A colleague of mine pointed me out to Lynis, a system’s configuration audit tool which checks the hardening of any running UNIX or UNIX-like system, including the BSDs. This tool has a built in check list and a set of sane and safe configurations and compares them to the target system. As output we find […]
Lynis or how to quickly audit your system’s security configuration
A brief introduction to SSL/TLS certificates
SSL stands for Secure Sockets Layer and it an old implementation of a crytographic protocol. TLS, or Transport Layer Security, is a new one. They are both used to have privacy in the communications between different parties. They are used to secure email, web browsing, instant messaging, etc These protocols work in a complex way […]
How to synchronize system and network time in FreeBSD
For several applications it is necessary to synchronize your server to the network time. The protocol is called Network Time Protocol (NTP) and is basically giving the correct time to the world nowadays. Reading the Wikipedia entry is very interesting. FreeBSD comes with the ntp client. To set this up you will just add the […]
How to configure the IPFW firewall on FreeBSD
Among the three possible firewalls on FreeBSD (choice is always nice) IPFW is the in-house built one. There is a default, easy way, configuration path but if one needs to build a box to act as a dedicated network appliance with packet filtering capacity fine tunning the IPFW firewall configuration is more than desirable. Before […]
How to set the locale in FreeBSD
The locale is the character set that will be used. And it is very important to match the keyboard you are using. Mind this also matters if you are transferring data to other systems. Different standards as the ASCII, UTF’s and the ISO’s, to name a few, have been put in place through the years […]
How to upgrade FreeBSD from version 11.2 up to 12.0
Although the upgrade process is very well described on the FreeBSD handbook you may be looking for a more detailed hands on how to upgrade FreeBSD from version 11.2 up to 12.0 article. We’re going work here on this process, step by step detailing not only how to upgrade but to do it safely. First […]
How to install Mate on FreeBSD 12/13
In this how to install Mate on FreeBSD I’m not going to repeat the same guides you can read elsewhere. If you desire to use FreeBSD as a daily driver desktop, I do encourage you to read and follow the guides from this other guy. The guide you are currently reading can be considered the […]
The CentOS party is over, isn’t it?
Disclaimer: What you are about to read may contain inaccuracies. Feel free to discuss them somewhere else. This is also my opinion and as such it may change through time, maybe tomorrow, next month, next year, next decade or never. I do also make very few reviews (if any) of what I write here, so […]
How to configure Apache HTTP with a TLS reverse proxy backend on FreeBSD
A few weeks ago I published a how to guide to configure Apache HTTP as a reverse proxy. On that ocasion I was following what the average guide on the internet does on Linux. A front end server with Apache HTTP on calls a backend server where the real site is sitting. Many backend calls […]
How to harden Apache HTTP
Disclaimer: This is a long article. I haven’t collected some nice configuration settings here for the sake of it. There are other hardening guides but some fall short on explaining the functionalities to be enabled or disabled. Every step is shortly, and hopefully clearly, explained so any reader can grasp the main idea of every […]