Miscelaneous (Free)BSD news and links (Week 2)

I End of Life Announcement for PC-BSD 7.x

With the release of version 8.2 just around the corner, and PC-BSD 9.0 slated for later this year, we will be stopping the production of new packages / PBIs for the PC-BSD 7.x series in the near future: End of Life Announcement for PC-BSD 7.x

II Required: Senior FreeBSD/UNIX/Linux Administrator

You might be our next Sr. Systems Engineer: Senior FreeBSD/UNIX/Linux Administrator

III FreeBSD: Virtual Network Switch

In the previous post, I have mentioned about I’m going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below: FreeBSD: Virtual Network Switch

IV Installing pfSense on an Alix.6e1

The ALIX.6e1 hardware platform:

2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6 : Installing pfSense on an Alix.6e1

Available: FreeBSD 8.2-RC2

Ken Smith has announced the availability of FreeBSD 8.2-RC2. This is the second iteration of Release Candidates which will lead to 8.2-RELEASE.

Check out the updated release schedule and yet-to-completed tasks on the FreeBSD wiki.

The second Release Candidate for the FreeBSD 8.2 release cycle is now available. Initial testing of the 7.4-RC2 install images turned up an issue with the pre-built packages that will take a few more days to address. For this build only the amd64, i386, pc98, and sparc64 architectures are available.

Related to the upcoming release of FreeBSD 8.2 is the ports freeze: Ports Feature Freeze for 7.4 and 8.

HeX LiveCD development in 2011

This is the 3rd post relating to planned development for FreeBSD-based O/S this yea (1: PC-BSD, 2: pfSense)

HeX LiveCD is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools, the HeX Live CD also contains tools to perform network forensics.

HeX 2.0, released in October 2008, is based on FreeBSD 7.0 and comes with Fluxbox as the default desktop environment. Development has slowed down with no new releases since, but the team has plans to change this in 2011.

C.S. Lee, project leader writes with regards to his 2011 development plans:

“We don’t have clear roadmap for what we are going to do with HeX in 2011, however the HeX 3.2 beta version will be released once we go through the testing phase, actually we have the HeX that is based on FreeBSD 8.2 in our closed development, and we will release the beta after we have tested ourselves.

Though we don’t have any roadmap specifically for this year, we do have todo

  • Split development – HeX will have 3 versions – Workstation, Sensor, Server(We really hope to get this done for a while but all the members are busy with own works). Right now we have HeX workstation only that’s available for security analyst to do packet post processing.
  • Remain bsd spirit, while we use HeX for many situation, especially for our security consulting works, it will remain free and open.
  • Improve the installer, not many actually know we have the easiest installer even before pc-bsd having one, we have modified version of bsd installer to get HeX installed to your laptop or vm, and many don’t know about it.
  • Largest packet processing and analysis tools in HeX workstation, you can compare ours with the rest of liveCD and you will definitely find we have almost all packet analysis tools in HeX, and all of them are categorized professionally
  • NSM Console improvement – you may have never heard of NSM Console, we actually have NSM Console that glue all the packet analysis tools together, it’s very modular and flexible where you can include any tools by writing the simple module. It’s like metasploit for packet analysis. NSM Console is written in ruby. We will ask for feedback and also suggestion to improve the tool.
  • HeX USB Stick – We actually have this in house, and we will release it soon, the reason we don’t release previously because FreeBSD has a lot of hard time when trying to boot from USB device until the USB stack has improved lately.
  • Include more tools, if you know any packet analysis tools that want to be included into HeX, let us know.
  • So for HeX Server and Sensor, I would like to explain a bit, for the server it will be a central server to collect all the network data from the sensor
  • For the HeX Sensor they will have tools like snort, bro, argus and many others, they will collect the network data and send to the HeX Server, then we can use HeX workstation to login to HeX Server and do the analysis.
  • HeX will also take advantage from the FreeBSD network stack development, for example in 8.2 BPF zero copy i implemented, and people may not heard about freebsd ringmap, so we may include ringmap implementation for our HeX Sensor, it’s currently in the testing and can be used with freebsd stable. Thanks to Alexandar for his work on that.

I would like to emphasize that with HeX normally you get almost full scale packet analysis platform, e.g, if you want to do ids/ips you can use snort/bro, if you want to do netflow analysis you can use argus/silktools/nfdump/fprobe/etc, and if you want to do statistical analysis you can use ourmon/tcpdstat/darkstat, if you want to do packet visualization, you can use afterglow, etherape and so forth.”

Thanks for the update, Mr Lee, and wishing you and the team all the best for 2011.

If you have used HeX LiveCD in the past or are still using it, what is your experience and what would you like to be added or changed? Let us know in the comments below.

FreeBSD Foundation requesting project proposals (2011)

The FreeBSD Foundation has requested proposals for potential funding. If you have any ideas how you can FreeBSD can be improved in 2011, why not submit you idea. In case you have no ideas but don’t mind getting paid for FreeBSD Development, have a look at the FreeBSD list of projects and ideas for volunteers.

The FreeBSD Foundation is pleased to announce we are soliciting the submission of proposals (submission document) for work relating to any of the major subsystems or infrastructure within the FreeBSD operating system. Proposals will be evaluated based on desirability, technical merit and cost-effectiveness.

pfSense development in 2011

Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.

As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. (m0n0wall vs pfSense).

Chris Buechler emailed the following update for 2011:

“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.

After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”

Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.

If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.

pfSense website | pfSense blog

PC-BSD development in 2011

I’ve contacted the lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Let’s start with PC-BSD today.

As you all know, PC-BSD is a free, open-source operating system based on rock-solid FreeBSD, focusing on ease-of-use and and double-click package installation (PBI). The PC-BSD project is now part of iXsystems, a company that builds storage solutions, pre-configured servers, and customised servers utilizing open source hardware and software.

Today Kris Moore, the project’s founder, announced PC-BSD 8.2RC1 and with regards to his plans for 2011 he writes:

“For 8.2, it is mainly a release to include the latest FreeBSD 8.2 / KDE 4.5.4. Also some
bug fixes are present for advanced partitioning, letting the user select between MBR/GPT,
and easily toggle between UFS+S/ZFS.

On the 9.0 front, we’ve implemented a new system of “meta-pkgs” which will let users customize their particular desktop based upon the available packages in the release. This means we can now select alternative desktop environments, such as Gnome/KDE/LXDE/XFCE and others. In order to accomplish this, all of our tools have been re-written in pure QT4, removing any requirements for KDE4 to be present.

Related to this, we’ve re-implemented our PBI system to be 100% shell, allowing it to run on native FreeBSD and not be particular about the window-manager being used. This newer PBI format also includes features to reduce the duplication of library files, digital signatures, repository management, binary patching and more. For the non-technical end user the PBI system will appear mostly the same, but for advanced users a whole set of command-line utilities will make the managing of PBI files easier and more powerfull than before.

Also on 9, we’ve switched to using UFS+SUJ (Soft-Updates Journaled) file-system by default, which is a great way to eliminate the need for a long fsck after a crash / power-loss, while not having the heavy requirements of ZFS.” (Bold by GvE)

I’ve used PBI’s since version 0.7.8. Though they worked, it was evident that PBI technology was only just born, but it’s now growing up and maturing nicely.

You’re doing a great job, Kris, and we’re all looking forward to PC-BSD 9.0, and beyond. Thanks to iXsystems for providing the support and hardware to make PC-BSD better with every release.

To check progress of PC-BSD 9.0, you may have a look at the PC-BSD 9.0 todo and the PBI 9 and beyond sections of the wiki.

Available: PC-BSD 8.2-RC1

The PC-BSD Team has announced the availability of the first Release Candidate for PC-BSD 8.2.

Version 8.2-RC1 contains a number of enhancements, improvements, and bug fixes in response to previous 8.2 testing snapshots. Some of the notable changes are:

  • Updated to FreeBSD 8.2-RC1
  • Fixed issue detecting the proper video card driver
  • Fixed some crashes when adding new users / groups
  • Added /sbin/nologin as a shell choice in the user manager
  • Let created users have a homedir of /nonexistant via the GUI
  • Fix customizing desktop languages when using a () in the description

Version 8.2-RC1 of PC-BSD is available for download from the mirrors. Everyone is encouraged to test this beta and to report any bugs to the testing mailing list. Instructions for beta testers can be found in the PC-BSD Handbook.

(Free)BSD miscelaneous links and news (week 1)

I. The Perfect Database Server: Firebird 2.5 And FreeBSD 8.1

Here is the guide on installing Firebird 2.5 from FreeBSD 8.1 Ports and creating your first test database; also we show you how to install Flamerobin GUI (administration tool) and the PHP driver for it: The perfect database server: Firebird 2.5 and FreeBSD 8.1

II. Can DragonFlyBSD’s HAMMER Compete With Btrfs, ZFS?

The most common Linux file-systems we talk about at Phoronix are of course Btrfs and EXT4 while the ZFS file-system, which is available on Linux as a FUSE (user-space) module or via a recent kernel module port, gets mentioned a fair amount too. When it comes to the FreeBSD and PC-BSD operating systems, ZFS is looked upon as the superior, next-generation option that is available to BSD users. However, with the DragonFlyBSD operating system there is another option: HAMMER. In this article we are seeing how the performance of this original creation within the DragonFlyBSD project competes with ZFS, UFS, EXT3, EXT4, and Btrfs.

HAMMER is a file-system created by the DragonFlyBSD developers themselves and is the default choice when installing this BSD operating system, but UFS remains a choice too. The one sentence description about this file-system is that “[HAMMER] provides instant crash recovery, multi-volume file systems, integrity checking, fine grained history/undo, networked mirroring, and historical snapshots.” HAMMER uses no fsck, can be sized up to one Exabyte, supports up to 256 volumes of four petabytes in size, coarse-grained history provided by snapshots with up to sixty days history, live snapshot access, and data/meta-data is CRC-checked. Like Btrfs, HAMMER snapshots can be taken at any time, can be accessed live, and boasts a similar set of features. Other HAMMER file-system features include the ability to split it up into multiple pseudo file-systems, there is support for back-up pseudo file-systems, NFS-exportable snapshots, and there is support for slave-to-slave mirroring streams: Can DragonFlyBSD’s HAMMER Compete With Btrfs, ZFS?

Matt Dillon’s, DragonFlyBSD’s project founder, thoughts on the test: HAMMER Benchmark Fun

III. Get Linux and FreeBSD hardware info with guide to commands

Switching between open source OSs can sometimes be confusing, since they may have different ways of doing things. A common task that may confuse some users when switching systems is getting hardware information. In the case of Linux-based OSs and FreeBSD, the following cheat sheet for figuring out how to do the same things on two different systems can ease some of the pain: Linux vs FreeBSD cheat sheet.

IV. Cost Optimization Through Open Source Software (iXsystems)

The lead article in this month’s edition of the Open Source Business Resource was contributed by iXsystems. It describes some of the business reasons behind the company’s choice to use only FreeBSD and PC-BSD systems in its own infrastructure and provides a cost/savings comparison for both software and maintenance costs. It also contains some good references and percentages if you’re looking for something to show your manager (via)

V. Creating an LVM-backed FreeBSD DomU in a Linux Dom0

As the topic suggests we’re going to play with Xen and set up a FreeBSD DomU inside a Linux Dom0.

FreeBSD on Sony Playstation 3 (PS3)

Following reports (e.g. Hackers bust PS3 DRM wide open with private key hack)  that hackers had found a way to obtain Sony PlayStation 3‘s private cryptography key, it was only a matter of time of FreeBSD would be run on Sony’s latest gaming station.

The latest hack to come out of the Chaos Computer Club (CCC) Congress being held in Berlin comes from the fail0verflow hacking squad, who say they’ve found a way to obtain the PS3’s private cryptography key, which is used to sign code.

With an exploit of this type, people could sign, and thus run any PS3 program. The system would then run it as though it were a valid PS3 game, and firmware upgrades won’t be able to stop it, either.

In fact, The team claims: “We only started looking at the PS3 after Other OS was killed.” OtherOS was a feature available in the first versions of the PS3. It allowed other operating systems, such as Linux or FreeBSD, to be installed on the system.

One week after the hack, FreeBSD is running indeed on PS3. There are still a few problems and rough edges, but they should be ironed out when FreeBSD 9.0 is released:

Yesterday, I imported support for the Sony Playstation 3 into our 64-bit PowerPC port, expanding our game console support into the current generation. There are still a few rough edges due to missing hardware support, but the machine boots and runs FreeBSD stably. These rough edges should be smoothed out in time for the 9.0 release.

For further instructions, check out the announcement post: Playstation 3 support now in HEAD