Available: PC-BSB 9.0 testing snapshot

Kris Moore has announced another PC-BSD 9.0 testing snapshot:

“Another release of the PC-BSD 9 snapshot is now available for download. This snapshot includes a bunch of bug-fixes to the GDM login manager, some new meta-pkgs, and fixes to the PBI command-line utilities.

This snapshot also includes CD images that install the LXDE desktop, as well as the USBFULL image which contains all the available desktops and meta-pkgs.”

For more information and some tips on how to use the new PBI command line utilities, check out Dru’s blogpost on the PC-BSD blog: Next 9.0 Snapshot is Available for Testing

Miscelaneous (Free)BSD news and links (Week 2)

I End of Life Announcement for PC-BSD 7.x

With the release of version 8.2 just around the corner, and PC-BSD 9.0 slated for later this year, we will be stopping the production of new packages / PBIs for the PC-BSD 7.x series in the near future: End of Life Announcement for PC-BSD 7.x

II Required: Senior FreeBSD/UNIX/Linux Administrator

You might be our next Sr. Systems Engineer: Senior FreeBSD/UNIX/Linux Administrator

III FreeBSD: Virtual Network Switch

In the previous post, I have mentioned about I’m going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below: FreeBSD: Virtual Network Switch

IV Installing pfSense on an Alix.6e1

The ALIX.6e1 hardware platform:

2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6 : Installing pfSense on an Alix.6e1

Available: FreeBSD 8.2-RC2

Ken Smith has announced the availability of FreeBSD 8.2-RC2. This is the second iteration of Release Candidates which will lead to 8.2-RELEASE.

Check out the updated release schedule and yet-to-completed tasks on the FreeBSD wiki.

The second Release Candidate for the FreeBSD 8.2 release cycle is now available. Initial testing of the 7.4-RC2 install images turned up an issue with the pre-built packages that will take a few more days to address. For this build only the amd64, i386, pc98, and sparc64 architectures are available.

Related to the upcoming release of FreeBSD 8.2 is the ports freeze: Ports Feature Freeze for 7.4 and 8.

HeX LiveCD development in 2011

This is the 3rd post relating to planned development for FreeBSD-based O/S this yea (1: PC-BSD, 2: pfSense)

HeX LiveCD is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analysts, by analysts. Besides containing most of the popular Open Source NSM tools, the HeX Live CD also contains tools to perform network forensics.

HeX 2.0, released in October 2008, is based on FreeBSD 7.0 and comes with Fluxbox as the default desktop environment. Development has slowed down with no new releases since, but the team has plans to change this in 2011.

C.S. Lee, project leader writes with regards to his 2011 development plans:

“We don’t have clear roadmap for what we are going to do with HeX in 2011, however the HeX 3.2 beta version will be released once we go through the testing phase, actually we have the HeX that is based on FreeBSD 8.2 in our closed development, and we will release the beta after we have tested ourselves.

Though we don’t have any roadmap specifically for this year, we do have todo

  • Split development – HeX will have 3 versions – Workstation, Sensor, Server(We really hope to get this done for a while but all the members are busy with own works). Right now we have HeX workstation only that’s available for security analyst to do packet post processing.
  • Remain bsd spirit, while we use HeX for many situation, especially for our security consulting works, it will remain free and open.
  • Improve the installer, not many actually know we have the easiest installer even before pc-bsd having one, we have modified version of bsd installer to get HeX installed to your laptop or vm, and many don’t know about it.
  • Largest packet processing and analysis tools in HeX workstation, you can compare ours with the rest of liveCD and you will definitely find we have almost all packet analysis tools in HeX, and all of them are categorized professionally
  • NSM Console improvement – you may have never heard of NSM Console, we actually have NSM Console that glue all the packet analysis tools together, it’s very modular and flexible where you can include any tools by writing the simple module. It’s like metasploit for packet analysis. NSM Console is written in ruby. We will ask for feedback and also suggestion to improve the tool.
  • HeX USB Stick – We actually have this in house, and we will release it soon, the reason we don’t release previously because FreeBSD has a lot of hard time when trying to boot from USB device until the USB stack has improved lately.
  • Include more tools, if you know any packet analysis tools that want to be included into HeX, let us know.
  • So for HeX Server and Sensor, I would like to explain a bit, for the server it will be a central server to collect all the network data from the sensor
  • For the HeX Sensor they will have tools like snort, bro, argus and many others, they will collect the network data and send to the HeX Server, then we can use HeX workstation to login to HeX Server and do the analysis.
  • HeX will also take advantage from the FreeBSD network stack development, for example in 8.2 BPF zero copy i implemented, and people may not heard about freebsd ringmap, so we may include ringmap implementation for our HeX Sensor, it’s currently in the testing and can be used with freebsd stable. Thanks to Alexandar for his work on that.

I would like to emphasize that with HeX normally you get almost full scale packet analysis platform, e.g, if you want to do ids/ips you can use snort/bro, if you want to do netflow analysis you can use argus/silktools/nfdump/fprobe/etc, and if you want to do statistical analysis you can use ourmon/tcpdstat/darkstat, if you want to do packet visualization, you can use afterglow, etherape and so forth.”

Thanks for the update, Mr Lee, and wishing you and the team all the best for 2011.

If you have used HeX LiveCD in the past or are still using it, what is your experience and what would you like to be added or changed? Let us know in the comments below.

FreeBSD Foundation requesting project proposals (2011)

The FreeBSD Foundation has requested proposals for potential funding. If you have any ideas how you can FreeBSD can be improved in 2011, why not submit you idea. In case you have no ideas but don’t mind getting paid for FreeBSD Development, have a look at the FreeBSD list of projects and ideas for volunteers.

The FreeBSD Foundation is pleased to announce we are soliciting the submission of proposals (submission document) for work relating to any of the major subsystems or infrastructure within the FreeBSD operating system. Proposals will be evaluated based on desirability, technical merit and cost-effectiveness.

pfSense development in 2011

Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.

As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. (m0n0wall vs pfSense).

Chris Buechler emailed the following update for 2011:

“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.

After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”

Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.

If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.

pfSense website | pfSense blog

PC-BSD development in 2011

I’ve contacted the lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Let’s start with PC-BSD today.

As you all know, PC-BSD is a free, open-source operating system based on rock-solid FreeBSD, focusing on ease-of-use and and double-click package installation (PBI). The PC-BSD project is now part of iXsystems, a company that builds storage solutions, pre-configured servers, and customised servers utilizing open source hardware and software.

Today Kris Moore, the project’s founder, announced PC-BSD 8.2RC1 and with regards to his plans for 2011 he writes:

“For 8.2, it is mainly a release to include the latest FreeBSD 8.2 / KDE 4.5.4. Also some
bug fixes are present for advanced partitioning, letting the user select between MBR/GPT,
and easily toggle between UFS+S/ZFS.

On the 9.0 front, we’ve implemented a new system of “meta-pkgs” which will let users customize their particular desktop based upon the available packages in the release. This means we can now select alternative desktop environments, such as Gnome/KDE/LXDE/XFCE and others. In order to accomplish this, all of our tools have been re-written in pure QT4, removing any requirements for KDE4 to be present.

Related to this, we’ve re-implemented our PBI system to be 100% shell, allowing it to run on native FreeBSD and not be particular about the window-manager being used. This newer PBI format also includes features to reduce the duplication of library files, digital signatures, repository management, binary patching and more. For the non-technical end user the PBI system will appear mostly the same, but for advanced users a whole set of command-line utilities will make the managing of PBI files easier and more powerfull than before.

Also on 9, we’ve switched to using UFS+SUJ (Soft-Updates Journaled) file-system by default, which is a great way to eliminate the need for a long fsck after a crash / power-loss, while not having the heavy requirements of ZFS.” (Bold by GvE)

I’ve used PBI’s since version 0.7.8. Though they worked, it was evident that PBI technology was only just born, but it’s now growing up and maturing nicely.

You’re doing a great job, Kris, and we’re all looking forward to PC-BSD 9.0, and beyond. Thanks to iXsystems for providing the support and hardware to make PC-BSD better with every release.

To check progress of PC-BSD 9.0, you may have a look at the PC-BSD 9.0 todo and the PBI 9 and beyond sections of the wiki.

Available: PC-BSD 8.2-RC1

The PC-BSD Team has announced the availability of the first Release Candidate for PC-BSD 8.2.

Version 8.2-RC1 contains a number of enhancements, improvements, and bug fixes in response to previous 8.2 testing snapshots. Some of the notable changes are:

  • Updated to FreeBSD 8.2-RC1
  • Fixed issue detecting the proper video card driver
  • Fixed some crashes when adding new users / groups
  • Added /sbin/nologin as a shell choice in the user manager
  • Let created users have a homedir of /nonexistant via the GUI
  • Fix customizing desktop languages when using a () in the description

Version 8.2-RC1 of PC-BSD is available for download from the mirrors. Everyone is encouraged to test this beta and to report any bugs to the testing mailing list. Instructions for beta testers can be found in the PC-BSD Handbook.