Adrian Chadd: freebsd-wifi-build, or “wait, you can run freebsd on atheros MIPS access points? where do I get that?”

In this blog, Adrian Chadd discusses FreeBSD on Atheros MIPS access points.

Original: http://adrianchadd.blogspot.com/2015/05/freebsd-wifi-build-or-wait-you-can-run.html

I’ve been running FreeBSD at home as my primary internet/wifi access for a few years now. It’s cheap, it’s easy to do, and I’ve tried very hard to wrap up the whole process into a mostly-simple build system that spits out a useful image to use.

It’s pretty simple in concept – I take FreeBSD-HEAD, build it with some cut-down options, create a custom filesystem image with some custom boot scripts and a custom configuration file, and provide an image that you can TFTP (using a serial console and ethernet cable) or upload directly to the AP if it supports it.

The supported hardware list is here:

https://github.com/freebsd/freebsd-wifi-build/wiki/Supported-Boards

Now, it’s not a huge list like OpenWRT, but that’s mostly because I don’t have an infinite supply of Atheros MIPS based routers. I think I’ll get some of the TP-Link Archer series stuff next.

Building it is pretty simple:

https://github.com/freebsd/freebsd-wifi-build/wiki

You checkout the build repo, check out FreeBSD-HEAD, install a couple of packages, and run the build for your board. Once it’s done, the images for your board appear in ../tftpboot/. There’s a wiki page for each of the supported boards with a walkthrough with how to get FreeBSD going on it.

[Read more…]

HOWTO: Use security/logcheck to keep tabs on your system

This tutorial by user junovitch shows us how to use security/logcheck to keep tabs on your FreeBSD system.

security/logcheck is a useful tool to help keep tabs on your system logs. Per the port’s pkg-descr:

Logcheck is fairly easy to initially set up but can take some time to trim down the list of what you consider “normal” to reduce the amount of noise produced. The purpose of this little guide will be to cover that initial setup, provide a few examples of configuration, and hopefully be a small stash of good examples from others.

  1. Install security/logcheck
    pkg install logcheck
  2. Monitoring /var/log/auth.log makes sense as a best practice, modify newsyslog.conf(5) to allow the logcheck group access to /var/log/auth.log and then fix permissions on the current file.
    Code:
    perl -pwi -e 'if (/auth\.log/) {s/auth\.log\t\t/auth.log\troot:logcheck/; s/600/640/; }' /etc/newsyslog.conf
    chown root:logcheck /var/log/auth.log
    chmod 640  /var/log/auth.log
  3. Finally, copy the default file for crontab(1) from the installed example and fix permissions.
    cp /usr/local/share/examples/logcheck/crontab.in /var/cron/tabs/logcheck
    chmod 600 /var/cron/tabs/logcheck

At this point, Logcheck is fully setup and will email you every hour.

  • Don’t like the default interval? Change it.
    crontab -u logcheck -e
  • Don’t like all the emails accumulating for the logcheck user? Add an entry to /etc/mail/aliases.
    Code:
    logcheck:  jason
    
  • Not enough noise? Enable logging to /var/log/all.log to get even more detail.
    Code:
    perl -pwi -e 'if (/all\.log/)  {s/#\*\.\*/\*\.\*/;}' /etc/syslog.conf
    perl -pwi -e 'if (/all\.log/)  {s/all\.log\t\t/all.log\troot:logcheck/;   s/600/640/; }' /etc/newsyslog.conf
    touch /var/log/auth.log
    chown root:logcheck /var/log/all.log
    chmod 640 /var/log/all.log
    service syslogd restart

    Now set Logcheck to check /var/log/all.log instead of /var/log/messages.

    Code:
    cat > /usr/local/etc/logcheck/logcheck.logfiles << 'EOF'
    /var/log/all.log
    /var/log/auth.log
    'EOF'

Original: https://forums.freebsd.org/threads/howto-use-security-logcheck-to-keep-tabs-on-your-system.51736/

How to Install MongoDB on FreeBSD 10.1

This tutorial by user Hathy A of DigitalOcean shows us how to get MongoDB set up on FreeBSD 10.1.

Original: https://www.digitalocean.com/community/tutorials/how-to-install-mongodb-on-freebsd-10-1

mongoDB

Introduction

MongoDB is a free and open-source NoSQL database. It is one of the most popular databases used in web applications today because it offers high performance, scalability, and lots of flexibility in database schema design. In this tutorial, you will learn how to install and run MongoDB on FreeBSD 10.1.

Prerequisites

To follow this tutorial, you need to have:

  • A FreeBSD 10.1 server which is accessible over SSH
  • A user with root privileges; the default freebsd user on DigitalOcean is fine
  • SSH key

A FreeBSD Droplet requires an SSH Key for remote access. The freebsd user is automatically created, and your SSH key is added to this user account. A root password will not be emailed out for FreeBSD. For help on setting up an SSH Key, read How To Configure SSH Key-Based Authentication on a FreeBSD Server.

Note: Check out the Getting Started with FreeBSD Tutorial Series for help on installing and using FreeBSD 10.1.

Step 1 — Installing the Package Management Tool

[Read more…]

Recompile A FreeBSD Kernel With A Custom Configuration

This tutorial by user anismaj shows us how to recompile your FreeBSD kernel with a custom configuration.

Original post: http://www.unixmen.com/recompile-freebsd-kernel-custom-configuration/

FreeBSD is a free Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). Although for legal reasons FreeBSD cannot use the Unix trademark, it is a direct descendant of BSD, which was historically also called “BSD Unix” or “Berkeley Unix”. The first version of FreeBSD was released in 1993, and today FreeBSD is the most widely used open-source BSD distribution, accounting for more than three-quarters of all installed systems running open-source BSD derivatives.

FreeBSD has similarities with Linux, with two major differences in scope and licensing: FreeBSD maintains a complete operating system, i.e. the project delivers kernel, device drivers, userland utilities and documentation, as opposed to Linux delivering a kernel and drivers only and relying on third-parties for system software and FreeBSD source code is generally released under a permissive BSD license as opposed to the copyleft GPL.

It uses the GENERIC kernel by default. FreeBSD’s kernel provides support for some essential tasks such as managing processes, communication, booting and filesystems. In this article, we will show you how you can recompile a FreeBSD kernel with a custom configuration.

Some Features of FreeBSD and kernel

From the different features we can list the following ones:

  • FreeBSD 10.0 now supports a truly tickless kernel, enhancing battery performance on laptops and general resource effectiveness in virtual machines.
  • AMD GPUs kernel mode setting supports the use of newer xf86-video-ati drivers and AMD GPUs
  • FreeBSD 10.0 brings with it support for ZFS TRIM and it also supports LZ4 compression support which compresses much better (up to 50%) than the default LZJB compression
  • BSD-kernel are not stand-alone kernels but are developed as being part of a whole. Of course, this is merely a philosophical point of view and not a technical one, but this give system coherence

Prerequisites

As prerequisites for this article you need to need just to have a one FreeBSD 10.1 Droplet to be able to use the following commands; we assume that you are a FreeBSD user.

[Read more…]

Difference between FreeBSD versions

New to FreeBSD? Make sure you are choosing the right version suitable for you, if you plan on installing FreeBSD. Thanks to user Chris S for the tip.

What is the difference between the three FreeBSD versions (Current, Release and Stable)?

  • Current is the latest “beta” software.This is what the developers are working on mainly. It has minimal testing, basically if it compiles they’ll push it into the repository. If you’re interested in developing or testing development version this is what you’re looking for.
  • Release is the software as it first appeared under a certain release version.This is the software exactly as it was “released”. If you’re running 9.3-RELEASE then it is that version as originally released, without base or kernel updates. If you update a RELEASE version it will append a revision tag. This is typically what people run when they used precompiled versions of FreeBSD.
  • Stable is the latest “supported” software within a version branch.This is tested versions of the software published between releases. It has more rigerous testing than the Current branch, but will change as new fixes and sometimes features are added. It doesn’t have the same feature stability a release.

Original post: http://unix.stackexchange.com/questions/205089/whats-the-difference-between-the-three-freebsd-versions

PC-BSD 10.1.2 Released

The developers of PC-BSD have released version 10.1.2! This update comes with several changes geared towards those who are keen on security.

Original announcement: http://blog.pcbsd.org/2015/05/pc-bsd-10-1-2-released/

pcbsd-logo

The PC-BSD team is pleased to announce the availability of the next PC-BSD / TrueOS quarterly release, 10.1.2.

PC-BSD 10.1.2 Notable Changes:

  •  New PersonaCrypt Utility
    • Allows moving all of users $HOME directory to an encrypted USB Drive. This drive can be connected at login, and used across different systems
    • Stealth Mode — Allows login to a blank $HOME directory, which is encrypted with a one-time GELI key. This $HOME directory is then discarded at logout, or rendered unreadable after a reboot
  • Tor mode — Switch firewall to running transparent proxy, blocking all traffic except what is routed through Tor.
  • Migrated to IPFW firewall for enabling VIMAGE in 10.2
  • Added sound configuration via the first boot utility
  • Support for encrypted iSCSI backups via Life-Preserver, including support for bare-metal restores via installer media
  • New HTML handbook, updated via normal package updates
  • Media Center support allowing direct login to Kodi and PlexHomeTheater for the 10ft user experience
  • Switch to new AppCafe interface, with remote support via web-browser
  • Improvements to Online Updater, along with GRUB nested menus for Boot-Environments
  • Migrate all ports to using LibreSSL instead of OpenSSL
  • Switch from NTPD to OpenNTPD
  • Lumina desktop 0.8.4
  • Chromium 42.0.2311.135
  • Firefox 38.0
  • NVIDIA Driver 346.47
  • Pkg 1.5.2

Updating

Users currently running the 10.1.1 release can now apply the updates via their Update Manager utility. Users running TrueOS or CLI can start the update with the following command:

# pc-updatemanager pkgupdate

Getting media

10.1.2 DVD/USB media can be downloaded from the following URL via HTTP or Torrent. http://?www?.pcbsd?.org/?e?n?/?d?o?w?n?l?o?a?d?.?h?tml

Reporting Bugs

Found a bug in 10.1.2? Please report it (with as much detail as possible) to our bugs database. https://?bugs?.pcbsd?.org

Contacting Us

bsdtalk253 – George Neville-Neil

Will Backman provides us yet another bsdtalk, this time with George Neville-Neil’s most recent book.
bsdtalk-sm

An interview with George Neville-Neil about the recently published 2nd edition of The Design and Implementation of the FreeBSD Operating System.

File Info: 30Min, 15MB

Mp3 Link: https://archive.org/download/bsdtalk253/bsdtalk253.mp3
Ogg Link: https://archive.org/download/bsdtalk253/bsdtalk253.ogg

Original post: https://forums.freebsd.org/threads/bsdtalk253-george-neville-neil.51634/

FreeBSD Errata Notice FreeBSD-EN-15:04.freebsd-update

Allan Jude has issued us with a FreeBSD Errata Notice. Please check the article to take proper corrective measures.

Original post: https://bsdsec.net/articles/freebsd-announce-freebsd-errata-notice-freebsd-en-15-04-freebsd-update

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-EN-15:04.freebsd-update Errata Notice
The FreeBSD Project

Topic: freebsd-update(8) does not ensure the previous upgrade was
completed

Category: core
Module: freebsd-update
Announced: 2015-05-13
Credits: Allan Jude
Affects: All supported versions of FreeBSD.
Corrected: 2015-05-13 22:36:00 UTC (stable/10, 10.1-STABLE)
2015-05-13 22:52:35 UTC (releng/10.1, 10.1-RELEASE-p10)
2015-05-13 22:36:52 UTC (stable/9, 9.3-STABLE)
2015-05-13 22:52:51 UTC (releng/9.3, 9.3-RELEASE-p14)
2015-05-13 22:39:29 UTC (stable/8, 8.4-STABLE)
2015-05-13 22:52:51 UTC (releng/8.4, 8.4-RELEASE-p28)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit https://www.freebsd.org/security/

I. Background

The freebsd-update(8) utility is used to apply binary patches to FreeBSD
systems installed from official release images, as an alternative to
rebuilding from source. A freebsd-update(8) build server generates the
signed update packages, consisting of an index of files and directories
with checksums before the update, a set of binary patches, and an
index of files and directories with checksums after the update. The
client downloads the indexes, verifies the signatures and checksums,
then downloads and applies the required patches.
[Read more…]