BSDTalk interview with Michael Lauth, CEO of iXsystems

FreeBSD Podcasts

Will Backman from BSDTalk has a 17 minutes interview with Michael Lauth, CEO of iXsystems.

They talk about how iXsystems has build its business model around open source software and how open source software is being used internally as much as possible.

iXsystems offer PC-BSD laptops and desktops, FreeNAS base NAS servers etc

As a sidenote, BSDTalk is celebrating its 3rd birthday. Congratulations, Will. Keep this going!

BSDTalk 168 - Listen to the podcast: MP3 | OGG

OpenBSM 1.1 (alpha 4)

openbsm-logoRobert Watson has announced a test snapshot of OpenBSM 1.1 (alpha 4)  The following are the change notes from the OpenBSM NEWS file included with this release:

  • With the addition of BSM error number mapping, we also need to map the local error number passed to audit_submit(3) to a BSM error number, rather than have the caller perform that conversion.
  • Reallocate user audit events to avoid collisions with Solaris; adopt a more formal allocation scheme, and add some events allocated in Solaris that will be of immediate use on other platforms. 
  • Add an event for Calife. 
  • Add au_strerror(3), which allows generating strings for BSM errors directly, rather than requiring applications to map to the local error space, which might not be able to entirely represent the BSM error number space.
  • Major auditd rewrite for launchd(8) support. Add libauditd library that is shared between launchd and auditd. Add AUDIT_TRIGGER_INITIALIZE trigger (sent via ‘audit -i’) for (re)starting auditing under launchd(8) on Mac OS X.
  • Add ‘current’ symlink to active audit trail.
  • Add crash recovery of previous audit trail file when detected on audit startup that it has not been properly terminated.
  • Add the event AUE_audit_recovery to indicated when an audit trail file has been recovered from not being properly terminated. This event is stored in the new audit trail file and includes the path of recovered audit trail file.
  • Mac OS X and FreeBSD dependent code in auditd.c is separated into auditd_darwin.c and auditd_fbsd.c files.
  • Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls.
  • For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
  • Add support for NOTICE level logging.

This test release is known to build and run (to varying degrees) on FreeBSD 4.x, 5.x, 6.x, 7.x, 8.x, Mac OS X Leopard, Mac OS X Snow Leopard, and OpenSuse Linux.

OpenBSM releases and snapshots can be downloaded from the OpenBSM website

Thanks Robert for emailing me.

FreeBSD 6.4 CDs/DVDs now shipping from FreeBSDMall

iXsystems have announced the availability of FreeBSD 6.4-based products through FreeBSD Mall, one of their subsidiaries. In addition to CD and DVD products, there’s a large collection of FreeBSD shirts, hats, jackets, boxer shorts, stickers, case-plates, coffee mugs, mouse pads, and other promotional materials.

FreeBSD is a free operating system developed by many volunteers. To help iXsystems promote FreeBSD, why not buy some of their product?

Announcement here

FreeBSD 7.1 RC2 available

FreeBSD LogoThe FreeBSD Project has announced the availability of FreeBSD 7.1 Release Candidate 2.

FreeBSD 7.1-RC2 is now available, the second of the Release Candidates. Unless an as yet undiscovered show-stopper comes along the release itself will be anywhere from a week to two weeks from now. We might be doing it next week since the release test cycle has gone on for quite a while now and the latest thing that delayed the release was a Security Advisory (SAs don’t typically get or need much in the way of public testing). The traffic we’re seeing on the lists and in Gnats is certainly stuff we’ll pay attention to and deal with but isn’t quite severe enough to warrant further delaying an already severely delayed release. Continued…

The ISO images and FTP install trees are available on the FreeBSD Mirror sites.

Full release Announcement

Many thanks Prudvi for submitting this story.

Cool board games on FreeBSD

FreeBSD is used a lot on servers but it can be used as desktop operating system as well. You may not be able to play the latest Windows games, but there are plenty of cool board games you can play on FreeBSD (and PC-BSD / DesktopBSD)

K.C. Smith has a post on board games on FreeBSD.

Cool board games… On FreeBSD, of course. There’re many great games in ports of course. In the area of board games, gnuchess, gnugo, and gnubg have been around for a while and are all excellent. gnubg (backgammon) is a very tough opponent! Turns out computers are a lot (lot!) better at backgammon than they are at Go.So, I like board games. I also like to play board games against humans because, well, I guess I’m not that good at them. :) If you’ve got your java web-plugin working, you’ve got a great variety of games you can play against other people on-line. Yahoo! games uses java and has a large user-base and selection of games.

Recently, though, I’ve discovered this website called BoardSpace. It also uses java and works great on FreeBSD. They have bots available for many games — which is nice, it gives you a chance to learn the basics before playing against other people. And, they have a large variety of unusual games. 

More…

FreeBSD Security Advisories (ftpd & protosw)

The FreeBSD Team has issued 2 security warnings:

  • FreeBSD-SA-08:13.protosw – netgraph / bluetooth privilege escalation
  • FreeBSD-SA-08:12.ftpd – Cross-site request forgery in ftpd(8)

FreeBSD-SA-08:13.protosw

I. Background

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. As an early form of object-oriented design, much of the functionality specific to different types of sockets is abstracted via function pointers.

II. Problem Description

Some function pointers for netgraph and bluetooth sockets are not properly initialized.

III. Impact

A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.

For a workaround, solution and patch etc go here

FreeBSD-SA-08:12.ftpd

I. Background

ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. It is not enabled in default installations but can be enabled as either an inetd(8) server, or a standard-alone server.

A cross-site request forgery attack is a type of malicious exploit that is mainly targeted to a web browser, by tricking a user trusted by the site into visiting a specially crafted URL, which in turn executes a command which performs some privileged operations on behalf of the trusted user on the victim site.

II. Problem Description

The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command.

III. Impact

This could, with a specifically crafted command, be used in a cross-site request forgery attack.

FreeBSD systems running ftpd(8) server could act as a point of privilege escalation in an attack against users using web browser to access trusted FTP sites.

For a workaround, solution and patch etc go here

Why we designed our own NAS Servers for use in our Data Center

This is a great story (Why we designed our own NAS Servers for use in our Data Center) where a company moves to open source software (i.e. FreeNAS) due to poor and expensive customer service.

Technetium Inc, hosting solutions, moved from Adaptec Snap servers and software to FreeNAS for their data centre NAS servers.

We need an OS now, and for that I picked FreeNAS which runs on FreeBSD. You can’t ask for a more stable operating system. And by the way, the FreeNAS OS runs from memory and boots from a CF card (no chance of the hard drive crashing and destroying the config). This custom built NAS system has turned out great, and our client is very pleased with the money we saved them.

Thanks Tod for sharing.

5 Best Linux/BSD Firewall tools

Matt Hartley has written an article on Intranet Journal about (in his opinion) the 5 best Linux/BSD Firewall tools:

  1. IPCop
  2. pfSense
  3. M0n0wall
  4. SmoothWall
  5. Linux LiveCD Router

Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach.

Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.

He writes the following about m0n0wall and pfSense (both BSD firewalls):

M0n0wall

Regardless of a fantastic effort by IPCop, there is just something to be said about rocking solid BSD solutions. The first that comes to mind is that from m0n0wall. It’s small, 12 MBs small! That is the single biggest distinguishing thing to note about m0n0wall. Its size and portability, that is. Designed to be a replacement for those expensive firewall appliances used today, m0n0wall works on embedded machines, in addition to being quite useful on older x86 PCs as well.

Definitely a little more advanced from a usability standpoint than other solutions out there, but do not let this fool you, because m0n0wall is VERY powerful in all of its BSD goodness. This being said, it should be noted that even though m0n0wall is workable on a older PC, it shines best on embedded systems being used by more advanced administrators. Therefore, this is not a really good solution for new Windows converts looking to convert their old PC into something cool.

pfSense

From what I have been told, the pfSense project was started by the same people as m0n0wall. Those looking to revamp an older PC might be better off going with pfSense. Plenty of features to speak of. Most notable among them include:

  • Redundancy — By creating a fallover group, the network will remain secure even in the event of interfaces that go offline for some reason.
  • Load Balancing — Provides both inbound and outbound balancing between WAN connections or multiple servers, depending on which way the traffic happens to be going.
  • Captive Portal — Force the user to authenticate or simply find themselves redirected to wherever you wish.

Source (IntranetJournal – 16/12/2008)