LinuxPlanet Casts

Media from the Linux Moguls

Archive for the ‘freebsd’ Category

DistroCast 14.0 – FreeBSD 9.0

without comments

DistroCast Episode 14.0 featuring where we’ve been, our FreeBSD review, and Steamy goodness.

MP3 Feed | OGG Feed

Written by Jeremy

October 22nd, 2012 at 7:21 am

Allan’s ZFS Server Build | TechSNAP 34

without comments

post thumbnail

Allan walks us through his epic ZFS server build, find out why he needs 48GBs of RAM!

Plus: The UN has suffered a user database leak, but the situation might not be as bad as it sounds, we’ll explain!

All that and more, on this week’s episode of TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Pick your code and save:
techsnap7: $7.49 .com
techsnap10: 10% off
techsnap11: $1.99 hosting for the first 3 months
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans

 


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

   
Subscribe via RSS and iTunes:

   

Show Notes:

UN Site Compromised, Usernames and Passwords Exposed

  • Team Poison attacked and compromised one or more servers at the UN
  • The data exposed via pastebin mostly came from UNDP.org, the UN Development Program, but also included the Organisation for Economic Co-operation and Development (OECD), the World Health Organisation (WHO) and the UK’s Office for National Statistics (ONS)
  • The UN responded saying “The server goes back to 2007. There are no active passwords listed for those accounts” and “Please note that UNDP.org was not compromised.”
  • Even though the UN claims the data is not current, it suggests that passwords are stored in plain text, without salting and hashing, and that no password requirements are enforced. Many of the passwords appeared to be overly short, and did not contain
  • Teampoison hackers have previously attacked the RIM/Blackberry website and published private information about former UK Prime Minister Tony Blair
  • Teampoison included a message with the pastebin, officially joining Anonymous in Operation Robinhood, against banks and financial institutions

Duqu Attackers Destroyed Their C&C Server, Covered Tracks

  • On October 20 at around 18:00 GMT, the root user logged in to a number of Duqu C&C servers and proceeded to destroy /root, /etc, /var/log and some other files
  • The attackers securely erased the log files so they could not be recovered
  • However, due to the nature of the ext3 file system, some fragments of the logs had been relocated to reduce fragmentation, and these bits were not securely erased. While brute force searching the slack space, Kaspersky Labs was able to find a fragment of sshd.log showing root logins and the source IP address from another server in Germany.
  • Researchers followed the trail back to Germany, and used the same technique to find more IP addresses. However the logs were from mid November (and were found in early November), and do not indicate which year. Based on other log files, this server may back been part of the Duqu C&C infrastructure as far back as 2009.
  • There is also evidence that the Duqu operators upgrading the OpenSSH that came with CentOS on the server, to the latest versions, 5.8p1 and 5.8p2 when they were released. The attackers also enabled GSSAPIAuthentication on all of their servers. The article below includes more evidence of a possible long lived 0-day exploit for OpenSSH 4.3
  • The Duqu C&C network was made up of hacked servers from all over the world, including: Vietnam, India, Germany, Singapore, Switzerland, the UK, the Netherlands, Belgium, and South Korea. Most if not all of the compromised machines were running CentOS
  • These servers were used as reverse proxies to the real C&C Mothership, which still has not been identified.
  • Very Detailed Analysis of the C&C Servers

Apache Vulnerability Could Expose Internal Systems, Trivial Island Hopping

  • A problem with the way Apache handles rewrite rules could allow an attacker to gain access to internal systems that they would not normally be able to reach
  • The problem was found while looking at a recent fix to the same vulnerability
  • In some specific cases it is still possible to exploit the vulnerability
  • The vulnerability only exists if you use mod_rewrite (almost everyone does) and mod_proxy (fewer people do)
  • You can work around the issue by changing your rewrite rules slighty

Feedback:

Allan finished the build of his ZFS server and shared the results with us:

Parts List

Photos

Q: What OS
A: FreeBSD 9.0-RC2, Will upgrade to 9.0-RELEASE when it comes out.

Q: What version of ZFS?
A: ZPool 28 and ZFS 5 (ZPool 21 introduces the deduplication system, which isn’t available in FreeBSD 8.2 which only has ZPool 15)

Q: What kind of throughput do you get?
A: Sequential read and write: 600+ megabytes/second. I write out a 16gb file in under 27 seconds. Reading it back took under 2.8 seconds (over 6 gigabytes/sec) because the entire file was stored in the ZFS ARC (Adaptive Replacement Cache)

Q: Power Supplies
A: Redundant 920watt Platinum Level (94%+) Efficient Power Supplies, fed from APC 7900 PDUs

Q: Do you suggest I build a server or buy a server?
A: I usually build, but I am a control freak. Buying can be a good option too

Q: What about the RAID Controller
A: Adaptec 6805, comes with FreeBSD drivers for 6.x, 7.x and 8.x, but not 9.x (because it is not out yet). Luckily, they include the source code, so I was able to compile the driver as a loadable module for 9.x. Adaptec has also submitted the changes to FreeBSD to be included in future releases.

Round-Up

Written by chris

December 1st, 2011 at 10:05 pm

Arch Made Easy | LAS | s19e03

without comments

post thumbnail

Is the Chakra Project a beautifully simple ready to go Arch Linux desktop, or off the tracks onto an island of it’s own? We find out, plus what sets pacman apart from FreeBSD’s Ports system!

Also – Chris blasts Google for leaving Nexus One owns behind, Jolicloud ditches the Netbook, and we celebrate a new geek holiday!

PLUS SO MUCH MORE!

All this week on, The Linux Action Show!


Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

20% off WebSite Tonight plans (12 months or longer)

  • Code: linux12
  • By: Nov 15, 2011


Direct Episode Download Links:

HD Video | Large Video | Mobile Video | MP3 | OGG Audio | OGG Video | WebM Video | YouTube




Show Notes:

Runs Linux:

Android Pick:

Universal Pick:

Picks so far. Thanks to Madjo!

Linux Action Show Subreddit

Jupiter Broadcasting Swag!

News:


Chakra Project Review, IE Arch Made Easy:


Pacman vs Ports

  • Pacman is the binary package tool for Arch Linux. The FreeBSD equivalent is pkg_add
  • the Arch Build System (ABS) is designed to mimic some of the capabilities of FreeBSD’s ports system
  • Both Ports and ABS consist of a number of directories named after various packages sorted into categories (ie ABS: extra/daemons/apache Ports: www/apache22). These directories do not contain the files or source code for firefox, but rather just a few script files that provide the infrastructure to allow you to build firefox.
  • Both Ports and ABS automate the process of building software, including the following steps:
  • Download source code from mirrors
  • Checksum the file (for security and integrity)
  • Extract the files
  • Apply any required patches (FreeBSD changes the default paths for a lot of apps to follow the FreeBSD directory structure)
  • Run the configure script (FreeBSD provides a text based menu for selecting options)
  • Compile the application
  • BSD ONLY: Install the application
  • BSD ONLY: checksum all the files that were installed
  • BSD ONLY: Uninstall the application (remove any unmodified files using checksums from earlier)
  • Create a package that can be installed (with pacman or pkg_add respectively)
  • ABS is only a build system used to build packages, that are then installed and managed by pacman
  • Ports is integrated with pkg_add and the package registry, and allows you to install the build application without the additional step of building a package.


Find us on Google+


Find us on Twitter:


Follow the network on Facebook:


Catch the show LIVE Sunday 10am PDT:

Best Firewall Ever | LAS | s18e07

without comments

post thumbnail

The best firewall in the universe is powered by open source, and we’ll show you how to set it up like a boss!

Plus – Why 2012 might be the year of Android on the desktop, and openSUSE 12.1’s top features!

All this week on, The Linux Action Show!


Thanks to:

GoDaddy.com Use our codes LINUX to save 10% at checkout, or LINUX20 to save 20% on hosting!

Direct Episode Download Links:

HD Video | Large Video | Mobile Video| MP3 | OGG Audio | OGG Video | YouTube


Episode Show Notes:

Runs Linux:

Rugged Video Server, Runs Linux

Android Pick:

BSD Pick:

News:

Getting Started with pfSense:

Find us on Google+

Find us on Twitter:

Follow the network on Facebook:

Catch the show LIVE at 10am on Sunday:

Planning for Failures | TechSNAP 19

without comments

post thumbnail

The RSA leak exposes the dirty under-belly of the commercial security industry, it’s a story that sounds like it’s straight out of Hollywood.

Then – We’ve packed this episode full of Audience questions, and our answers. Find out how to plan for failure, start building a website….

All that and more, on this week’s TechSNAP!

Direct Download Links:

HD Video | Large Video | Mobile Video | WebM Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

News

EXCLUSIVE: Leaked “RSA dump” appears authentic

  • A massive Pastebin dump of domain names and IP addresses supposedly linked to a cyber espionage ring appears to be the real deal.
  • The dump claims the operation targets include private US defence firms.
  • The analysis, which was leaked by an attack on HBGary Federal by Anonymous in February this year, identifies each IP address as a callback address for custom malware used in espionage operations, presumably operating out of China.
  • The IP addresses serve a configuration file that re-directs infected hosts to an interactive command and control IP based in Hong Kong.
  • HBGary codenamed the operation “Soysauce”.
  • the HBGary document suggests that each sub-domain of each registered domain name corresponds to a successfully compromised target.
  • Pastebin Dump

Feedback

Q: (DreamsVoid) I have a server setup, and I am wondering what it would take to setup a backup server, that would automatically take over if the first server were to go down. What are some of the ways I could accomplish this?

A: This is a rather lengthy answer, so I will actually break it apart, and give one possible answer each week, for the next few weeks. The first possible solution, is to use something like BSD’s CARP (Common Address Redundancy Pool). With it you assign each server an IP address like normal, then on each, you create a virtual CARP interface, where you assign a shared IP between the servers in your CARP group. The servers will advertise their control of the shared IP address, whichever server does so first, will become the master for that IP. The way you configure multiple hosts to fail over in a specific order, is by setting and ‘advertisement skew’, of 100ms multiplied by the servers position in the pool. So the 3rd server will wait 200ms before advertising, and will only gain control over the IP address if the 1st and 2nd server are no longer advertising. This system basically moves the IP address of the service you are trying to keep up, to whatever machine in the pool is actually up. This CARP system requires that the servers have identical services and static copies of the content. Obviously, you don’t want to failover your webserver to your mail server, if your mail server is not running an HTTP server. CARP works best for ‘stateless’ protocols, one of the most common uses of CARP is for redundant routers. If you are using FreeBSD or a derivative such as pfSense, you can use CARP on the IP your DHCP server gives our as the default gateway, so that if one of your routers is down, the other automatically takes over. pfSense even includes a protocol to sync the NAT tables between the two routers so that open connections are not dropped. This type of setup can be important if the business running behind the router cannot afford downtime for such trivial things as OS upgrades on the routers, with CARP, you can take down one router at a time, upgrade it, and put it back in service, without effecting the end users and servers behind the routers. Another option in carp is called ‘preempt’, this causes CARP to take it’s interface offline is ANY interface on the machine goes offline, not just the one the CARP IP is on. This can be important if your routers are connected to different ISPs, if one of the links goes down, the router will take it self offline, causing traffic to be routed via the backup Internet connection.


Q: (Mattias) I have been using the NoScript addon for Firefox and have become aware of just how many sites use Google Analytics. Is it a good way for website admins track visitors, or just a way for google to track everyone?

A: Google Analytics is based on a product called Urchin that Google acquired. Google Analytics is basically just a cloud hosted version of this product. You can still buy a copy of Urchin, but they don’t mention host much it costs. Google Analytics just provides much richer detail than you get from just regular log file analyzers. One of the keys to the success of Google Analytics for e-Commerce is the integration with Adwords and other CPC/CPA sites. Google Analytics allows the store to pass good information about the purchases that are made, and Google correlates these with the keywords the user searched for, and how much was paid for the advertisement. This allow stores to optimize their bids to get the best return for their advertising.

While there are some privacy concerns about what google does with the collected data, they cannot infer all that much from it. Your personal data is never passed from the site you are visiting to Google, and only a small number of sites pass data about what you purchased back to Google, and they do this for the sales/conversion reporting, rather than for Google’s benefit. Usually, the data based back could just be an internal product id, and not provide google with any useful data about your purchase.

Find out who tracks you: Ghostery


Q: (Leon) Hi guys,

Thanks for answering my question last time.
I’ve set up a testbox here on my desk with FreeBSD to tinker with spamassassin/amavis. It’s been a long time since I did anything with FreeBSD but Allan/TechSNAP made me curious for it again.

My question: what’s the best way to keep your FreeBSD (ports) up to date? Just checking it manually/reading the security mailing lists or is there some kind of tool that Alan uses for automatically updating his servers?

Thanks again and thanks for the great show(s). The recent comment of Chris convinced me to support Jupiter with a monthly subscription.

Regards,
Leon

A: The built in tool for keeping your ports tree up to date is called portsnap. This tool will use the BSDiff algorithm to only download the changes to the ports tree since your last update, and supports a simple cron method, where it randomly sleeps before starting, so that everyone cron’ing portsnap won’t hit the server at the same time. Once your ports tree is updated, there are a number of tools that you can use to go about upgrading your various packages. The tool I use is called ‘portupgrade’, but there are also others such as ‘portmanager’ and ‘portmaster’. There are also services such as VuXML (Vulnerability and eXposure Markup Language) that provide information about vulnerable ports, and can be used to check against your installed packages, and packages you are about to install.


Q: (Dan) I was going to send this email to Chris, but since you guys are doing a Q&A session on Techsnap, I figured I might as well send it here. Do you have any recommendations on sources for building websites? I’ve got a career move pending on a creation of a website, and a deadline of next week. I haven’t done basic HTML for about 6 years, and this site will need a forum and a way to pay for a service. I’m not worried about the hosting, I will be hosting it on my home server until the site is approved and ready to hit the ‘tubes. Any suggestions or information you have would be greatly appreciated!

PS. Been watching for two years, he’s Honclbrif in the IRC Chat room!

A: There are a number of great Open Source CMS (Content Management System) platforms out there. Some of the most popular are WordPress, Drupal and Joomla, all of which have huge support communities, and 1000s upon 1000s of free design templates. They also feature rich plugin architectures that allow you to add functionality such as video embedding or e-commerce. WordPress is designed for a more ‘blog’ like website, and might not fit well depending on the type of site you are building. Drupal is very extensible, but their framework can be a bit frustrating at times. You might want to look at which platform has the plugins that best fit your needs, and then go from there.


Bitcoin Blaster:

Written by chris

August 19th, 2011 at 12:05 am