FreeBSD related posts
Software inventory is one of the 20 CIS Controls.
Up to recently I was not doing software inventory (and control) for the SoCruel.NU platform. The platform is (almost) completely based on FreeBSD and all hosts (physical, virtual, laptop) are managed with SaltStack, so it would be nice if these can be used for this purpose. And it can!
Inventory and control of your IT hardware and software based assets is one of the basic processes you must have in place managing and securing an IT infrastructure properly. Rumble is a network asset discovery tool and as of 2 June 2020 it is also available on FreeBSD!
I was looking for a solution to increase the availability of my public websites. gdnsd is an authoritative-only name server. The initial ‘g’ stands for geographic, as gdnsd offers a plugin system for geographic (or other sorts of) balancing, redirection, and service-state-concious failover.
Ihis post explains how gdnsd is implemented at SoCruel.NU to achieve the availability goals.
A FreeBSD based file server is part of the SoCruel.NU infrastructure for some time now. All the devices accessing the file server have anti-virus software installed and configured. But the file server itself has not. So I decided to install and configure ClamAV on this file server.
Open source solutions to check syslog log messages exist, such as Logcheck or Logwatch. Although these are not to difficult to implement and maintain, I still found these to much. So I went for my own home grown solution to check the syslog messages of the SoCruel.NU central log host. And the solution presented in this blog post works pretty well for me!
syslog-ng is the Swiss army knife of log management. You can collect logs from any source, process them in real time and deliver them to wide range of destinations. It allows you to flexibly collect, parse, classify, rewrite and correlate logs from across your infrastructure. This is why syslog-ng is the perfect solution for the central log host of my (mainly) FreeBSD based infrastructure.
The FreeBSD handbook describes an IPSec VPN tunnel between 2 FreeBSD hosts (see IPSec section). But it is also possible to have multiple, 2 or more, IPSec VPN tunnels created and running on a FreeBSD host.
How to implement and configure this is described in this post.
I wrote an article about capture session data with Argus on FreeBSD for the BSD Mag back in 2012. BSD Mag does not publish new (BSD) magazines anymore, unfortunately. You can find the issue with my article here.
This post summarizes my article and continues with more advanced queries on the captured session data!
Most SoCruel internal web sites are configured with TLS using a private Certificate Authority (CA). These websites are also accessed by local FreeBSD systems. So these systems must have the SoCruel private CA certificate installed. This post explains how to do this on FreeBSD.
How to show the
uptime of a FreeBSD system? When was the last reboot? These questions are answered in this blog post. Sometimes you just want to know for how long your system has been running. FreeBSD provides some tools to get you this info. These are presented in this blog post.
SaltStack is one of the many system and configuration management solutions which is available for FreeBSD. It is used at SoCruel.NU for both implementation and management! The basics of SaltStack on FreeBSD are discussed in this blog post.
One of the main important tasks of a FreeBSD system administrator is keeping the applications running on it up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).
One of the main important tasks of a FreeBSD system administrator is keeping the FreeBSD systems up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).
Unbound (and ldns) are part of the FreeBSD for a while now. See the announcement from Dag-Erling Smørgrav. With ldns also came the new DNS lookup tool drill. drill provides the same functionality as dig.
How to use drill is shown in this post wih examples.
One of the first things to take care of in a network is making sure that your infrastructure equipment like servers, routers, etc., run all the same time. The Network Time Protocol was developed for this specific purpose. FreeBSD has several ways of dealing with time and time synchronization. One way is using the OpenNTPD server which is based on requirements which I very much like.
But what if your infrastructure has more than 10 FreeBSD systems? Then things can get more complicated and time consuming if you just stick with the standard tools. I manage more than 20 FreeBSD systems just in my spare time. To keep these systems up and running smoothly and securely I have to be smart and efficient.
The FreeBSD ecosystem has the right tools to do this! And these will be discussed in this post.