Encrypting your laptop with ELI and ZFS

Some time ago, I’ve given my laptop yet another FreeBSD reinstall – mostly beause I wanted to encrypt its contents (hey, you never know!). It turns out the best way to do this is to use GEOM_ELI. Of course, I can’t quite live without ZFS, so the idea was that I have a minimal /boot paritition and everything else lives on ZFS, which is encrypted using ELI.

Step-by-step instructions on rink.nu (14/11/2008)

FreeBSD as a desktop OS

Saying that FreeBSD is an excellent choice to build a server upon would be stating the blatantly obvious. Sadly though, FreeBSD as a desktop OS is a  much less common sight. This is a shame, particularly for developers who could have a desktop that closely mimics the configuration of FreeBSD servers in a remote datacenter. Very useful if you need to test things locally!

Since FreeBSD is a UNIX-like OS like Linux, just about all the software you can get for Linux is also available for FreeBSD. Significant exceptions are parts that are very closely linked to the OS kernel. Hardware support differs between OS’es so make sure you check the Hardware Notes that accompany every FreeBSD release to make sure your system is compatible.

Read further about Software Management

Source: kompasmedia.nl (17/11/2008)

m0n0wall: big friendly firewall power in a tiny package

m0n0wall is a specialized implementation of FreeBSD designed for routers and firewalls. It weighs in at well under 10 megabytes, but you still get a complete operating system, firewall, Web administration, traffic shaping, DNS server, DHCP server, SNMP, support for DynDNS updates and a whole lot more. m0n0wall offers a nice pointy-clicky interface for setting up a stout ipfilter firewall. For ultimate power, however, you really want to know how to write rules from scratch.

ipfilter rule syntax is not like iptables rules,…. more

FreeBSD Status Reports: July – September 2008

The July – September, 2008 Status Reports are now available

In this Quarter work has been progressing in quite a few areas of FreeBSD. FreeBSD 7.1-BETA2 and 6.4-RC2 have been released for pre-release testing. EuroBSDCon 2008 took place in Strasbourg, France and quite a few developers got together for the Developer Summit before the Conference. The USB2 stack has been imported into the -HEAD branch.

More…

“Official” FreeBSD Forums launched

The FreeBSD Project has announced the availability of a FreeBSD.org hosted community discussion forum. Personally, I’m quite pleased with this as I prefer forums over mailinglists. Unless you use gmail or an email program that is able to keep threads together, mailinglists can be quite “messy”.

There are already a couple of FreeBSD related forums, such as bsdnexus and daemonforums, but hopefully this will become FreeBSD’s main forum, although I’m sure there will be those out there that prefer the forum they’ve been using for years.

The FreeBSD project is finally, after much work, pleased to announce the availability of an official FreeBSD web based discussion forum. It is our hope that this forum will serve as a public support channel for FreeBSD users around the world and as a complement to our fine mailing lists.

Many thanks for everybody who emailed me regarding this.

OpenBSM 1.1 alpha 2 snapshot

Robert Watson announced the release of OpenBSM 1.1 alpha 2, a test snapshot of OpenBSM 1.1.

OpenBSM is a portable, open source implementation of Sun’s Basic Security Module (BSM) security audit API and file format. BSM, the de facto industry standard for audit, describes a set of system call and library interfaces for managing audit records, as well as a token stream file format that permits extensible and generalized audit trail processing. Records may describe both kernel events, such as system calls, as well as application events, such as login, password changes, etc. – source

The following are the change notes from the OpenBSM news file included with this release:

  • Include files in OpenBSM are now broken out into two parts: library builds required solely for user space, and system includes, which may also be required for use in the kernels of systems integrating OpenBSM.
  • Configure option –with-native-includes allows forcing the use of native include for system includes, rather than the versions bundled with OpenBSM. This is intended specifically for platforms that ship OpenBSM, have adapted versions of the system includes in a kernel source tree, and will use the OpenBSM build infrastructure with an unmodified OpenBSM distribution, allowing the customized system includes to be used with the OpenBSM build.
  • Various strcpy()’s/strcat()’s have been changed to strlcpy()’s/strlcat()’s or asprintf(). Added compat/strlcpy.h for Linux.
  • Remove compatibility defines for old Darwin token constant names; now only BSM token names are provided and used.
  • Add support for extended header tokens, which contain space for information on the host generating the record.
  • Add support for setting extended host information in the kernel, which is used for setting host information in extended header tokens. The audit_control file now supports a “host” parameter which can be used by auditd to set the information; if not present, the kernel parameters won’t be set and auditd uses unextended headers for records that it generates.

OpenBSM releases and snapshots can be downloaded from the OpenBSM project web page.

This test release is known to build and run (to varying degrees) on FreeBSD 6.x, 7.x, 8.x, Mac OS X Leopard, and OpenSuse Linux.

FreeNAS 0.69 RC1 release (Salusa Secundus)

The FreeNAS Project announced the availability of the first release candidate for FreeNAS 0.69, a FreeBSD-based operating system which provides free Network-Attached Storage (NAS) services.

Major changes:

  • Modify password handling for user ‘admin’. Because of that the password will be set back to the default which is ‘freenas’.
  • Add quixplorer 2.3.1 to administrate file system via web browser. It is accessible via http://xxx.xxx.xxx.xxx/quixplorer or WebGUI ‘Advanced|File Manager’. Administrator can login via user ‘admin’ and the WebGUI password. Local system users have access to /mnt only.
  • Replace PHPMailer with msmtp SMTP mail client.
  • Add UPS email notification.
  • Upgrade lighttpd to 1.4.20.
  • Upgrade e2fsprogs to 1.41.3.
  • Upgrade Adaptec AACRAID 32/64-bit driver to v5.2.0 Build 15753.
  • Upgrade arcconf to 5.30.17509.
  • Upgrade scponly to 4.8.

Full changelog | download