OpenBSD takes on OpenSSL project, implements changes

The OpenBSD team has started its own fork of OpenSSL, due to the backlash from the Heartbleed bug. The new project will be called LibreSSL, and is based on OpenSSL 1.0.1g. The team has already begun working on a major clean up of the code. The following list outlines the changes they have made so far:

  • Splitting up libcrypto and libssl build directories
  • Fixing a use-after-free bug
  • Removal of ancient MacOS, Netware, OS/2, VMS and Windows build junk
  • Removal of “bugs” directory, benchmarks, INSTALL files, and shared library goo for lame platforms
  • Removal of most (all?) backend engines, some of which didn’t even have appropriate licensing
  • Ripping out some windows-specific cruft
  • Removal of various wrappers for things like sockets, snprintf, opendir, etc. to actually expose real return values
  • KNF of most C files
  • Removal of weak entropy additions
  • Removal of all heartbeat functionality which resulted in Heartbleed

Check out the full notes / comments here: https://lobste.rs/s/3utipo/openbsd_has_started_a_massive_strip-down_and_cleanup_of_openssl/comments/fkwgqw

Update – you can find real time updates on this page here: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/

BSD Magazine (February 2014) – OpenBSD 5.4 – Configure OpenBSD

BSD_02_2014-1February’s issue of the BSD Magazine is now available: OpenBSD 5.4 – Configure OpenBSD Basic Services (free PDF download).

You’ll find the following subjects inside:

  • Configure OpenBSD 5.4 Basic Services
  • How Secure can Secure Shell (SSH) be?
  • Getting to Grips with the Gimp – Part 1
  • User, Group and Password Management on Linux and Solaris
  • Securing CentOS and Solaris 11 with Puppet
  • Interview with Peter N. M. Hansteen

OpenBSD 5.4 – Configure OpenBSD

BSD Magazine (December 2013) – CARP on FreeBSD

BSD_12_2013December’s issue of the BSD Magazine is now available: CARP on FreeBSD (free PDF download).

You’ll find the following subjects inside:

Configuring a Highly Available Service on FreeBSD – part 2: CARP and devd

In the first part of this series, we learned how to make high availability (HA) storage on FreeBSD using HAST. We learned how to control HAST and how to recover from failures. However, all those actions were still manual actions. In this second part of the series, Jeroen will teach how two basic building blocks, CARP and devd, work and how we can use them in the final part of our series to automate the failover of our NFS server.

FreeBSD Programming Primer – Part 11

In the penultimate part of our series on programming, Rob will look at using the Netbeans Integrated Development Environment to debug and edit our CMS.

Unix Basics – for Security Professionals

Unix is the widely known multi-user and multitasking operating system that exists in many variants (e.g. Solaris, Linux, UX, AIX …etc), and for serves mission critical server environments around the world. Ramkumar provides the basics of Unix Operating systems while discussing how UNIX addresses the above security challenges.

Introduction to Unix Kernel

It is usually a source of wonderment to PC users that the whole of the Unix operating system is in one executable. Instead of a hodge-podge of DLL’s, drivers, and various occasionally-cooperating executables, everything is done by the Unix kernel. When Unix was first introduced, the operating system was described as having a ‘shell’, or user interface, which surrounded a ‘kernel’ which interpreted the commands passed to it from the shell.

OpenBSD 5.4 as a Transparent HTTP/HTTPS Proxy

Wesley in his article will teach you how to configure Relayd for URL Blocking with https inspection and how to use and understand Packet Filter.

GhostBSD: A User-friendly, Lightweight BSD Alternative

GhostBSD is an open source desktop operating system based on FreeBSD which aims for a secure, user-friendly experience out of the box. GhostBSD comes with most common software choices already configured, giving the user a solid BSD installation out of the box. Adrian will tell you why he chose FreeBSD OS.

How Secure Can Secure Shell (SSH) Be?

To begin, let’s concentrate on the One Time Password (OTP). We are going to achieve our already secure SSH in conjunction with OTP for remote system connections. At first, in algorithmic meaning, OTP is a character string which should never repeat. Arkadiusz, in his article, demonstrates configurations as well as tricks that make using the protocol more secure.

Column by Rob Somerville

OPINION: With the UK government in collusion with the major search engines to censor 100,000 search terms to prevent child abuse, is the UK joining the ranks of the technological fascists?

Read and download: CARP on FreeBSD

Ghosts in the machine: GhostBSD 3.5

ghostbsd_logoJesse Smith has reviewed GhostBSD 3.5 in a feature story on Distrowatch and he likes what he has seen and used so far.

I was fairly happy with my experience with GhostBSD this week. In the past I have enjoyed GhostBSD because of the project’s ability to showcase what a FreeBSD-based operating system looks like running on a live disc with a functional desktop environment. There are not a lot of live discs available in the BSD communities and I was happy to see GhostBSD take on the challenge.

An interesting comment in the article (please don’t start a flamewar here ;-) is, that the more exciting developments these days seem to be happening in the BSD world. Think of ZFS, PKG-NG, Jails etc:

The second reason for my shift in focus is I feel the BSD communities, especially the FreeBSD-based projects, are where the interesting developments are happening these days. Over in FreeBSD land we have efficient PBI bundles, a mature advanced file system in the form of ZFS, new friendly and powerful system installers, a new package manager (PKG-NG), a powerful jail manager and there will soon be new virtualization technology coming with the release of FreeBSD 10.0. Meanwhile, over in the Linux camp, I feel as though things have reached a plateau. We are seeing small improvements and an increase in polish.

BSD Magazine (September 2013): Day-to-Day BSD Administration

bsdmag-2013-09September’s issue of the BSD Magazine is now available: Day to Day BSD Administration (free PDF download).

This issue is dedicated to day-to-day BSD administration with the use of MidnightBSD custom installations and Live CDs, BSD server maintenance, directory encryption using PEFS and much more.

  • It’s lonely at the top
  • MidnightBSD Custom Installations and Live CDs
  • BSD Server Maintenance
  • Re-purposing an Abandoned Mac Mini as a Wireless Router with OpenBSD
  • Monit – Monitoring solution for enterprise and SOHO servers with FreeBSD
  • FreeBSD Programming Primer – Part 8
  • A closer look at the changes in PC-BSD/TrueOS 9.2 – Part 2 – Directory encryption using PEFS
  • Intro to ZFS
  • FreeBSD on XenServer

Download and read Day-to-Day BSD Administration

BSD Magazine (August 2013): ZFS Boot Environments

BSD_08_2013-1August’s issue of the BSD Magazine is now available: ZFS Boot Environments (free PDF download).

This issue of BSD Magazine is dedicated to boot environments, including the article on ZFS Boot Environments by Kris Moore. Moreover, you can read articles about email gateway, service spawner, web programming, PKGNG and Apache THRIFT.

From the Table of Contents:

  • Quis custodiet ipsos custodes (Who will guard the guards themselves)?
  • Apache THRIFT: A much needed tutorial
  • A closer look at the changes in PC-BSD/TrueOS 9.2 – Part 1 – ZFS Boot Environments
  • An email gateway with FreeBSD to prevent malware and undesirable messages
  • The Service Spawner
  • FreeBSD Programming Primer – Part 7
  • PKGNG: The future of packages on FreeBSD and PC-BSD

Download and read ZFS Boot Environments

BSD Magazine (July 2013): Security and Cryptography in BSD

July’s issue of the BSD Magazine is now available: Security and Cryptography in BSD (free PDF download).

BSD_07_2013

This issue of BSD Magazine is dedicated to security concepts including Elliptic Curve Cryptography, Security Policy Development in TrustedBSD MAC Framework and Naxsi, the Nginx Web Application Firewall. Moreover, you will find articles about MaheshaOpenBSD and CSS programming.

You’ll find the following subjects inside:

  • An Eye For An Eye Soon Leads To Blindness
  • MaheshaOpenBSD – OpenBSD In A Serpent World
  • Security Policy Development in TrustedBSD MAC Framework
  • Using Nginx and Naxsi for Security and High Availability
  • FreeBSD Programming Primer – Part 6
  • Elliptic Curve Cryptography and Basic Applications in BSD OS

Security and Crytography in BSD