BSDNews 06/06/2016

Last week in BSD

Releases: HardenedBSD, SoloBSD, OPNsense
Other news:BSDSec, BSDnow, OpenBSD, DragonFly BSD, Solaris, pkgsrc


BSDSec

 

Releases

New stable release: HardenedBSD-stable 10-STABLE v46.2

HardenedBSD-10-STABLE-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
This is a security update, but by default none of the currently released FreeBSD SAs affect HardenedBSD, since we fixed the libarchive issue in v46.1 and the COMPAT layers are disabled by default.
https://security.freebsd.org/advisories/FreeBSD-SA-16:22.libarchive.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:21.43bsd.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:20.linux.asc

New stable version: HardenedBSD-stable 10-STABLE v46.3

HardenedBSD-10-STABLE-v46.3
https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:24.ntp.asc
This release is an NTPd secuirty update.

SoloBSD 10.3-STABLE-v46.2

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.2
You can grab it from Here. (61.7 Mb)
root password: solobsd

OPNsense 16.1.16 released

It has been a long journey for HardenedBSD and OPNsense, and finally the paths start to merge as the splendid and battle-proven ASLR implementation gets incorporated into the default installation! It is just the beginning as we will start to leverage the extra security by enabling position independent execution in 16.7 and merge more security-related features. We thank again the HardenedBSD team for their continued efforts on making this world a safer place.
In other news, there is a thoroughly revamped dashboard for you to enjoy and a handful of security fixes in FreeBSD and the ports ecosystem. LibreSSL has been updated to the latest production release and the BETA version is progressing nicely as we change our working mode from “rework all the things” to “polish all the things”. A release candidate is coming up soon.


News

[FreeBSD-Announce] 2016 FreeBSD Community Survey

Hi everyone, The FreeBSD Foundation needs your input. Please help us by filling out the 2016 FreeBSD Community Survey. The survey should only take about 10 minutes, and will help us determine the direction of our efforts in supporting the Project and community. Please submit all responses by July, 7, 2016. https://www.surveymonkey.com/r/freebsd2016 We appreciate your feedback! Thanks Anne Anne Dickison Marketing Director FreeBSD Foundation

bsdtalk265 - Sunset on BSD

A brief description of playing around with SunOS 4.1.4, which was the last version of SunOS to be based on BSD.
File Info: 17Min, 8Mb
Ogg Link: https://archive.org/download/bsdtalk265/bsdtalk265.ogg
View attached file (bsdtalk265.mp3, audio/mpeg)
 

The PF life | BSD Now 144

It’s only one-week away from BSDCan, both Allan & I are excited to meet some of you in person! However, the show keeps on chugging & this week we have an interview with Kristof Provost, to tell us about PF improvements in FreeBSD. That plus the latest news, here on your place to B….SD!
View attached file (412 MB, video/mp4)

hbsd-update now installing Integriforce ruleset

We are excited to announce the ability to easily utilize Integriforce with base. From now on, hbsd-update(8) will install a full Integriforce ruleset as /etc/secadm.d/base.integriforce.rules for base. If you include this file in your normal secadm.rules(5) ruleset, you will get full integrity enforcement on all executable files in base. If you include the applications from ports/packages in your secadm.rules(5) file, you can turn on whitelisting mode, in which case, all executable files that aren't protected by Integriforce will be denied execution. If you only utilize applications from base, you can turn on whitelisting mode and get the same results.
Using the Integriforce ruleset is entirely optional, but highly recommended.
An example secadm.rules file might look something like this:

secadm {
    pax {
        path: "/usr/local/lib/firefox/firefox",
        pageexec: false,
        mprotect: false
    }

    .include "/etc/secadm.d/base.integriforce.rules"
}
 

Code stuff

 

Interesting articles

SHARE

Jan Hovancik

software developer - guitar player - poetry lover