BSD Magazine (May 2013): Jails Firewall with PF

BSD Magazine (May 2013): Jails Firewall with PFApril’s issue of the BSD Magazine is now available: Jails Firewall with PF (free PDF download).

You’ll find the following subjects inside:

  • SpiderFoot 2.0: The Open Source Footprinting Tool
  • FreeBSD Jails Firewall with PF
  • Improvements to Jail Management via the Warden
  • msearch: MidnightBSD Search
  • Useful Utilities for PF
  • FreeBSD Programming Primer: Write HTML, CSS, PHP, and SQL Code
  • DTrace: A Deeper Approach

Continue reading

New BSD Magazine (March 2013): Handling Kernel Panic

March’s issue of the BSD Magazine is now available: Handling Kernel Panic (free PDF download).

You’ll find the following subjects inside:

  • Reacting to Panic: How to Configure the System to handle Crash Dumps
  • MaheshaBSD Server: MySQL and WordPress in FreeBSD
  • FreeBSD Programming Primer: How to Embed CSS and Javascript in Pages
  • Hardening FreeBSD with TrustedBSD and MAC: configuration of mac_ifoff, mac_portacl, and MAC LOMAC modules

Handling Kernel Panic

BSD Magazine (2012-02): Rehosting in NetBSD

BSD Mag 2012-02February’s issue of the BSD Magazine is now available: Rehosting in NetBSD (free PDF download).

You’ll find the following subjects inside:

  • VAX/OpenVMS Rehosting in NetBSD 6.0 Hosts
  • What’s around the Corner: A Look at Upcoming PC-BSD Changes
  • SSL for Dovecot and Roundcube for the Qmail MTA
  • FreeBSD Unattended Installation of Servers
  • FreeBSD Programming Primer (CMS)
  • Organizational Structure and Culture at FreeBSD

Download and read: Rehosting in NetBSD

(via G+)

A decade of OS Access-control Extensibility (MAC)

This is an interesting piece on mandatory access-control by the well-known computer researcher and FreeBSD Foundation member Robert Watson:

To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security; Type Enforcement in SELinux; anti-malware products; app sandboxing in Apple OS X, Apple iOS, and Google Android; and application-facing systems such as Capsicum in FreeBSD. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization—the adaptation of operating-system security models to site-local or product-specific requirements.

A Decade of OS Access-control Extensibility

BSD Magazine (Dec 2012): Linux Jails in PC-BSD

December’s issue of the BSD Magazine is now available: Linux Jails in PC-BSD (free PDF download).

You’ll find the following subjects inside:

  • Installing and Configuring Linux Jails in PC-BSD
  • A simple DNS-DHCP Server for Small Business Network with dnsmasq
  • Hardening FreeBSD with TrustedBSD and Mandatory Access Controls
  • FreeBSD Enterprise Search with Apache Solr
  • PostgreSQL: Schemas
  • EuroBSDcon and MeetBSD California: Two Continents, One Community

The Sandbox

8:45 Monday morning. I fill the espresso filter basket with a good measure of Italian coffee, flick the switch to espresso, and 60 seconds later am rewarded with a demitasse of viscous caffeine, complete with the requisite creamy head. Coffee is an essential part of the I.T. toolkit, especially when deadlines loom and the disconnect between customer, 3rd party supplier and the gap between expectations and reality becomes wider by the day…

Installing and Configuring Linux Jails in PC-BSD

Whether you prefer the CLI or a GUI, one thing most people can agree on, is that The Warden is a great tool for managing jails. The Warden has been available as an add-on in PC-BSD since version 8, and is available as a port in FreeBSD as well. It now comes built-in to version 9.1 of PC-BSD and TrueOS (a variant of PC-BSD included in the install DVD that consists of FreeBSD and enhanced command line versions of PC-BSD tools). This article explains how to use the Warden to create a Linux jail, configure nat for it and instal Linux packages in the jail.

FreeBSD Enterprise Search with Apache Solr (Part 4)

So far, we have used Solr to access and index content found in web pages, XML files, databases and external websites. But as far as using Solr in the enterprise is concerned, how can we access disparate documents such as PDF and Microsoft Word files? This is where Apache Tika is invaluable – supporting over 14 different types of document formats. In the final part of our series on Apache Solr the author will look at Apache Tika and demonstrate how to import and index document content with Apache Solr.

PostgreSQL: Schemas

This article provides an introduction to schemas, a feature of PostgreSQL that allow Database Administrators (DBAs) to organize their database objects, mainly tables, into name spaces in order to either avoid naming conflicts and better structure the database itself. All the examples shown here have been tested on a PostgreSQL 9.1 cluster running on a FreeBSD 8.2-RELEASE machine; all the example source code is available in a GitHub repository.

A simple DNS-DHCP Server for Small Business Network with dnsmasq

From this article you will learn how to setup and manage a Small Business DNS/DHCP server. A real example of small LAN business network are the so called “SoHo” (single office/home office SOHO), namely a category of businesses that has 1 to 10 employees, but this is only the staring point. In fact, there are examples of deployable environment for Dnsmasq configurations used for more than 1000 hosts. On the other side of the coin there are still some limitations, such as a very basic support for IPv6 router advertisements for DHCPv6 to work and the inability to serve many zone files (many domains), but this project brought us many surprises in time and will only get better. Knowing the strengths and limits of this daemon, a network administrator can now decide whether to install Dnsmasq.

Hardening FreeBSD with TrustedBSD and Mandatory Access Controls (Part 4)

Most system administrators understand the need to lock down permissions for files and applications. In addition to these configuration options on FreeBSD, there are features provided by TrustedBSD that add additional layers of specific security controls to fine tune the operating system for multilevel security. Since version 5.0 of FreeBSD, the TrustedBSD extensions have been included with the default install of the operating system. By default, this functionality is disabled and requires support to be compiled in or kernel modules to be loaded at boot time. For the purpose of this article, support will be loaded in with kernel modules already available with FreeBSD 9. Part 4 of the TrustedBSD series will cover the basic configuration of the mac_seeotheruids module.

EuroBSDcon and MeetBSD California: Two Continents, One Community

This year’s EuroBSDcon and MeetBSD California took place just a few weeks apart in two very different locations but together demonstrated seamless solidarity on the part of the BSD community. MeetBSD in Sunnyvale, California was like a reunion for many speakers and attendees who had recently met in Warsaw, Poland for EuroBSDcon. Some familiar European faces such as Robert Watson and Alexander Motin even made appearances only at the more distant event, showing once again that the geography of BSD and its community is “the Internet”. Read the overview describing both these wonderful events. Check what you have missed or refresh your memory.

PgDay.IT 2012

The sixth edition of the Italian PostgreSQL Day (PgDay) held at the Monash University Center in Prato, Tuscany, on November the 23th has been a success. The Italian community did respond very well to the event, and guests from all over the country came to discuss, acquire knowledge and share experience about this great database. Here is a great example of how passion can gather people together. Just follow their steps.

Download the December issue: Linux Jails in PC-BSD

BSD Magazine (Nov 2012): Run FreeBSD as NAT Instance in Cloud

Run FreBSD as NAT instance in CloudNovember’s issue of the BSD Magazine is now available: Run FreeBSD as NAT Instance in Cloud (free PDF download).

You’ll find the following subjects inside:

NETGEAR Universal Wifi Adapter

The trend towards increased internet connectivity of media devices (TV’s, gaming consoles, DVR’s) has brought a work-around for one of few my frustrations with BSD operating systems – the limited support for newer wireless adapters. Many of these media devices have an ethernet port, but no way to attach a wireless adapter. Several companies have stepped up to this opportunity and have created universal wireless adapters that connect to the ethernet port rather than an expansion port. Since the device connects to the ethernet port, no driver is needed. Since no driver is needed, these devices should work with BSD operating systems. In this article, I will test Netgear’s Universal Wifi Adapter, model WNCE2001.

Automating the Deployment of FreeBSD and PC-BSD Systems

In PC-BSD 9.x every installation is fully-scripted, due to the the pc-sysinstall backend. This backend can also be used to quickly automate the deployment of FreeBSD servers and PC-BSD desktops using a PXE boot environment. In PC-BSD & TrueOS 9.1 and higher, this functionality is easy to setup and deploy using the “pc-thinclient” utility. PXE booting allows you to boot systems via the LAN interface, as opposed to using traditional media, such as DVD or USB. In order for clients to boot via PXE they will need a PXE capable network adapter.

Network Concepts, Routing and Firewalls

This article is aimed at anyone who wants to learn more about networking, routers and firewalls. We will discuss this topic in terms of a BSD/PF firewall/router.

FreeBSD as a NAT Instance in Amazon Cloud

Amazon VPC lets you launch instances in a virtual network that closely resembles a traditional network that you might operate in your own data center. You place publicly accessible servers (for example, web servers, DNS server etc.) into a public-facing subnet, and place your backend systems (databases, application servers etc.) in a private subnet with no Internet access. Instances in the private subnet can access the Internet only by routing their traffic through a NAT instance in a public subnet. This article is intended for beginners wanting to install and run FreeBSD as a NAT instance in Amazon Virtual Private Cloud (Amazon VPC).

PostgreSQL: Indexes (Part 2)

This article continues the previous one, presenting the readers with a few index examples and how the access costs are computed by the query planner. All the examples shown here have been tested on a PostgreSQL 9.1 cluster running on a FreeBSD 8.2-RELEASE machine; all the example source code are available in a GitHub repository.

FreeBSD Enterprise Search with Apache Solr (Part 3)

One of the important facets of enterprise search is to be able to search internal (Intranet) and external websites. On a smaller scale, it is relatively trivial to assemble some code in PHP or Perl to pull web pages from a site, extract the links from the HTML and then “wash, rinse, repeat”. The difficulty arises when we want to index, rank, and effectively manage these results on a large scale. Almost 10 years ago, Apache Nutch was developed as the key technology to crawl 100 million webpages, and has proved time and again that it is an efficient scalable solution. Nutch can be clustered, it is robots.txt friendly, and using modular plug-ins ans schemas, can be tuned to bias certain results first. While Nutch integration and tuning is quite specialized, it is fairly trivial to configure Nutch to dump results of a crawl session into MySQL (or any other JDBC based database for that matter), and rank / review these queries in Solr.

Download and read the whole magazine: Run FreeBSD as NAT Instance in Cloud

FreeBSD news and links round-up – week 44

Welcome to the weekly (Free)BSD news round-up (week 44) where we have a mix of news snippets, links, howto’s and software/package updates for you all. These tid-bits are all very interesting and news worthy, yet too small to package as individual posts.

FreeBSD News

A FreeBSD Success Story

… Then, we switched the server to a new one, quad core, sixty gigabytes of ram and two terabytes of disk. This time, I chose FreeBSD because I knew that it would work greatly ! Linux could have worked too, maybe we could have more performance, but it would not be as easy to manage as our FreeBSD box… More

FreeBSD Ports

Bernhard Fröhlich joined the FreeBSD Ports Team in October.

Releases

1. FreeNAS 8.3 User Guide

The FreeNAS 8.3.0 Users Guide is available for download as EPUB, HTML and PDF.

2. M0n0wall 1.34b1 released

Manuel Kasper has announced Beta1 of M0n0wall 1.34.

“A maintenance version in the m0n0wall 1.3 branch has been released: 1.34b1 includes the CSRF-related fixes recently made to the beta branch, as well as a few others security-relevant things. Nothing is high priority, but once 1.34b1 has received some wider testing, it will be re-released as 1.34, and 1.33 users will be recommended to upgrade.”

Software/package updates

1. FreeBSD/Raspberry Pi

Gonzo has mentions that he has moved his FreeBSD/Raspberry Pi project into FreeBSD Head / Current.

2 KNemo 0.7.4 receives major improvements for FreeBSD

KNemo is a tool that monitors the network traffic and provides a tray widget for every network interface, support for network statistics, and different icon themes.

Highlights of the release are:

• Bugs in the BSD backend has been fixed;
• Wrong traffic bug reported on FreeBSD has been repaired;
• Wrong encryption state for mixed WEP connections on FreeBSD has been fixed;
• Default gateway previously undetected on FreeBSD is now working properly;
• A monochrome icon theme has been added;
• Support for the legacy system tray icon has been removed;
• Embedded plotter code has been dropped in favor of libksignalplotter.

Websites / Social Media

As some of you may have seen already RootBSD has a new website. It looks very clean and slick and looks more ‘web 2.0′ than the previous version.

RootBSD was established with one goal in mind: to provide reliable, flexible, and supported BSD-based hosting services to professionals and businesses. Our extensive selection of FreeBSD, OpenBSD, and Linux hosting packages means there is a right package for almost everyone.

(Free)BSD Events

1. PfSense Weekend (Brazil)

There will be a classroom pfSense weekend in Porto Alegre (Brazil) from 14-16 December. More details on http://www.cursopfsense.com.br/

New FreeBSD Committers

In October 2012 the following people became new committers or were given enhanced FreeBSD update rights: Simon J. Gerraty (src), Erwin Lansing (src, ports) and Eitan Adler (src, ports, doc).

BSD / Unix Family News

OpenBSD 5.2 arrives with improved multi-core support.

The OpenBSD project has released version 5.2 of its free BSD-based UNIX-like operating system. According to its developers, the most important change in the new release is the switch from user-level to kernel-level threads. This allows programs with multiple threads to use multiple CPU cores. (via)