Tux Training

There are a number of things I like about FreeBSD, more than any Linux distribution I’ve ever used. Some of those are advantages shared by no Linux distribution I’ve used, and some are advantages shared by a few Linux distributions but not others — but no Linux distribution shares all of these advantages (even discounting things no Linux distribution has, like a BSD-licensed kernel).

Continue reading ‘Make vulnerability auditing easy with portaudit on FreeBSD’ »

FreeBSD comes with different utilities, which can be use to gathered the information as per your needs. uname command is use to print system information. dmesg command is use to print kernel ring buffer information. sysctl command is use to configure kernel parameters at runtime as well as to read hardware information.

Continue reading ‘Display FreeBSD System information’ »

In this document I will try to explain what it takes to get an encrypted fileserver.

I chose to have a server with one disk where the OS resides and all ‘big disks’ to be mounted into the directory-tree but that’s not something that’s necessary or such. I did not attempt to have the OS itself encrypted, to me it seemed unneedingly complicated and way to much a ‘single-point-of-failure’ solution to what I was looking for. I did however choose for the most secure OS out there (imho), OpenBSD :-)

From this point I assume you have an OpenBSD-box with OpenBSD 3.6 (or newer) and a generic kernel (there’s plenty of excellent literature on www.openbsd.org to help you with that) and have all the services you want installed (ftp/samba/etc.).

Continue reading ‘HOWTO: OpenBSD 3.6 encrypted disk’ »

The kernel is the core of the operating system. It is the binary file that the computer loads first and stores in memory. Because it is stored in memory, the kernel needs to be as small as possible. The kernel usually lives in the root directory (‘/’) and by default is called ‘bsd’.

Users who want their OpenBSD machine to perform specific functions or need additional device drivers might want to customize their kernel. In other OS’s, like some types of Linux, it is very popular to rebuild the kernel because the default is so bloated. For most users, the default OpenBSD kernel is sufficient; however, you should still apply kernel patches, which will require rebuilding and installing a fresh kernel.

You will need the system source code and patches. I will assume both of these have been installed.

Continue reading ‘Rebuilding the OpenBSD kernel’ »

After a fresh install, it is important to harden the security on a server before it hits your network for use.  Not only making configuration changes aid in the security of your box, but there are some practical rules to abide by.  These are some hardening tips to make your FreeBSD box more secure and will apply to both the 5.x and 4.x branches, but I will assume you are running 5.x.  If a 4.x change is different, I will note it.

Note: Please do not apply these changes carelessly on a production server.  Make sure you test, test, test on a separate box to note the effects of the changes.

Continue reading ‘How to: Harden FreeBSD’ »

Just like any of the BSDs, NetBSD can be upgraded by grabbing the latest builds and compiling them from the Internet.  Below are the steps to perform this.

Continue reading ‘How to update NetBSD’ »

OpenBSD has a claim of being the most secure Operating System out-of-the-box.  The problem is the installation is not very intuitive.  Here I will be guiding you through a standard installation of OpenBSD 3.5 and this guide assumes you have a basic i386 PC to work with and will be using your entire disk for OpenBSD.  Nothing fancy or unordinary.  For this guide, I used a 3.0 gig harddrive.

Continue reading ‘Basic Installation of OpenBSD’ »

The FreeBSD ports tree is the most common method of installing software.  With the latest 6.x releases of FreeBSD, the old method of keeping your ports tree updated is now considered obsolete.  This guide will teach you how to install and maintain your ports tree using the built-in portsnap utility.

Continue reading ‘FreeBSD: Managing the Ports Tree with Portsnap’ »

Often times we SSH into our BSD boxes and then have to leave our stations for a little bit.  If we don’t do anything special with our open terminal, that poses a serious security threat to our boxes.  Wouldn’t it be nice if we could just lock the open terminal without having to close the connection?  Well, we can with a built-in utility called lock(8).  There is also the vlock port, which is another way we can lock our shell.

Continue reading ‘Locking Your Shell In OpenBSD’ »

It is hard to deny that Adobe’s Flash Player had become more then an option when you surf the web. Not long ago we found most of the websites just based on html, css and eventually animated gifs. Video clips were just on subpages and most of us didnt really miss the obtrusive advertisment, often displayed on the banners on commercial websites like magazines.

While you can eventually ignore video websites like Youtube you find more and more pages you cannot even access—you have to skip over a Flash intro to enter the website, click through Flash-created menues, click on Flash animated maps where your current location is and other, often annoying tricks.

There were many FreeBSD users who tried to move Adobe to release their Flash Player plugin not only for Mac OSX, Linux and Solaris but simply to compile a BSD binary what we can use on BSD workstations. Not much of a reaction yet..

Continue reading ‘How to: Install Adobe Flash Player on FreeBSD’ »