-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2015-03-19; Last revised on 2015-03-20. Affects: All supported versions of FreeBSD. Corrected: 2015-03-20 07:11:20 UTC (stable/10, 10.1-STABLE) 2015-03-20 07:12:02 UTC (releng/10.1, 10.1-RELEASE-p8) 2015-03-20 07:11:20 UTC (stable/9, 9.3-STABLE) 2015-03-20 07:12:02 UTC (releng/9.3, 9.3-RELEASE-p12) 2015-03-20 07:11:20 UTC (stable/8, 8.4-STABLE) 2015-03-20 07:12:02 UTC (releng/8.4, 8.4-RELEASE-p26) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. 0. Revision history v1.0 2015-03-19 Initial release. v1.1 2015-03-20 Reverted a portion of change that should not belong to the advisory and did not end up in the final OpenSSL release. The patch is also revised to include fixes for CVE-2015-0209 and CVE-2015-0288. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique. II. Problem Description [Read more...]
In this tutorial, user M.el Khamlichi shows us how to set up Tomcat 8 on FreeBSD 10/10.1.
Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation (ASF). Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Sun Microsystems, and provides a pure Java HTTP web server environment for Java code to run in. In the simplest config Tomcat runs in a single operating system process. The process runs a Java virtual machine (JVM). Every single HTTP request from a browser to Tomcat is processed in the Tomcat process in a separate thread.
My testbox details:root@Freebsd-unixmen:~ # uname -a FreeBSD Freebsd-unixmen 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 #0: Tue Feb 24 19:00:21 UTC 2015 email@example.com:/usr/obj/usr/src/sys/GENERIC amd64 root@Freebsd-unixmen:~
This article has been edited from old article about install apache 7 on freebsd 9.3
Install Tomcat 8 In FreeBSD 10
I was trying to install from the ports (/usr/ports/www/tomcat7 ) then i got many issues, finally i stopped the installation and started with the pkg tool.
Now, lets start:root@Freebsd-unixmen:~ # pkg install tomcat8 Updating FreeBSD repository catalogue... Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 Fetching packagesite.txz: 100% 5 MiB 486.0kB/s 00:11 Processing entries: 100% FreeBSD repository update completed. 24086 packages processed The following 5 packages will be affected (of 0 checked): New packages to be INSTALLED: tomcat8: 8.0.18 openjdk: 7.76.13_1,1 java-zoneinfo: 2015.a javavmwrapper: 2.5 jakarta-commons-daemon: 1.0.15 The process will require 165 MiB more space. 57 MiB to be downloaded. Proceed with this action? [y/N]:
Sam Varghese of iTWire interviews longtime FreeBSD user and sysadmin Allan Jude about the use of FreeBSD on the server.
For years now, Linux has been all the rage. But in recent times, there have been murmurings among some veterans — long-time users — after the introduction of systemd, the init system that seems to overstep its boundaries.And this talk is all about the old UNIX culture, the way one utility or application is used to do a job, do it well, and hand over the output to a second utility to process. Linux, in short, is becoming something like a Swiss army knife — complicated — and there has been talk of switching to an alternative. This is where FreeBSD comes in.Some time back, iTWire discussed the possibility of PC-BSD being used on the desktop instead of Linux. PC-BSD is more or less the same as FreeBSD; in the words of Kris Moore, it has “a vanilla FreeBSD kernel/world with some unique installation options and a slew of graphical or command-line utilities to make FreeBSD on the desktop ‘easy’.”
But Linux is more widely used on the server, where FreeBSD can be a more than adequate replacement. To get an idea of the strengths and weaknesses of this operating system, iTWire interviewed Allan Jude, the vice-president of operations at ScaleEngine, a global HTTP and video streaming content distribution network; he makes extensive use of the ZFS filesystem on FreeBSD.
Jude (pictured above) is also the host of the video podcasts BSD Now (with Moore) and TechSNAP on JupiterBroadcasting.com.A FreeBSD committer, Jude is focused on documenting ZFS and further improving the manageability of FreeBSD. He taught FreeBSD and NetBSD administration at Mohawk College in Hamilton, Canada from 2007-2010 and has 12 years of experience as a systems administrator of BSD UNIX systems.And above all, he communicates using language that any layman can understand.
iTWire: Why would you recommend FreeBSD over other server operating systems?
This tutorial by user weirdbricks shows us how to get CARP set up on FreeBSD 10.
Some quick notes on setting up CARP on FreeBSD.
Most of this is based on the FreeBSD Handbook page
1. Add the carp kernel module – edit the file /boot/loader.conf and add the linecarp_load="YES"
^ Make sure that this is done on all hosts
To load the module without rebooting:kldload carp
2. Then on the host you want to act as the master edit the /etc/rc.conf and add:hostname="freebsd10-master" ifconfig_em0="inet 192.168.2.21 netmask 255.255.255.0" ifconfig_em0_alias0="inet 192.168.2.50/32 vhid 100 advskew 100 pass lampros" defaultrouter="192.168.2.1"
In the above the 192.168.2.50 is going to be the “floating IP” address.
3. On the host you want to act as a backup:
Bsdtalk podcast discussing Verisign and FreeBSD.
A talk from vBSDCon in 2013 titled Verisign and FreeBSD: Internet Scale Services at 10 Gigabits per Server presented by Mike Bentkofsky, Marc de la Gueronniere, Julien CharbonFile info: 47Min, 22MB
The developers of GhostBSD have released their second alpha for version 10.1.
I am pleased to announce the availability the second ALPHA build of the 10.1-RELEASE Release cycle which is available on SourceForge for the amd64 and i386 architectures.
Changes and fix between 10.1-ALPHA1 and 10.1-ALPHA2 include:
- The PCDM theme file as been fixed which was creating blinking black screen.
- Macro windows decoration has been fixed.
- The installer GPT partition problem has been found and fixed in pc-sysintall.
- Some installer text error has been fix.
- The user shell selection has been fix from the last change to have csh by default since fish have a bug from the ports.
Where to download:
The image checksums, ISO images and USB images are available here:
Please be aware that this release provides beta tester and developers with a system to test out new features for the upcoming release. This release may contain buggy code and features, so we encourage you to run it only on non-critical systems.
We encourage you to use our new issue system build with MantisBT http://issues.ghostbsd.org/main_page.php.
Note: Developers can’t fix problems that we are not aware and can’t reproduce; if you report a problem give us a detailed reports that we can reproduce the problem.
Thank you for using GhostBSD and have a lot of fun beta testing GhostBSD!
Original link: http://ghostbsd.org/10.1-alpha2
This tutorial by user Gianugo shows us how to set up FreeBSD jails on the Microsoft Azure platform.
I set up this blog on Azure as an excuse to play with the new FreeBSD VM Depot image, learn more about jails and write the occasional blog post about random stuff. I took extensive notes while at it and I will be posting them here for future reference and to help the occasional search engine user.
I will skip all the clicking through that can easily get to a running FreeBSD VM in Azure. There is tons of FreeBSD documentation, including specific Azure tutorials that my team and others have written. I am lazy, so I will just point out specific Azure differences and how to take care of them.
A word of caution: please don’t consider what you read here to be authoritative. I’m doing this for fun and my free time is what it is, so don’t think I researched this stuff thoroughly. It worked for me and seems to be still working as I write this – that’s all I needed.
Let’s start with networking. Every public cloud has their own approach, and Azure is no different. Two things to remember about Azure IP management:
In this week’s BSD Now episode, hosts Kris Moore and Allan Jude interview Lawrence Teo regarding Calyptix’s use of OpenSBD in their line of routers. In addition, they introduce BSD to Windows admins unexpectedly. Click play below to tune in:
Original post – http://www.bsdnow.tv/episodes/2015_03_18-puffy_in_a_box
The developers of pfSense have made available version 2.2.1 RELEASE.
Original post: https://blog.pfsense.org/?p=1661
pfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.
- pfSense-SA-15_02.igmp: Integer overflow in IGMP protocol (FreeBSD-SA-15:04.igmp)
- pfSense-SA-15_03.webgui: Multiple XSS Vulnerabilities in the pfSense WebGUI
- pfSense-SA-15_04.webgui: Arbitrary file deletion vulnerability in the pfSense WebGUI
- FreeBSD-EN-15:01.vt: vt(4) crash with improper ioctl parameters
- FreeBSD-EN-15:02.openssl: Update to include reliability fixes from OpenSSL
A note on the OpenSSL “FREAK” vulnerability:
- Does not affect the web server configuration on the firewall as it does not have export ciphers enabled.
- pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability.
- If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details.
This article by InfySim shows us how to set up Root access through SSH protocol on FreeBSD.
By default FreeBSD does not allow root access over ssh protocol.
So if you need to log on to your system and need root privilege, then you have to allow root to access for ssh login.
In this example I am using VIM as the text editor but if you don’t have VIM editor then you have to use the default EE or VI editor.
If you want to install VIM editor please have a look at the following link:
Installing VIM editor on FreeBSD
To do so, You will need to edit the SSH daemon configuration file.
Find the below line in the above file:
The preceding # mark shows that this line is commented.
You just have to un-comment the line and modify the “no” at the end of file to “yes” (Of course without the quotes).
After modification the line should be looking like as following:
Save the file and quit vim editor.
Now to reflect the change, you have to restart the ssh daemon by typing the following command on the console:
# /etc/rc.d/sshd restart
After the above steps if you try accessing your system from another host over ssh protocol, you must be able to login to your system.
If you need to know more on VIM commands then please have a look at the following link:
VIM commands for day to day usage