FreeBSD 6.4 CDs/DVDs now shipping from FreeBSDMall

iXsystems have announced the availability of FreeBSD 6.4-based products through FreeBSD Mall, one of their subsidiaries. In addition to CD and DVD products, there’s a large collection of FreeBSD shirts, hats, jackets, boxer shorts, stickers, case-plates, coffee mugs, mouse pads, and other promotional materials.

FreeBSD is a free operating system developed by many volunteers. To help iXsystems promote FreeBSD, why not buy some of their product?

Announcement here

FreeBSD 7.1 RC2 available

FreeBSD LogoThe FreeBSD Project has announced the availability of FreeBSD 7.1 Release Candidate 2.

FreeBSD 7.1-RC2 is now available, the second of the Release Candidates. Unless an as yet undiscovered show-stopper comes along the release itself will be anywhere from a week to two weeks from now. We might be doing it next week since the release test cycle has gone on for quite a while now and the latest thing that delayed the release was a Security Advisory (SAs don’t typically get or need much in the way of public testing). The traffic we’re seeing on the lists and in Gnats is certainly stuff we’ll pay attention to and deal with but isn’t quite severe enough to warrant further delaying an already severely delayed release. Continued…

The ISO images and FTP install trees are available on the FreeBSD Mirror sites.

Full release Announcement

Many thanks Prudvi for submitting this story.

Cool board games on FreeBSD

FreeBSD is used a lot on servers but it can be used as desktop operating system as well. You may not be able to play the latest Windows games, but there are plenty of cool board games you can play on FreeBSD (and PC-BSD / DesktopBSD)

K.C. Smith has a post on board games on FreeBSD.

Cool board games… On FreeBSD, of course. There’re many great games in ports of course. In the area of board games, gnuchess, gnugo, and gnubg have been around for a while and are all excellent. gnubg (backgammon) is a very tough opponent! Turns out computers are a lot (lot!) better at backgammon than they are at Go.So, I like board games. I also like to play board games against humans because, well, I guess I’m not that good at them. :) If you’ve got your java web-plugin working, you’ve got a great variety of games you can play against other people on-line. Yahoo! games uses java and has a large user-base and selection of games.

Recently, though, I’ve discovered this website called BoardSpace. It also uses java and works great on FreeBSD. They have bots available for many games — which is nice, it gives you a chance to learn the basics before playing against other people. And, they have a large variety of unusual games. 

More…

FreeBSD Security Advisories (ftpd & protosw)

The FreeBSD Team has issued 2 security warnings:

  • FreeBSD-SA-08:13.protosw – netgraph / bluetooth privilege escalation
  • FreeBSD-SA-08:12.ftpd – Cross-site request forgery in ftpd(8)

FreeBSD-SA-08:13.protosw

I. Background

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. As an early form of object-oriented design, much of the functionality specific to different types of sockets is abstracted via function pointers.

II. Problem Description

Some function pointers for netgraph and bluetooth sockets are not properly initialized.

III. Impact

A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.

For a workaround, solution and patch etc go here

FreeBSD-SA-08:12.ftpd

I. Background

ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server, or a standard-alone server.

A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site.

II. Problem Description

The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command.

III. Impact

This could, with a specifically crafted command, be used in a cross-site request forgery attack.

FreeBSD systems running ftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites.

For a workaround, solution and patch etc go here

Why we designed our own NAS Servers for use in our Data Center

This is a great story (Why we designed our own NAS Servers for use in our Data Center) where a company moves to open source software (i.e. FreeNAS) due to poor and expensive customer service.

Technetium Inc, hosting solutions, moved from Adaptec Snap servers and software to FreeNAS for their data centre NAS servers.

We need an OS now, and for that I picked FreeNAS which runs on FreeBSD. You can’t ask for a more stable operating system. And by the way, the FreeNAS OS runs from memory and boots from a CF card (no chance of the hard drive crashing and destroying the config). This custom built NAS system has turned out great, and our client is very pleased with the money we saved them.

Thanks Tod for sharing.

5 Best Linux/BSD Firewall tools

Matt Hartley has written an article on Intranet Journal about (in his opinion) the 5 best Linux/BSD Firewall tools:

  1. IPCop
  2. pfSense
  3. M0n0wall
  4. SmoothWall
  5. Linux LiveCD Router

Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach.

Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.

He writes the following about m0n0wall and pfSense (both BSD firewalls):

M0n0wall

Regardless of a fantastic effort by IPCop, there is just something to be said about rocking solid BSD solutions. The first that comes to mind is that from m0n0wall. It’s small, 12 MBs small! That is the single biggest distinguishing thing to note about m0n0wall. Its size and portability, that is. Designed to be a replacement for those expensive firewall appliances used today, m0n0wall works on embedded machines, in addition to being quite useful on older x86 PCs as well.

Definitely a little more advanced from a usability standpoint than other solutions out there, but do not let this fool you, because m0n0wall is VERY powerful in all of its BSD goodness. This being said, it should be noted that even though m0n0wall is workable on a older PC, it shines best on embedded systems being used by more advanced administrators. Therefore, this is not a really good solution for new Windows converts looking to convert their old PC into something cool.

pfSense

From what I have been told, the pfSense project was started by the same people as m0n0wall. Those looking to revamp an older PC might be better off going with pfSense. Plenty of features to speak of. Most notable among them include:

  • Redundancy — By creating a fallover group, the network will remain secure even in the event of interfaces that go offline for some reason.
  • Load Balancing — Provides both inbound and outbound balancing between WAN connections or multiple servers, depending on which way the traffic happens to be going.
  • Captive Portal — Force the user to authenticate or simply find themselves redirected to wherever you wish.

Source (IntranetJournal – 16/12/2008)

OpenVPN – getting it running

FreeBSD Diary has 2 howtos on setting up OpenVPN on FreeBSD

This article is about OpenVPN, a full-featured open source SSL VPN solution. I first started using OpenVPN in December 2006. That is nearly two years ago. I took some notes but I never published anything until today. My original use for OpenVPN was easy access to my home network while away from home. For this is was wonderful. Being able to ssh “directly” to my machines, cvsup, etc, was very convenient.

1) 1 OpenVPN – getting it running

In this article, I will show you how I created a routed VPN using OpenVPN. In this network, multiple clients can attach to the server, each of which has access to the network attached to the server. Each client can also contact any other client, subject to firewall rules.

In my case, I wanted a way for all my servers (on the internet, in data centers) to contact my CVS repository behind my firewall at home. Given that home has a dynamic IP address, it complicates matters. A VPN solves this issue and provides several benefits.

2) Creating a Routed VPN

iPod A1285 and FreeBSD happiness

Earlier this year Naomi got her hands on a blue iPod. It is the first time that an iPod thing invaded our life and now that I spend about a good two hours per day on the train, I think it is the right time. Only, what to put on it?

Music! Everywhere I see people with the white earplugs I hear their music, I see them chosing the next track and I wonder “Which music can be so good that you can listen to it every day?”. So music is a no-no.

Podcasts! I have several of them and up to now I always managed to listen to them while I was working from home. Right now I don’t have the luxery of working from home, or listening to them on the weekend because I spend all my time entertaining the kids. So for the last weeks these things have been piling up:….

Read further how to get (some) ipod(s) working with FreeBSD and gtkpod