Upgrade FreeBSD 7.2 to FreeBSD 8 using csup (howto)

How to upgrade FreeBSD 7.2 to FreeBSD 8 stable using csup source code method including all ports?

csup is a general-purpose network file updating package. It is extremely fast program. Make sure you backup all data, MySQL / PGSQL database, and configuration file before attempting upgrade procedure.

Source-based upgrades from previous versions are well supported and recommend to gain full control of your FreeBSD 8 kernel and base systems.

  1. Edit supfile
  2. Grab FreeBSD 8 Base System
  3. Build FreeBSD 8 Base System
  4. Build FreeBSD 8 Kernel
  5. Reboot And Boot Into A Single User Mode
  6. Merge Configuration Files
  7. Verify New Installation
  8. Upgrade Ports (Applications)

Follow this detailed and step-by-step howto from cybercity.biz

Download ports simultaneously with multiple connections (howto)

freebsd_axelWe have already referred to a very useful FreeBSD tip (How to use Meta Ports to install group of ports) on psybermonkey.net before, and there’s another great howto:

Download ports simultaneously with multiple connections

By default, ports uses 1 connection to download and thus unbearably slow when a server rate limit the connection. Alternatively, we can tell ports to use external utility in order to open multiple connections and download simultaneously.

Go here to see how you can download FreeBSD ports simultaneously with Axel.

Axel tries to accelerate HTTP/FTP downloading process by using multiple connections for one file. It can use multiple mirrors for a download. Axel has no dependencies and is lightweight, so it might be useful as a wget clone on byte-critical systems.

VirtualBox: how to move FreeBSD to a new hard disk

Georges has written a post showing how to move a VirtualBox FreeBSD system to another, larger, VirtualBox drive:

“Let’s say that, like me, you once created a fixed-size virtual disk in VirtualBox, and installed FreeBSD on it. Now you’ve run out of disk space and you’d like to move your FreeBSD to a bigger-sized virtual disk. Here’s how I did it. This procedure was done with VirtualBox 2.0.{4, 6} on Windows XP.

First, with VirtualBox not running, make a backup copy of the whole .VirtualBox folder, just in case.

Start VirtualBox and select your FreeBSD virtual machine.

In Settings, Hard Disks: create a new Hard Disk, fixed-size. As the currently active HD is IDE Primary Master, the new HD will automatically be an IDE Primary Slave.When it’s done, click OK. The FreeBSD VM now has two hard disks. It’s like you’ve just added a new hard disk inside a real machine, a blank unformatted disk, which will be detected as a top-level IDE device (/dev/ad1) by the kernel.”

Go here for all the needed steps

FreeBSD as a WiFi Access Point

At a recent Linux users’ gathering Ivan Voras temporarily saved the day when a WRT router was not working. He set up his Acer Aspire One netbook as a wireless access point on FreeBSD 8.0. It had wired connectivity to the Internet from one side and offered WiFi via its Atheros card on the other side. In between it did NAT and protected the LAN side from the Linux hackers, both with ipfw. Here is how he configured it.

Firstly, only one non-base utility was used – dns/dnsmasq, a lightweight DHCP and DNS server. Everything else is in the base system.

Overall steps taken to create a functional FreeBSD AP with a wired connection are:

  • Configure the network interface
  • Configure firewall and NAT
  • Configure dnsmasq

Step-by-step wifi-access-point set up

Setup FreeBSD Jail with ezjail

PC-BSD has the Warden GUI to install and maintain jails. Setting these up can also, and I’m sure many would prefer this way, be set up from the console.  Cyberciti.biz has published a useful and extensive guide:

How do I setup operating system-level virtualization that allows me to partition my FreeBSD-based server system into several independent mini-systems called jails.? I’d like to set one jail for mail and another for web server via 2 public IP address.

Each jail under FreeBSD virtual environment runs on the host machine with its own files, processes, user and superuser accounts. From within a jailed process, the environment is almost indistinguishable from a real system. The easiest way to set, create and modify jails is using a framework called ezjail.

Setup FreeBSD Jail with ezjail

Install FreeBSD 8.0 from USB memory stick

Martin Wilke has a useful step-by-setp guide (via bsdgroup.de) to install FreeBSD 8.0 (stable version yet to be released) from a USB pendrive:

dd if=/dev/zero of=/dev/da0 bs=1k count=1
bsdlabel -Bw da0 auto
newfs -L FreeBSD /dev/da0a
mdconfig -a -t vnode -f 8.0-HEAD-20090609-JPSNAP-i386-dvd1 -u 0 && mount -r -t cd9660 /dev/md0 /mnt/iso
mount /dev/da0a /mnt/USB-Stick
copy all files from your mounted cd in to your USB-Stick, after that you need to create a fstab for your USB-Stick
vi /mnt/USB-Stick/etc/fstab and put following in:
/dev/ufs/FreeBSD / ufs ro 0 0

FreeBSD security (incl video)

These are some recent links with regards FreeBSD security:

1.  Using DenyHosts to help thwart SSH attacks on FreeBSD

DenyHosts is a script intended to be run by UNIX-like system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

  1. % su
  2. # cd /usr/ports/security/denyhosts
  3. # make install clean
  4. # echo ‘denyhosts_enable=”YES”‘ >> /etc/rc.conf
  5. # echo ‘syslogd_flags=”-s -c”‘ >> /etc/rc.conf
  6. # echo “sshd : /etc/hosts.deniedssh : deny” >> /etc/hosts.allow
  7. # echo “sshd : ALL : allow” >> /etc/hosts.allow
  8. # touch /etc/hosts.deniedssh
  9. Edit /usr/local/etc/denyhosts.conf and uncoment the BLOCK_SERVICE = sshd entry.
  10. # /usr/local/etc/rc.d/denyhosts onestart

Source - linux-bsd-sharing.blogspot.com

2. Network Security Monitoring

Richard Bejtlich, from TAO Security, did a presentation on network security monitoring using FreeBSD.

In this presentation I’ll discuss my latest thinking on using FreeBSD to identify normal, suspicious, and malicious traffic in enterprise networks. FreeBSD is a powerful platform for network traffic inspection and log analysis, and I’ll share a few ways I use it in production environments.


3. FreeBSD supported branches update

The branches supported by the FreeBSD Security Officer have been updated to reflect the EoL (end-of-life) of FreeBSD 7.0. The new list is below and at . Please note that FreeBSD 7.0 was originally announced with an EoL date of February 28, 2009, but the EoL was delayed by two months in order to allow a 3 month window for systems to be upgraded to FreeBSD 7.1. [source]

The current designation and estimated lifetimes of the currently supported branches are given below. TheEstimated EoL (end-of-life) column gives the earliest date on which that branch is likely to be dropped. Please note that these dates may be extended into the future, but only extenuating circumstances would lead to a branch’s support being dropped earlier than the date listed.

  • RELENG_6 – 30 November 2010
  • RELENG_6_3 – 31 January 2010
  • RELENG_6_4 -  30 November 2010
  • RELENG_7 - last release + 2 years
  • RELENG_7_1 - 31 January 2011

These dates can also be found on the calendar at BSDEvents.net

4. How to harden FreeBSD

After a fresh install, it is important to harden the security on a server before it hits your network for use.  Not only making configuration changes aid in the security of your box, but there are some practical rules to abide by.  These are some hardening tips to make your FreeBSD box more secure and will apply to both the 5.x and 4.x branches, but I will assume you are running 5.x.  If a 4.x change is different, I will note it.

Instructions here (Tux Training)

Open source NAS device using FreeNAS and iSCSI drives (howtos & video))

FreeNAS LogoDave Lawlor has put together some really easy-to-follow instructions on how to install and configure FreeNAS.

FreeNAS is a free NAS (Network-Attached Storage) server, supporting: CIFS (samba), FTP, NFS, AFP, RSYNC, iSCSI protocols, S.M.A.R.T., local user authentication, Software RAID (0,1,5) with a Full WEB configuration interface. FreeNAS takes less than 32MB once installed on Compact Flash, hard drive or USB key.
The minimal FreeBSD distribution, Web interface, PHP scripts and documentation are based on M0n0wall.

There are a couple of other good howtos available but this one by far the easiest to follow, AND the screenshots are of the latest FreeNAS version (changed GUI).

So far Dave has posted 3 tutorials:

1. Build Your Own Open Source NAS Device Using FreeNAS – Part 1

(Downloading, installing and accessing FreeNAS for the first time)

2. Build Your Own Open Source NAS Device Using FreeNAS – Part 2

(Setting up and accessing drives, and testing the FreeNAS installation)

3. How to Setup iSCSI Drive Using FreeNAS

(What is iSCSI and setting it up)

Hopefully we’ll see more posts from him over the next few weeks.

I came also across another interesting FreeNAS related video where Chris, from Jupiter Broadcasting, shows how FreeNAS can transform an old PC into a full blown NAS server:

More information on NAS servers can be found on NAS, SANs and Storage Server Technology