Securing Network Services with FreeBSD Jails

In this article by Christer Edwards, we will explore FreeBSD Jails. FreeBSD Jails are a kernel-level security mechanism which allows you to safely segregate processes within a sandbox environment. Jails are commonly used to secure production network services like DNS or Email by restricting what a process can access. In the case of a malicious attack on one service, all other Jailed processes would remain secure. FreeBSD Jails securely limits, in an administratively simple way, the amount of damage an attacker can do to a server.

Carry on reading about ezjail:

  • Introduction
  • Ezjail
  • Ereating a jail environment
  • Configure and activate SSH
  • Configure Jail to run Web Server
  • Configure Jail as mail server with Postfix
  • Network level separation
  • Options of ezjail-admin commandv
  • Summary

Upgrade FreeBSD 7.2 to FreeBSD 8 using csup (howto)

How to upgrade FreeBSD 7.2 to FreeBSD 8 stable using csup source code method including all ports?

csup is a general-purpose network file updating package. It is extremely fast program. Make sure you backup all data, MySQL / PGSQL database, and configuration file before attempting upgrade procedure.

Source-based upgrades from previous versions are well supported and recommend to gain full control of your FreeBSD 8 kernel and base systems.

  1. Edit supfile
  2. Grab FreeBSD 8 Base System
  3. Build FreeBSD 8 Base System
  4. Build FreeBSD 8 Kernel
  5. Reboot And Boot Into A Single User Mode
  6. Merge Configuration Files
  7. Verify New Installation
  8. Upgrade Ports (Applications)

Follow this detailed and step-by-step howto from cybercity.biz

FreeBSD 8.0 available (unofficially)

No formal post or press release has been issued by the FreeBSD Team, but it seems that  FreeBSD 8.0 can now be downloaded from the servers ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.0/

It’s a few months after the initial planned release date (September), but quality is to be preferred over number of and planned dates of releases.

Here’s the CVS log showing the release branch: diff

Thanks to  Bill Totman and Gonzalo Nemmi for letting me (and you) know about the new ‘baby’.

Update your FreeBSD software with care

Chad Perrin explains step-by-step on TechRepublic how to keep a FreeBSD system up-to-date:

Certain operating systems make this easier than others, as do certain applications. FreeBSD in particular offers specific explanations of gotchas and difficulties that might affect users when software is updated, and also makes it easy to audit installed software for vulnerabilities. In cases where a test network and the resources of research in depth are unreasonable expectations, the key to ensuring upgrades go smoothly without breaking things is to have a step by step process for updating that makes minimal research easy to perform and directions for solving updating problems before they affect your system easy to find and follow. Thanks to the UPDATING notes provided by the FreeBSD Ports system, such a process is easy to develop.

The way I handle software updates on FreeBSD starts when I install FreeBSD. Once the OS is installed, I also install the /usr/ports/ports-mgmt/portupgrade port. This is a set of scripts that automate and simplify the user interface to the Ports system. You can read more about it and how to get it set up in the FreeBSD Handbook. Next, I use the portinstall command provided with portupgrade to install the portaudit tool. You can find information about it, too, in the FreeBSD Handbook.

Then, every time I need to update software, I follow a procedure that looks something like this:

Continues

AsiaBSDCon 2010

The FreeBSD Foundation is pleased to once again be a sponsor of AsiaBSDCon 2010. This conference will be held in Tokyo, March 11-14, 2010

The conference is for anyone developing, deploying and using systems based on FreeBSD, NetBSD, OpenBSD, DragonFlyBSD, Darwin and MacOS X. AsiaBSDCon is a technical conference and aims to collect the best technical papers and presentations available to ensure that the latest developments in our open source community are shared with the widest possible audience.

FreeBSD 8.0-RC3 released

The FreeBSD Project has released the third of the Release Candidates for the FreeBSD-8.0 release cycle.

The third and hopefully last of the Release Candidates for the FreeBSD 8.0 release cycle is now available. Unless something catastrophic comes up within the next couple of days we will begin the final builds for 8.0-RELEASE.

Images for amd64/i386 are available from ftp.freebsd.org. Upgrade instructions can be found here.