BSD Security - Protect Your BSDRelease Date: 2012-05
Free Issue to Download! BSD 5/2012
In order to download the magazine you need to sign up to our newsletter. After clicking the “Download” button, you will be asked to provide your email address. You need to verify your email address using the link from the activation email you will receive. If you already subscribed to our list, you will be asked to provide your email address each time you download the magazine. No activation email will be sent and you should see the link for download.
1. After the activation of your subscription you need to click the “download” button once again to start downloading the PDF.
2. In case you do not get the activation email please check your spam folder. If it is not there, please use different email address.
A Fresh Look at the Warden for PC-BSD 9.1
For the PC-BSD 8.x series, new jail management software named “Warden” was first introduced. This software provided users a brand new graphical method of managing FreeBSD jails on their desktops. For 9.1 Warden has been given a complete makeover, and incorporated directly into the base system. Read the article to find out what are the new features that make PC-BSD 9.1 more versatile than ever for jail administrators and users.
Intro to DTrace
Sometimes you wish you had a comprehensive tool for profiling and debugging without having to maintain a chain of tools, merge their outputs and put some glue here and there to extract meaningful information from it. We now have a tool called DTrace, originally developed by Sun. From this article you will find out how to setup DTrace in your Freebsd box. The author will test also some of the providers available for DTrace and see the output.
A Web Application Firewall for Nginx
When servers got compromised web applications present themselves very often as the entry point. In most cases the reason is an outdated script with known or unknown vulnerabilities or an in-house development which is not properly validating submitted data. Well this is nothing new to you, I hope. The questions is what we can do to prevent this. By reading this article you will learn how to set up a high performance, low maintenance Web Application Firewall in NGINX. This what you will find in this article is just a sample of what you can read in a new book written by Benedikt Niessen. Unfortunately, published in German, but who knows – maybe soon the english edition will be available as well.
Introducing EasyPBI – Making PBI Modules With a Few Mouse Clicks
In this article we are going to talk a bit about Push Button Installer (PBI) packages and how we can quickly create these packages from existing software in the FreeBSD Ports Collection. The tool we will be using to facilitate the creation of these packages is called EasyPBI and it can be installed from FreeBSD Ports.
Mysql-zrm: Enterprise Level Backups for MySQL
Setting up MySQL backup and restore processes typically takes up a lot of a DBA’s time and attention. With mysql-zrm we can setup a backup strategy without the need of creating complex custom shell scripts.Once we have our MySQL server up and running we need a backup strategy to save our data. Instead of using complex scripts written around mysqldump we could use a software that has many feautures to backup our databases and that is easy enough to deploy.
Anatomy of FreeBSD Compromise (Part 5)
In the penultimate part in our series, we will compromise a FreeBSD server using different techniques. The *BSD family are some of the most secure operating systems available today. Security is very much a fundamental philosophy and mindset, as it is very difficult to implement once software is written. Earlier versions are not so secure (unless patched) so I have created another FreeBSD 7.0 test server, as well as our 6.1 and 5.0 hosts. Let’s see what happened…
Hardening FreeBSD with TrustedBSD and Mandatory Access Controls (MAC)
Most system administrators understand the need to lock down permissions for files and applications. In addition to these configuration options on FreeBSD, there are features provided by TrustedBSD that add additional layers of specific security controls to fine tune the operating system for multilevel security. From this article you will learn the configuration of the Mandatory Access Controls provided by FreeBSD. You fill also find out how to apply the concepts of multilevel security model to FreeBSD.
Security Best Practice for DNS Servers
What happens when a trusted server turns out not to be so trustworthy, whether by accident or by intent? Many client machines are only configured with stub resolvers and use trusted servers to perform all of their DNS queries on their behalf. In many cases, the trusted server is furnished by the user’s ISP and advertised to the client via DHCP. Besides accidental betrayal of this trust relationship — whether by server bugs, successful server break-ins, etc. — the server itself may be configured to give back answers that are not what the user would expect.