supported in FreeBSD, thanks to the developers.
The FreeBSD kernel finally has support for USB-based DisplayLink graphics adapters.
Within the Linux world there’s been DisplayLink work going back to 2009 with frame-buffer and X.Org drivers and by 2012 had advanced to having a DisplayLink DRM/KMS driver. DisplayLink USB 2.0 devices continue to work quite well under Linux and these USB display chips can be found in a wide variety of products.
As of last week, the FreeBSD kernel has USB DisplayLink support in the form of a frame-buffer (FB) and virtual terminal (VT) drivers. The initial FreeBSD DisplayLink support was pushed via this SVN commit.
For those looking for Linux (and assuming BSD too) friendly DisplayLink hardware, I’d recommend checking out the Plugable selection with having used some of them myself. You can find the Plugable USB display product selection at Amazon.com.