SoCruel.NU

The domain that loves BSD

Home About Me Archive Contact

FreeBSD related posts

2020

Software inventory is one of the 20 CIS Controls.

Up to recently I was not doing software inventory (and control) for the SoCruel.NU platform. The platform is (almost) completely based on FreeBSD and all hosts (physical, virtual, laptop) are managed with SaltStack, so it would be nice if these can be used for this purpose. And it can!

read more >>

Inventory and control of your IT hardware and software based assets is one of the basic processes you must have in place managing and securing an IT infrastructure properly. Rumble is a network asset discovery tool and as of 2 June 2020 it is also available on FreeBSD!

In this post can read how to implement and use Rumble on FreeBSD.

read more >>

I was looking for a solution to increase the availability of my public websites. gdnsd is an authoritative-only name server. The initial ‘g’ stands for geographic, as gdnsd offers a plugin system for geographic (or other sorts of) balancing, redirection, and service-state-concious failover.

Ihis post explains how gdnsd is implemented at SoCruel.NU to achieve the availability goals.

read more >>

A FreeBSD based file server is part of the SoCruel.NU infrastructure for some time now. All the devices accessing the file server have anti-virus software installed and configured. But the file server itself has not. So I decided to install and configure ClamAV on this file server.

read more >>

Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!

read more >>

syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.

read more >>

2019

The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see IPSec section). But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host.

How to implement and configure this is described in this post.

read more >>

I wrote an article about capture session data with Argus on FreeBSD for the BSD Mag back in 2012. BSD Mag does not publish new (BSD) magazines anymore, unfortunately. You can find the issue with my article here.

This post summarizes my article and continues with more advanced queries on the captured session data!

read more >>

2018

Most SoCruel internal web sites are configured with TLS using a private Certificate Authority (CA). These websites are also accessed by local FreeBSD systems. So these systems must have the SoCruel private CA certificate installed. This post explains how to do this on FreeBSD.

read more >>

SaltStack is one of the many system and configuration management solutions which is available for FreeBSD. It is used at SoCruel.NU for both implementation and management!

read more >>

This is the 4th post in the SaltStack on FreeBSD series. This post documents SaltStack commands to be performed on the master and minion to show SaltStack capabilities using its modules.

read more >>

This post documents how to setup a Salt minion (or client) role on a FreeBSD system. This post continues where the How to install Saltstack on FreeBSD blog post stops.

read more >>

How to show the uptime of a FreeBSD system? When was the last reboot? These questions are answered in this blog post. Sometimes you just want to know for how long your system has been running. FreeBSD provides some tools to get you this info. These are presented in this blog post.

read more >>

The post How to install Saltstack on FreeBSD discusses the basics of Saltstack on FreeBSD. This post continues on this and describes how the Salt master role is setup on a FreeBSD system.

read more >>

On July 26th 2017 FreeBSD version 11.1 was announced. At that point in time almost the complete SoCruel.NU platform was running FreeBSD version 11.0.

This post describes the procedure used to upgrade the version 11.0 systems to version 11.1

read more >>

SaltStack is one of the many system and configuration management solutions which is available for FreeBSD. It is used at SoCruel.NU for both implementation and management! The basics of SaltStack on FreeBSD are discussed in this blog post.

read more >>

FreeBSD uses the csh as standard shell for the user accounts. This post shows how to get some colors with your prompt.

read more >>

FreeBSD uses the csh as standard shell for the user accounts. One of the most used commands in your shell is ls. This post shows how to get some colors with gnuls in this shell.

read more >>

How to implement Unbound and NSD on FreeBSD as an intranet DNS solution!

read more >>

One of the main important tasks of a FreeBSD system administrator is keeping the applications running on it up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).

Nagios has a very good FreeBSD plugin to keep me up to date on the vulnerabilities and update status of my FreeBSD systems and its packages.

read more >>

One of the main important tasks of a FreeBSD system administrator is keeping the FreeBSD systems up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).

Nagios has some very good FreeBSD specific plugins to keep me up to date on the vulnerability and update status of my FreeBSD Operating Systems.

read more >>

Unbound (and ldns) are part of the FreeBSD for a while now. See the announcement from Dag-Erling Smørgrav. With ldns also came the new DNS lookup tool drill. drill provides the same functionality as dig.

How to use drill is shown in this post wih examples.

read more >>

One of the first things to take care of in a network is making sure that your infrastructure equipment like servers, routers, etc., run all the same time. The Network Time Protocol was developed for this specific purpose. FreeBSD has several ways of dealing with time and time synchronization. One way is using the OpenNTPD server which is based on requirements which I very much like.

read more >>

How to manage a FreeBSD infrastructure? If you have only 2 or 3 FreeBSD systems you prabably don’t need much. You run and manage the systems by using the tools provided by the operating system.

But what if your infrastructure has more than 10 FreeBSD systems? Then things can get more complicated and time consuming if you just stick with the standard tools. I manage more than 20 FreeBSD systems just in my spare time. To keep these systems up and running smoothly and securely I have to be smart and efficient.

The FreeBSD ecosystem has the right tools to do this! And these will be discussed in this post.

read more >>