NetBSD 6.1.4 is released

NetBSDNetBSD has just released version 6.1.4, which addresses the recent Heartbleed vulnerability, as well as other security and stability issues.

NetBSD is a free, secure, and highly portable UNIX-like Open Source operating system available for many platforms, from 64-bit AlphaServers and desktop systems to handheld and embedded devices. Its clean design and advanced features make it excellent in both production and research environments, and it is user-supported with complete source. Many applications are easily available through The NetBSD Packages Collection.

For the full release notes, check out the following link: http://www.netbsd.org/releases/formal-6/NetBSD-6.1.4.html

OpenBSD takes on OpenSSL project, implements changes

The OpenBSD team has started its own fork of OpenSSL, due to the backlash from the Heartbleed bug. The new project will be called LibreSSL, and is based on OpenSSL 1.0.1g. The team has already begun working on a major clean up of the code. The following list outlines the changes they have made so far:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

Check out the full notes / comments here: https://lobste.rs/s/3utipo/openbsd_has_started_a_massive_strip-down_and_cleanup_of_openssl/comments/fkwgqw

Update – you can find real time updates on this page here: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/

BSD Magazine (February 2014) – OpenBSD 5.4 – Configure OpenBSD

BSD_02_2014-1February’s issue of the BSD Magazine is now available: OpenBSD 5.4 – Configure OpenBSD Basic Services (free PDF download).

You’ll find the following subjects inside:

  • Configure OpenBSD 5.4 Basic Services
  • How Secure can Secure Shell (SSH) be?
  • Getting to Grips with the Gimp – Part 1
  • User, Group and Password Management on Linux and Solaris
  • Securing CentOS and Solaris 11 with Puppet
  • Interview with Peter N. M. Hansteen

OpenBSD 5.4 – Configure OpenBSD

BSD Magazine (December 2013) – CARP on FreeBSD

BSD_12_2013December’s issue of the BSD Magazine is now available: CARP on FreeBSD (free PDF download).

You’ll find the following subjects inside:

Configuring a Highly Available Service on FreeBSD – part 2: CARP and devd

In the first part of this series, we learned how to make high availability (HA) storage on FreeBSD using HAST. We learned how to control HAST and how to recover from failures. However, all those actions were still manual actions. In this second part of the series, Jeroen will teach how two basic building blocks, CARP and devd, work and how we can use them in the final part of our series to automate the failover of our NFS server.

FreeBSD Programming Primer – Part 11

In the penultimate part of our series on programming, Rob will look at using the Netbeans Integrated Development Environment to debug and edit our CMS.

Unix Basics – for Security Professionals

Unix is the widely known multi-user and multitasking operating system that exists in many variants (e.g. Solaris, Linux, UX, AIX …etc), and for serves mission critical server environments around the world. Ramkumar provides the basics of Unix Operating systems while discussing how UNIX addresses the above security challenges.

Introduction to Unix Kernel

It is usually a source of wonderment to PC users that the whole of the Unix operating system is in one executable. Instead of a hodge-podge of DLL’s, drivers, and various occasionally-cooperating executables, everything is done by the Unix kernel. When Unix was first introduced, the operating system was described as having a ‘shell’, or user interface, which surrounded a ‘kernel’ which interpreted the commands passed to it from the shell.

OpenBSD 5.4 as a Transparent HTTP/HTTPS Proxy

Wesley in his article will teach you how to configure Relayd for URL Blocking with https inspection and how to use and understand Packet Filter.

GhostBSD: A User-friendly, Lightweight BSD Alternative

GhostBSD is an open source desktop operating system based on FreeBSD which aims for a secure, user-friendly experience out of the box. GhostBSD comes with most common software choices already configured, giving the user a solid BSD installation out of the box. Adrian will tell you why he chose FreeBSD OS.

How Secure Can Secure Shell (SSH) Be?

To begin, let’s concentrate on the One Time Password (OTP). We are going to achieve our already secure SSH in conjunction with OTP for remote system connections. At first, in algorithmic meaning, OTP is a character string which should never repeat. Arkadiusz, in his article, demonstrates configurations as well as tricks that make using the protocol more secure.

Column by Rob Somerville

OPINION: With the UK government in collusion with the major search engines to censor 100,000 search terms to prevent child abuse, is the UK joining the ranks of the technological fascists?

Read and download: CARP on FreeBSD

Ghosts in the machine: GhostBSD 3.5

ghostbsd_logoJesse Smith has reviewed GhostBSD 3.5 in a feature story on Distrowatch and he likes what he has seen and used so far.

I was fairly happy with my experience with GhostBSD this week. In the past I have enjoyed GhostBSD because of the project’s ability to showcase what a FreeBSD-based operating system looks like running on a live disc with a functional desktop environment. There are not a lot of live discs available in the BSD communities and I was happy to see GhostBSD take on the challenge.

An interesting comment in the article (please don’t start a flamewar here ;-) is, that the more exciting developments these days seem to be happening in the BSD world. Think of ZFS, PKG-NG, Jails etc:

The second reason for my shift in focus is I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (PKG-NG), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0. Meanwhile, over in the Linux camp, I feel as though things have reached a plateau. We are seeing small improvements and an increase in polish.

BSD Magazine (September 2013): Day-to-Day BSD Administration

bsdmag-2013-09September’s issue of the BSD Magazine is now available: Day to Day BSD Administration (free PDF download).

This issue is dedicated to day-to-day BSD administration with the use of MidnightBSD custom installations and Live CDs, BSD server maintenance, directory encryption using PEFS and much more.

  • It’s lonely at the top
  • MidnightBSD Custom Installations and Live CDs
  • BSD Server Maintenance
  • Re-purposing an Abandoned Mac Mini as a Wireless Router with OpenBSD
  • Monit – Monitoring solution for enterprise and SOHO servers with FreeBSD
  • FreeBSD Programming Primer – Part 8
  • A closer look at the changes in PC-BSD/TrueOS 9.2 – Part 2 – Directory encryption using PEFS
  • Intro to ZFS
  • FreeBSD on XenServer

Download and read Day-to-Day BSD Administration