SoCruel.NU

The domain that loves BSD

Home About Me Archive Contact

Archive

2021

Rclone is a command line program to manage files on cloud storage. And it also supports WebDav, besides loads of more cloud based storage platforms! In this post we mount a WebDav share running on an Apache web server with Rclone on FreeBSD.

read more >>

Some time ago I bumped into Asciidoctor by accident and started playing with it. And before I knew it I started writing a book with it based on my own Zeek on FreeBSD Series blog posts.

This small book is called Run Zeek on FreeBSD Guide.

read more >>

The links to all the Zeek based blog posts in 1 post.

read more >>

So far we have configured Zeek to monitor only one network interface. But Zeek can also monitor multiple network interfaces on a host. In this post we explain how to implement this.

read more >>

In this blog post we install Zeek Packages using the Zeek Package Manager. A Zeek Package is a third party plugin. You can read more about Zeek plugins here.

read more >>

Zeek is not an active protective security device, like a firewall or intrusion prevention system. Rather, Zeek runs on a "sensor", a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs.

In this blog post we do some basic queries on some of the Zeek logfiles.

read more >>

Zeek runs as the user root by default when it is implemented on FreeBSD using the package system.

But we want a more secure setup than this and run Zeek as a normal user. Fortunately this is possible on our favorite Operating System!

read more >>

2020

I wanted to get more visibility in my network on the application and services level. An example of a current missing insight on my network is e.g. which domains are queried by the systems on my network? And no other tool than Zeek can answer this question the best! Zeek is a network security monitoring platform which generates rich network metadata that is very valuable for general network troubleshooting, getting insight in what happens on your network, and even for incident response and forensics!

This blog post is the first blog post of a series of posts about Zeek on FreeBSD! So more to come after this one.

read more >>

I am a FreeBSD user since version 2.2. And I've never used the FreeBSD native packet filtering firewall IPFW before.

But that changed a little while ago, so I've decided to write about it and share my insights and gained knowledge about this subject. So this blog post is about implementing an internet facing firewall using FreeBSD IPFW!

read more >>

If you run a FreeBSD system, you want to run it healthy you want to keep it up to date. A system in this case can be a physical system, a virtual machine or even a jail. And keeping it up to date means not only implementing newer versions of the Operating System and or packages, because of i.e. increased functionality, but also keep track of vulnerabilities of both and patch them when necessary. Thi s is vulnerability management!

But this is not as easy as it sounds! It involves identifying, classifying, prioritizing and mitigating the vulnerabilities, which can be a complex and difficult process!

read more >>

Software inventory is one of the 20 CIS Controls.

Up to recently I was not doing software inventory (and control) for the SoCruel.NU platform. The platform is (almost) completely based on FreeBSD and all hosts (physical, virtual, laptop) are managed with SaltStack, so it would be nic e if these can be used for this purpose. And it can!

read more >>

Inventory and control of your IT hardware and software based assets is one of the basic processes you must have in place managing and securing an IT infrastructure properly. Rumble is a network asset discovery tool and as of 2 June 2020 it is also available on FreeBSD!

In this post can read how to implement and use Rumble on FreeBSD.

read more >>

I was looking for a solution to increase the availability of my public websites. gdnsd is an authoritative-only name server. The initial ‘g’ stands for geographic, as gdnsd offers a plugin system for geographic (or other sorts of) balancing, redirection, and service-state-concious failover.

Ihis post explains how gdnsd is implemented at SoCruel.NU to achieve the availability goals.

read more >>

A writeup about the CIA triad for the infrastructure of this blog web site.

read more >>

A FreeBSD based file server is part of the SoCruel.NU infrastructure for some time now. All the devices accessing the file server have anti-virus software installed and configured. But the file server itself has not. So I decided to install and configure ClamAV on this file server.

read more >>

Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!

read more >>

syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.

read more >>

2019

The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see IPSec section). But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host.

How to implement and configure this is described in this post.

read more >>

I wrote an article about capture session data with Argus on FreeBSD for the BSD Mag back in 2012. BSD Mag does not publish new (BSD) magazines anymore, unfortunately. You can find the issue with my article here.

This post summarizes my article and continues with more advanced queries on the captured session data!

read more >>

2018

Most SoCruel internal web sites are configured with TLS using a private Certificate Authority (CA). These websites are also accessed by local FreeBSD systems. So these systems must have the SoCruel private CA certificate installed. This post explains how to do this on FreeBSD.

read more >>

SaltStack is one of the many system and configuration management solutions which is available for FreeBSD. It is used at SoCruel.NU for both implementation and management!

read more >>

This is the 4th post in the SaltStack on FreeBSD series. This post documents SaltStack commands to be performed on the master and minion to show SaltStack capabilities using its modules.

read more >>

This post documents how to setup a Salt minion (or client) role on a FreeBSD system. This post continues where the How to install Saltstack on FreeBSD blog post stops.

read more >>

I visited EuroBSDcon this year agaian which was held between 20 - 23 September 2018 in Bucharest, Rumania. This was the fifth time that I’ve visited a EuroBSDcon after 2011, 2012, 2016 and 2017.

So find a summary of my EuroBSDcon 2018 in this post.

read more >>

How to show the uptime of a FreeBSD system? When was the last reboot? These questions are answered in this blog post. Sometimes you just want to know for how long your system has been running. FreeBSD provides some tools to get you this info. These are presented in this blog post.

read more >>

The post How to install Saltstack on FreeBSD discusses the basics of Saltstack on FreeBSD. This post continues on this and describes how the Salt master role is setup on a FreeBSD system.

read more >>

On July 26th 2017 FreeBSD version 11.1 was announced. At that point in time almost the complete SoCruel.NU platform was running FreeBSD version 11.0.

This post describes the procedure used to upgrade the version 11.0 systems to version 11.1

read more >>

SaltStack is one of the many system and configuration management solutions which is available for FreeBSD. It is used at SoCruel.NU for both implementation and management! The basics of SaltStack on FreeBSD are discussed in this blog post.

read more >>

FreeBSD uses the csh as standard shell for the user accounts. This post shows how to get some colors with your prompt.

read more >>

FreeBSD uses the csh as standard shell for the user accounts. One of the most used commands in your shell is ls. This post shows how to get some colors with gnuls in this shell.

read more >>

How to implement Unbound and NSD on FreeBSD as an intranet DNS solution!

read more >>

SoCruel.NU visited EuroBSDcon this year which was held between 21 - 24 September 2017 in Paris, France. This was the fourth time that I've visited a EuroBSDcon after 2011, 2012 and 2016.

The tutorials didn't fit my agenda unfortunately, as they were very interesting (especially the BGP one). But nontheless I went to see 2 full days of nice talks in the city centre of Paris! Here is a summary of the talks I went to see.

read more >>

One of the main important tasks of a FreeBSD system administrator is keeping the applications running on it up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).

Nagios has a very good FreeBSD plugin to keep me up to date on the vulnerabilities and update status of my FreeBSD systems and its packages.

read more >>

One of the main important tasks of a FreeBSD system administrator is keeping the FreeBSD systems up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).

Nagios has some very good FreeBSD specific plugins to keep me up to date on the vulnerability and update status of my FreeBSD Operating Systems.

read more >>

Unbound (and ldns) are part of the FreeBSD for a while now. See the announcement from Dag-Erling Smørgrav. With ldns also came the new DNS lookup tool drill. drill provides the same functionality as dig.

How to use drill is shown in this post wih examples.

read more >>

One of the first things to take care of in a network is making sure that your infrastructure equipment like servers, routers, etc., run all the same time. The Network Time Protocol was developed for this specific purpose. FreeBSD has several ways of dealing with time and time synchronization. One way is using the OpenNTPD server which is based on requirements which I very much like.

read more >>

How to manage a FreeBSD infrastructure? If you have only 2 or 3 FreeBSD systems you prabably don’t need much. You run and manage the systems by using the tools provided by the operating system.

But what if your infrastructure has more than 10 FreeBSD systems? Then things can get more complicated and time consuming if you just stick with the standard tools. I manage more than 20 FreeBSD systems just in my spare time. To keep these systems up and running smoothly and securely I have to be smart and efficient.

The FreeBSD ecosystem has the right tools to do this! And these will be discussed in this post.

read more >>