A colleague of mine pointed me out to Lynis, a system’s configuration audit tool which checks the hardening of any running UNIX or UNIX-like system, including the BSDs. This tool has a built in check list and a set of sane and safe configurations and compares them to the target system. As output we find several topics, from system discovery to suggestions for some … [Read more...]
How to test pfSense on VirtualBox running on FreeBSD
There are other guides on how to do this on Windows, Mac, but not on FreeBSD, so here goes a how to pfSense on Virtualbox running on FreeBSD. Before going to it, let’s address the first question, which is what is pfSense. pfSense is a FreeBSD based distribution made for networking purposes. The company behind it is called Netgate, and they sell very interesting hardware … [Read more...]
Abandon Linux. Jails for developers.
Reading the title you might think I want to put developers in Jail and although some may be good candidates this is in the far opposite of my intention. I am talking about FreeBSD Jails. For the unfamiliar with the concept those Jails are userland secure contained environments that share a common kernel. Purists and more knoledgeable people may be jumping off their chairs with … [Read more...]
Abandon Linux. How to export and import FreeBSD Jails ‘a la Docker’
FreeBSD Jails is an awesome tool similar to Docker but much older which allows administrators and developers alike to have several securely contained userland environments sharing one kernel. Does it sound familiar? This is operating-system-level virtualization and it’s different than what you find on KVM or Xen camps. For more detailed information I’ve published some other … [Read more...]
How to harden Apache HTTP
Disclaimer: This is a long article. I haven’t collected some nice configuration settings here for the sake of it. There are other hardening guides but some fall short on explaining the functionalities to be enabled or disabled. Every step is shortly, and hopefully clearly, explained so any reader can grasp the main idea of every setting. Following the recommendations in here … [Read more...]