Home SmallWall
Showing posts with label SmallWall. Show all posts
Showing posts with label SmallWall. Show all posts

BSD News 23/05/2016

BSD News 23/05/2016
Add Comment

Last week in BSD

Releases: HardenedBSD, SoloBSD, SmallWall, pfSense, OPNsense, 
Other news: BSDSec, BSDnow, BSD Magazine, DragonFlyBSD, p2k16, freeNAS, OpenBSD

BSDSec


Releases

HardenedBSD-stable 10-STABLE v46.1

HardenedBSD-10-STABLE-v46.1
----------------------------------------
https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
https://github.com/HardenedBSD/hardenedBSD-stable/commits/HardenedBSD-10...
This release fixes CVE-1541 and CVE-2015-2304 in libarchive, a lot of Coverity warnings / programing errors and an overflow in amd64's sysarch system call (00696f0, eac2aab, bd784f7).

SoloBSD 10.3-STABLE-v46

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46
You can grab it from Here. (61.7 Mb)
root password: solobsd

SmallWall 1.8.4b10 beta release

Just released a new beta with updated mini-httpd, and many t1n1wall changes ported in.

New stable version: HardenedBSD-stable 11-CURRENT v46.2

HardenedBSD-11-CURRENT-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
UPDATE TO THIS RELEASE IS STRONGLY ADVISED!
This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

pfSense 2.3.1-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.1!
This is a maintenance release in the 2.3.x series, bringing a number of bug fixes, two security fixes in the GUI, as well as security fixes for OpenSSL, OpenVPN and FreeBSD atkbd and sendmsg. The full list of changes is on the 2.3.1 New Features and Changes page.
This release includes a total of 103 bug fixes. 79 regressions in 2.3 have been fixed, mostly minor issues in the new GUI. Several of these are significant issues, and have resolved nearly all the post-upgrade problems encountered in 2.3-RELEASE. 24 issues affecting 2.2.x and prior versions have also been fixed.
If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

OPNsense 16.1.14 released

How about an update with your new NetFlow remote export. Or your local reporting frontend? Well, you can always use both if you like. Read all about it here: https://docs.opnsense.org/manual/netflow.html
Furthermore, we have added the brand new AQM CoDel version 0.2.1 to the mix, yesterday’s FreeBSD security advisories, released the HAProxy plugin, bundled a full Japanese translation.
There is also a refreshed website for our general viewing pleasure.
https://opnsense.org/

News

Diving for BSD Perls | BSD Now 142

This week on the show, we have all the latest news and stories! Plus an interview with BSD developer Alfred Perlstein, that you won’t want to miss. Sit tight, the show starts now on your place to B...SD!
View attached file (624 MB, video/mp4)
 

BSD Magazine for May 2016 out

The May issue of BSD Magazine is available now.  There’s articles on ZFS, OpenBSD’s arc4random, an interview of Fernando Rodríguez of KeepCoding, and more.  It’s a free PDF download if you didn’t know.

eX, clisp, and DragonFly

DragonFly versions of TeX have been available for some time now.  However, Nelson Beebe, who is part of the TeX project, is having trouble building some related binaries – asymptote and clisp.  He could use help from anyone interested, to match up with this summer’s release of TeX 2016.

Mounting as non-root

Read this email thread for how to mount devices (e.g. USB drives) in DragonFly when you aren’t root.

Code stuff 

p2k16 Hackathon Report: pirofti@ on octeon and TPM

Interesting articles


Read More»

BSD News 24/08/2015

Add Comment

Last week in BSD

Releases: SmallWall, NetBSD, OPNsense, PC-BSD
Other news: BSDSec,RaspBSD, OpenBSD, BSDnow, HardenedBSD, Wallpaper

BSDSec

 

Releases

SmallWall 1.8.4b9 beta release

Just released a new beta with a MUCH newer version of SNMP. Now supports v2 and 64bit counters for network monitoring. Also may have fixed some memory and CPU monitoring bugs from a long way back. 

NetBSD 7.0_RC3

The full list of changes can be found near the bottom of http://ftp.NetBSD.org/pub/NetBSD/NetBSD-7.0_RC3/CHANGES-7.0
Binaries of NetBSD 7.0_RC3 are available for download at:
http://ftp.NetBSD.org/pub/NetBSD/NetBSD-7.0_RC3/
Those who prefer to build from source can either use the netbsd-7-0-RC3 tag or follow the netbsd-7 branch.

OPNsense 15.7.9 Released

These are the full patch notes:
  • firmware: functional rework of update fetch and install, show reboot needed in alert box
  • interfaces: fixed spurious truncated interface names from showing up in the assignments
  • intrusion detection: improved rule select/deselect behaviour and alert querying
  • firewall/rules: fix missing apply button when another language is being used
  • crash reporter: multiple fixes, layout and submission improvements
  • firewall/logs: can now filter using IP version
  • firewall/nat: add anti-lockout rule for redirection
  • certificates: fix generation for LibreSSL flavour
  • openvpn: allow advanced settings for all server types
  • openvpn: reworked all configuration pages (especially client export)
  • ipsec: reworked all configuration pages

PC-BSD 10.2-RELEASE Now Available

  • FreeBSD 10.2-RELEASE base system
  • Many bugfixes and enhancements to installer to dual-boot setups
  • New CD-sized network installation media, with Wifi Configuration via GUI
  • Switched to “iocage” for jail management backend
  • Disk Manager GUI now available via installer GUI
  • Bug-fixes and improvements to Life-Preserver replications
  • Improved localization options for login manager
  • Options to Enable / Disable SSHD or IPv6 at installation
  • New “Plugins” system for AppCafe, allowing download of pre-built jail environments
  • Improvements to look-n-feel of AppCafe for package management
  • Improved fonts and better support for 4K monitor setups
  • Enterprise package repo, which only has security updates, allowing users to run a server / desktop or jail with fairly consistent package versions.
  • Firefox 40.0_1,1
  • Chromium 44.0.2403.130
  • Thunderbird 38.1.0
  • Lumina 0.8.6
  • GNOME 3.16.2

Other news

Raspberry Pi gains new FreeBSD distribution

Raspberry Pi owners can dig out their SD-card formatting tools of choice again, because a new version of FreeBSD has emerged for the machines,
RaspBSD will work on the Pi models B and B+ and promises to run on more “soon”. The “more” looks like including the BeagleBone Black and the Banana Pi.
FreeBSD has been available on the Pi for some time, as recorded in this post by the Pi foundation. This cut of the OS is the work of FreeBSD contributor and forum administrator Brad Davis, who says “The Goal of this project is to build images easily useable by anyone. Sometimes that means images preloaded with different packages to help new users get started.”
“Initially they will start off pretty basic, but will expand in different directions to support different goals. Initial goals include Education and Entertainment. All of our images are built using publicly available tools and any enhancements will be pushed upstream.”
If that sounds like you, raspbsd.org offers you the chance to download and play with the new OS.

OpenBSD 5.8 Preorders Enabled, Release Song Published

Two important events of the OpenBSD 5.8 release cycle happened today:
  • On the Orders page, pre-orders for the new release have been enabled
  • On the Lyrics page, the OpenBSD 5.8 release song has been published, with links to OGG and MP3 formats available.
The release date is October 18th, to mark the 20th anniversary of creation the OpenBSD CVS tree, as Theo de Raadt (deraadt@) noted in the announcement:
Read more...

Ubuntu Slaughters Kittens | BSD Now 103

Allan's away at BSDCam this week, but we've still got an exciting episode for you. We sat down with Bryan Cantrill, CTO of Joyent, to talk about a wide variety of topics: dtrace, ZFS, pkgsrc, containers & much more. This is easily our longest interview to date!
View attached file (776 MB, video/mp4)
 

Code stuff


Interesting articles


Wallpaper of the week


Read More»

BSD News 22/06/2015

BSD News 22/06/2015
Add Comment

Last week in BSD

Releases: MidnightBSD, OPNsense, NetBSD
Other news: SmallWall, DragonFly BSD, pfSense, FreeBSD, MidnightBSD, BSDnow, NetBSD, OPNsense, BSDSec

BSDSec


Releases

MidnightBSD 0.6.1 RELEASE

MidnightBSD 0.6.1 RELEASE fixes several security issues with OpenSSL.
It updates the system to OpenSSL 0.9.8zg.
Users of 0.6 or 07-CURRENT should update their systems via SVN.
You can read more about the issues via the OpenSSL website:
https://www.openssl.org/news/secadv_20150611.txt

OPNsense version 15.1.12 Released

  • src: fix OpenSSL multiple vulnerabilities (SA-15:10.openssl)
  • src: update base system file(1) to 5.22 (EN-15:06)
  • src: improve reliability of ZFS (EN-15:07) [3]
  • src: updated to tzdata2015e [4]
  • ports: openssl 1.0.2c [5], libressl 2.2.0 [6], php 5.6.10 [7], dnsmasq 2.73 [8], smartmontools 6.4 [9]
  • syslogd: disable unmaintained and unused ZMQ patches
  • opnsense-update: gained independent awareness of kernel and base system version
  • opnsense-update: improved the manual page to include all recent changes
  • firmware: bring back /etc/shells support to avoid the unknown shell warning on bootup
  • firmware: always schedule next poll while upgrade is running to accommodate for web server restart delay
  • logs: fix DHCP reverse ordering and update layout
  • wizard: remove false statement about using “dhcp” for LAN setup
  • menu: order interfaces by name
  • captive portal: fix database creation query by avoiding SQL injection syntax that broke due to a recent upstream hardening of the database adapter underneath

 

NetBSD 7.0_RC1

Many changes have been made since 6.0. Here are a few highlights:
  • Greatly improved support for modern Intel and Radeon graphics hardware through a port of the Linux DRM/KMS code. Most X.Org components have been updated as well.
  • ARM multiprocessor support
  • Support for new ARM boards, some of which are listed below:
    • Raspberry Pi 2
    • ODROID-C1
    • BeagleBoard-xM
    • BeagleBone
    • BeagleBone Black
    • Banana Pi
    • Cubieboard 2
    • Cubietruck
    • Merii Hummingbird
    • Marvell ARMADA XP
    • GlobalScale MiraBox
    • Kobo
    • Sharp Netwalker PC-Z1
  • GPT support in sysinst
  • Lua kernel scripting
  • Multiprocessor USB stack
  • Many improvements to NPF, the NetBSD packet filter
  • GCC 4.8.4 (and optionally, LLVM/Clang 3.6.1)
Binaries of NetBSD 7.0_RC1 are available for download at:
http://ftp.netbsd.org/pub/NetBSD/NetBSD-7.0_RC1/
Those who prefer to build from source can either use the netbsd-7-0-RC1 tag or follow the netbsd-7 branch.

Other news

SmallWall documentation

We now have documentation on the website! And some minor fixes to the website... 

BSDNow: Episode 094: Builder's Insurance

This week on the show, we'll be chatting with Marc Espie. He's recently added some additional security measures to dpb, OpenBSD's package building tool, and we'll find out why they're so important. We've also got all this week's news, answers to your emails and even a BSDCan wrap-up, coming up on BSD Now - the place to B.. SD.

Code stuff


Interesting articles


Wallpaper of the week

from http://hdw.eweb4.com/out/842558.html

Read More»

BSD News 16/06/2015

Add Comment

Last week in BSD

Releases: SmallWall, OPNsesnse, DragonFly BSD
Other news: BSDSec, DragonFly BSD, HardenedBSD, LibreSSL, NetBSD, OPNsense, SmallWall, Wallpaper, SmallWall, NetBSD, BSDnow

Check out DiscoverBSD stats - or some stats for DiscoverBSD, BSD-Links and BSDsec.

BSDSec

 

Releases

SmallWall 1.8.2 released and 1.8.3 bugfix release

A bug was found in syslog in the 1.8.2 build, so there is now a 1.8.3 released to patch that build bug.

DragonFly 4.2 and 4.0.6 branched

The more eagle-eyed may have noticed a branching for DragonFly 4.2, and for DragonFly 4.0.6.  The 4.2 branch is currently only a release candidate, so don’t necessarily change over yet – it’s for testing, not release.
Note that packages for 4.2 are not yet built, so you’ll have to manually specify a package path to install with pkg on 4.2 – for now.. That won’t be the case for the actual release, of course. DragonFly 4.3 users will have to specify PKG_PATH manually to use 4.2 images until new ones are built.  4.2 release candidate users will be fine.  (see comments for correction.)
The 4.0.6 release is mostly to get the recent OpenSSL update into a 4.0.x build.
I am working on image building for both.

DragonFly 4.0.6 image up

 I’ve uploaded DragonFly 4.0.6 ISO and .img files.  (Does that capitalization make sense?)  They should be available at your nearest mirror, or will be shortly. I am still working on the 4.2 release candidate images.

OPNsense version 15.1.11.4 Released

 Here is the full list of changes:
  • notable ports updates: pcre 8.37_1 [1], phalcon 2.0.2 [2], strongswan 5.3.2 [3], sqlite 3.8.10.2 [4]
  • more notable ports: openvpn 2.3.7 [5], openssl 1.0.2b [6], libressl 2.1.7 [7], pkg 1.5.4 [8]
  • opnsense-update: has gained the ability to do package updates as well
  • core: removed unused ssh_tunnel_shell and 3gstats utilities, added sudo to the default utilities
  • captiveportal/traffic shaper: better fix for localhost skip
  • traffic shaper: added ICMP, IGMP, ESP, AH and GRE protocols to selectable protocols
  • core: fixed a bug that prevented our API from working properly with Phalcon 2.0.1 and above
  • backend: added configctl command utility launcher and improved its logging capabilities
  • backend: worked around a performance degradation bug in Python 2.7 on FreeBSD
  • gateways: monitoring via `apinger’ is now turned off by default for all new gateways created (opt-out flipped to opt-in for privacy reasons)
  • firmware: refactored firmware code to use opnsense-update’s new capabilities
  • firmware: fix parsing of packages to be upgraded in fringe cases
  • firmware: fix overzealous caching of available package upgrades
  • users: user with group admins now have `wheel’ group associated with them, allowing them to us `su’ or `sudo’ (if configured)
  • users: do not copy root’s hidden files while creating a new user home directory

Other news

 

First Experimental OPNSense Images With HardenedBSD

One month ago, we announced we were teaming up with OPNSense to provide HardenedBSD-flavored versions of their project. Work started with backporting our work from 11-CURRENT to 10-STABLE. We worked with Franco Fichtner, one of three people currently on the OPNSense core team, to enhance their build scripts. We received hardware donations from Netgate and Deciso. We fixed a number of bugs in secadm and backported Integriforce to 10-STABLE. This month sure has been a busy one.
We're excited to announce today the availability of the first experimental build of OPNSense based on top of HardenedBSD. It features every one of our great exploitation mitigation features and is built with Integriforce baked right in. Most of the network-aware applications are compiled as Position-Independent Executables (PIEs). Please note that since this is our first ever experimental build, we have not worked out binary upgrade paths just yet. You will likely need to do reinstalls for future builds. You can backup your configuration prior to reinstallation and restore the configuration post-installation.
There are two flavors for download: a generic build and a build for the Netgate RCC-VE 4860. The generic build will work on most standard appliances. The Netgate RCC-VE 4860 has a special build due to needing custom serial console settings. If you're not using the Netgate RCC-VE 4860, the generic build is for you.
You can find the builds here. Please note that these builds are experimental. They are not meant for production use. But that still hasn't stopped us from using it in production, since we like to eat our own dogfood. ;)
UPDATE 11 Jun 2015 05:39 EDT: OPNSense has mirrored the generic builds here,

Stacked in Our Favor | BSD Now 93

We're at BSDCan this week, but fear not! We've got a great interview with Sepherosa Ziehau, a DragonFly developer, about their network stack. After that, we'll be discussing different methods of containment and privilege separation. Assuming no polar bears eat us, we'll be back next week with more BSD Now - the place to B.. SD.  

NetBSD CI20 status update

I didn't really have much time to work on more hardware support on CI20 but it's been a while since the last post so here's what I've got:

  • drivers for on-chip ehci and ohci have been added. Ohci works fine, ehci for some reason detects all high speed devices as full speed and hands them over to ohci. No idea why.
  • I2C ports work now, including the onboard RTC. You have to hook up your own battery though.
  • we're no longer limited to 256MB, all RAM is usable now.
  • onboard ethernet is supported by the dme driver.
There's also an unfinished driver for the SD/MMC ports.
The RTC is a bit funny - according to the manual there's a Pericom RTC on iic4 addr 0x68 - not on my preproduction board. I've got something that looks like a PCF8563 at addr 0x51, and so do the production boards that I know of. Some pins on one of the expansion connectors seem to be for a battery but I haven't been able to confirm that yet. Either way, since the main connector is supposed to be Raspberry Pi compatible any RTC module for the RPi should Just Work(tm), with the appropriate line added to the kernel config.
Some more work has been done under the hood, like some preparations for SMP support.

pfsense-tools is back on github

Some people prefer a web-ui for git.  Rather than expose our gitlab instance to the world via a web-ui, we’ve re-enabled access via github.
The process remains the same. You will need to agree to two click-through agreements, first the Contributor License Agreement (either individual or corporate), then the actual license agreement, wherein you basically agree that our marks are valid, that you’ll give credit to the project, and that you won’t call the result pfSense, or anything else that is sufficiently similar to our trademarks to cause confusion.
If you’ve already been through that process, you’ve already been granted access to the team that can view the pfsense-tools repo on github.
If you haven’t put your github username in your pfSense portal profile, then we don’t know who you are on github, and the process won’t work.
Long-term, the goal is to eliminate the need for this repo.  We don’t want to carry a set of discrete patches, and there are well-known examples of better build systems in the world.  More on that in a future post.


Code stuff



Interesting Articles


Wallpaper of the week

from https://www.br0tkasten.de/?page=18

Read More»

End of the m0n0wall project and alternatives

Add Comment
So what's m0n0wall?





m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).

m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.

m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
Unfortunately,  on 2/15/2015 - End of the m0n0wall project was announced with official reason "there are now better solutions available and under active development".
 
So where to move now?

As m0n0wall maintainer suggested, people have 2 options, depending on what they need:
  • the same light firewall
  • don't mind more robust solution  
Let's start with people who don't mind migrating to more robust solution "like pfSense, FreeNAS and AskoziaPBX. The newest offspring, OPNsense ... and I encourage all current m0n0wall users to check out OPNsense and contribute...".

"If you are happy with the current feature set of m0n0wall and just need a security patch, bug fix, hardware compatibility update or minor improvement now and then, there are two nascent projects started by former m0n0wall developers/users that may have something for you: SmallWall and t1n1wall."

So what are those projects and what they wanna do?

 t1n1wall

According to forum, at the moment, the only list of plans is to:
  1. Fix the ipsec bug when l2tp is enabled
  2. Fix an outstanding RA announce problem that fills logs
  3. Add support for ippools
  4. Possibly update DDNS to support NAT and Cloudflare

As author says: "I don't have any plans to change from what m0n0wall was, stay using a RAM based disk system, and keep it small.  I hope to keep it up to date, squash bugs and apply security fixes, and hopefully get the 10.1 version completed , so it supports more hardware."

You can get snapshots at: http://sourceforge.net/projects/t1n1wall/files/snapshots/
 

SmallWall

Project philosophy according to website
  • Small, lean and elegant code - There is no need for bloat
  • Do one thing, and do it well - This is a security device, not a print server
  • Simple is good - Doing things the right way should be easy
  • Form Follows Function - I like pretty, but not at the expense of performance
And:

"But this is not going to be m0n0wall unchanged. There are some things that I would like to see changed.
  • Re-basing to support newer hardware
  • Adding newer VPN support
  • More attractive UI
  • Easier integration with IDS/SEM systems"
 You may download it http://smallwall.org/download.html.

 So, what is your escape plan?
Read More»
Subscribe to: Posts ( Atom )