Episode 52

Reverse Takeover

Download Subscribe
00:00:00
/
01:14:31
RSS Feed Download (51.2 MB) Link with Timestamp

August 27th, 2014

1 hr 14 mins 31 secs

Link with Timestamp

Download MP3 (51.2 MB)

Your Hosts
Tags
nginx os x time machine shawn webb pfsense dns server unbound bind nsd position-independent executables address space layout randomization pie aslr encryption reverse tunnel tunnel ssh interview bsd guide howto tutorial pcbsd dragonflybsd netbsd openbsd freebsd

About this Episode

Coming up this week, we'll be chatting with Shawn Webb about his recent work with ASLR and PIE in FreeBSD. After that, we'll be showing you how you can create a reverse SSH tunnel to a system behind a firewall... how sneaky. Answers to your emails plus the latest news, on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid

Headlines

FreeBSD foundation August update

  • The foundation has published a new PDF detailing some of their recent activities
  • It includes project development updates, the 10.1-RELEASE schedule and some of its new features
  • There is also a short interview with Dru Lavigne in the "voices from the community" section
  • If you're into hardware, there's another section about some new FreeBSD server equipment
  • In closing, there's an update on funding too ***

NSD for an authoritative nameserver

  • With BIND having been removed from FreeBSD 10.0, you might be looking to replace your old DNS setup
  • This article shows how to use NSD for an authoritative DNS nameserver
  • It's also got a link to a similar article on Unbound, the new favorite recursive and caching resolver (they work great together)
  • All the instructions are presented very neatly, with all the little details included
  • Less BIND means less vulnerabilities, everybody's happy ***

BIND and Nginx removed from OpenBSD

  • While we're on the topic of DNS servers, BIND was finally removed from OpenBSD as well
  • The base system contains both NSD and Unbound, so users can transition over between 5.6 (November of this year) and 5.7 (May of next year)
  • They've also removed nginx from the base system, in favor of the new custom HTTP daemon
  • BIND and Nginx are still available in ports if you don't want to switch
  • We're hoping to have Reyk Floeter on the show next week to talk about it, but scheduling might not work out, so it may be a little later on
  • With Apache gone in the upcoming 5.6, It's also likely that sendmail will be removed before 5.7 - hooray for modern alternatives ***

NetBSD demo videos

  • A Japanese NetBSD developer has been uploading lots of interesting videos
  • Unsurprisingly, they're all featuring NetBSD running on exotic and weird hardware
  • Most of them are demoing sound or running a modern Twitter client on an ancient computer
  • They're from the same guy that did the conference wrap-up we mentioned recently ***

Interview - Shawn Webb - shawn.webb@hardenedbsd.org / @lattera

Address space layout randomization in FreeBSD

Tutorial

Reverse SSH tunneling

News Roundup

Puppet master-agent installation on FreeBSD

  • If you've got a lot of BSD boxes under your control, or if you're just lazy, you've probably looked into Puppet before
  • The author claims a lack of BSD-specific Puppet documentation, so he decided to write up some notes of his own
  • He goes through some advantages of using this type of tool for deployments, even when you don't have a huge number of systems
  • The rest of the post explains how to set up both the master and the agent configurations ***

Misc. pfSense items

  • We found a few miscellaneous pfSense articles this past week
  • The first one is about the hunt for the "ultimate" free open source firewall, where pfSense is obviously a strong contender
  • The second one shows how to log NAT firewall states (a good way to find out which family member has been torrenting!)
  • In the third, you can see how to automatically back up your configuration files
  • The fourth item shows how to set up PXE booting with pfSense, similar to one of our tutorials ***

Time Machine backups on ZFS

  • If you've got a Mac you need to keep backed up, a FreeBSD server with ZFS can take the place of an expensive "time capsule"
  • This post walks you through setting up netatalk and mDNS for a very versatile Time Machine backup system
  • With a single command on the OS X side, you can write to and read from the BSD box just like a regular external drive
  • Surprisingly simple to do, recommended for anyone with Macs on their network ***

Lumina desktop preview

  • Lumina, the BSD-exclusive desktop environment, seems to be coming along nicely
  • The main developer has posted an update on the PCBSD blog with some screenshots
  • Lots of new features have been added, many of which are documented in the post
  • There just might be a BSD Now episode about Lumina coming up.. (cough cough) ***

Feedback/Questions