RELEASE: SoloPi 12.0-CURRENT

We are pleased to announce SoloPi, our Raspberry Pi 2 build based on HardenedBSD 12.0-CURRENT

You can grab it from Here. (160.3 Mb)

Decompress it, and copy the image to your microSD card.

At least a 4 GB microSD card is required.

user: solobsd
password: solobsd

SoloBSD 10.3-STABLE-v46.21

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.21

Changelog v46.21

Packages:

• cpdup
• dmidecode
• e2fsprogs
• ipmitool
• nano
• rsync
• smartmontools
• tmux
• htop
• mksh
• ksh93

Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from
Here (img file). (62 Mb)
Here (tar file). (51.5 Mb)
Here (iso file). (51.8 Mb)

 root password: solobsd

Sonido en TrueOS

Para habilitar el sonido en mi laptop Acer Aspire E 15, solo necesitamos añadir en /etc/sysctl:

dev.hdac.0.polling=1

SoloBSD 10.3-STABLE-v46.19

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.19

Changelog v46.19
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50.8 Mb)

 root password: solobsd

SoloBSD 10.3-STABLE-v46.18

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.18

Changelog v46.18
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50.6 Mb)

 root password: solobsd

SoloBSD 10.3-STABLE-v46.17

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.17

Changelog v46.17
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50.6 Mb)

 root password: solobsd

SoloBSD 10.3-STABLE-v46.16

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.16

Changelog v46.16
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50.5 Mb)

 root password: solobsd

SoloBSD 6.0.2 - OpenBSD Edition

There is a new build for SoloBSD 6.0.2-OpenBSD Edition built upon  OpenBSD 6.0 and i3wm as our Desktop Environment.

Changelog v6.0

Changelog SoloBSD 6.0.2:
- Fixed font package mispell
- i3status file cleanup

This respin is based on the work of the SnasciOS project.

Installed packages are:

• i3
• Firefox
• Hexchat
• Git
• feh
• rofi
• compton
• dunst
• scrot
• liberation-fonts
• noto-fonts
• Powerline-fonts
• roboto-fonts
• ubuntu-fonts

The i3wm runs with customized conf and i3status.conf files which you can override creating yours. $mod key is set to Windows key.

Installation is exactly the same as installing OpenBSD, just add +site60.tgz in the packages selection stage. After the install you will be prompted for your OpenBSD mirror of preference in order to install our selection of software packages. On completion of install, reboot and enjoy!

You can grab it from Here. (516 Mb)

SoloBSD 6.0.1 - OpenBSD Edition

There is a new build for SoloBSD 6.0.1-OpenBSD Edition built upon  OpenBSD 6.0 and i3wm as our Desktop Environment.

Changelog v6.0

Changelog SoloBSD 6.0.1:
- Added fonts packages
- i3 conf file cleanup

This respin is based on the work of the SnasciOS project.

Installed packages are:

• Firefox
• Hexchat
• Git
• feh
• rofi
• compton
• dunst
• scrot
• liberation-fonts
• noto-fonts
• Powerline-fonts
• roboto-fonts
• ubuntu-fonts

The i3wm runs with customized conf and i3status.conf files which you can override creating yours. $mod key is set to Windows key.

Installation is exactly the same as installing OpenBSD, just add +site60.tgz in the packages selection stage. After the install you will be prompted for your OpenBSD mirror of preference in order to install our selection of software packages. On completion of install, reboot and enjoy!

You can grab it from Here. (516 Mb)

SoloBSD 10.3-STABLE-v46.15

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.15

Changelog v46.15
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50 Mb)

 root password: solobsd

RELEASE: SoloBSD 6.0 - OpenBSD Edition

We are pleased to announce the new RELEASE of SoloBSD 6.0-OpenBSD Edition built upon  OpenBSD 6.0 and i3wm as our Desktop Environment.

Changelog v6.0

This respin is based on the work of the SnasciOS project. Installed packages are Firefox, Hexchat, Git, rofi, compton, dunst and scrot.

The i3wm runs with customized conf and i3status.conf files which you can override creating yours. $mod key is set to Windows key.

Installation is exactly the same as installing OpenBSD, just add +site60.tgz in the packages selection stage. After the install you will be prompted for your OpenBSD mirror of preference in order to install our selection of software packages. On completion of install, reboot and enjoy!

You can grab it from Here. (516 Mb)

SoloBSD 10.3-STABLE-v46.14

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.14

Changelog v46.14
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50 Mb)

 root password: solobsd

SoloBSD 10.3-STABLE-v46.13

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.13

Changelog v46.13
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (50 Mb)

 root password: solobsd

SoloBSD 11-BETA3

There is a new release of SoloBSD 11-BETA3 based on the latest HardenedBSD 11 stable branch v46

Changelog v46
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (141.7 Mb)

 root password: solobsd

SoloBSD 10.3-STABLE-v46.6

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.6

Changelog v46.6
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (48.3 Mb)

 root password: solobsd

SoloBSD 10.3-STABLE-v46.5

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.5

Changelog v46.5
Now with heal-harddrive.sh script included from Martin Sugioarto. Check Instructions of use.

WARNING:

Be aware that running it on a drive containing a filesystem will DESTROY data, metadata and perhaps even the entire filesystem.
MAKE SURE YOU HAVE BACKUPS!

You can grab it from Here. (48.4 Mb)

 root password: solobsd

SoloBSD Mastering: GELI

Ok, since I am reading Michael Lucas' FreeBSD Mastery: Storage Essentials I decided to get my hands dirty and learn about GELI and disk encryption. Here are my notes:

First of all, you need a new device to encrypt, you can encrypt existing devices, but you need to backup data first. I assume too that you have GELI up and running.

• Randomizing the device.

          We want our device to be filled by randomness, so we apply three teaspoons of it:

           dd if=/dev/random of=/dev/ada0p1 bs=1m

           I went the easy way and encrypted without a key file, this is NOT RECOMMENDED, so create your key file. (You can find how in the book :) )

• Initializing the provider.

           geli init -s 4096 /dev/ada1p1

          You will receive the next message:

Metadata backup can be found in /var/backups/ad1p1.eli and can be restored with the following command:

# geli restore /var/backups/ada1p1.eli /dev/ada1p1

• Activate the device.

geli attach /dev/ada1p1

Ok now you have your device ready, let's create a new filesystem on it and mount it:

newfs -j /dev/ada1p1.eli

 mount /dev/ada1p1.eli /mnt/

Done? Ok now unmount and detach it.

umount /mnt

 geli detach ada1p1.eli

Groovy!

Editando en Modo de Rescate

Cuando necesites cambiar la configuración de algún archivo, mientras estás en modo de rescate, solo debes hacer:

# fsck -y
# mount -u /
# /rescue/vi /etc/fstab
# mount -a
# exit

Y listo!

SoloBSD 10.3-STABLE-v46.4

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.4

Changelog v46.4

You can grab it from Here. (47.6 Mb)

 root password: solobsd

SoloBSD Mastering: ezjail and iocage

Today I decided to give a try again on jails in FreeBSD/HardenedBSD and found this great Tutorial about handling jails with ezjail.

I must confess that this is the first time I am playing around with jails, mostly because I have always used BSD systems inside Virtual Machines and didn´t know if I can run jails inside VMs. But now I know you can!

It is really simple to deploy a jail using ezjail, you can customize your jail using the configuration file and you are good to go. I have small issues on HardenedBSD because ezjail by default fetches source packages from ftp.freebsd.org. I wanted to create a HardenedBSD jail fetching packages but at the moment the project doesn´t have an FTP site configured for this. So I had to go with FreeBSD sources.

I had to install it without ports because HardenedBSD doesn´t use portsnap. But at the end I was able to log into the jail without any problems and was able to install packages inside of the jail. I know there are several more ways to install FreeBSD inside a jail, which I will explore in future posts.

UPDATE: 

I just tried with iocage, following this excellent Tutorial and I think it is easier to manage jails with it. You need less things to be configured in order to run the jail.

This time the test system was PC-BSD, and pulled FreeBSD 10.2-RELEASE sources, this system is running with ZFS and iocage created all datasets needed automatically, how cool is that?

Comparing with Docker, I think I like jails more!

SoloBSD 10.3-STABLE-v46.2

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.2

- Changelog v46.2

You can grab it from Here. (61.7 Mb)

root password: solobsd

SoloBSD Mastering: GitHub

For some weeks, I have been trying to use GitHub to manage the SoloBSD Project and make things easier for me.

So I started documenting myself and first I got to this useful Cheat Sheet. With the help of this one I was able to clone, pull, make changes to my code and push them to the remote repo. But something was missing, I need to sync my modified repo with the official HardenedBSD Stable repo in order to have the latest commits in mine.

I found this straightforward video:

Basically, what I did was:

• Add an upstream inside my project's path.
• Fetch the changes from it.
• Merge the changes into my code.
• Push them into my remote repo.

Voilà! Now my GitHub repo is synced with the HardenedBSD Stable repo.

Groovy!

SoloBSD 10.3-STABLE-v46.1

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46.1

- Changelog v46.1

You can grab it from Here. (61.6 Mb)

root password: solobsd

SoloBSD 10.3-STABLE-v46

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 46

- Changelog v46

You can grab it from Here. (61.7 Mb)

root password: solobsd

SoloBSD 10.3-STABLE-v44.6

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.6

- Changelog v44.6
- Switched to Python3.5 interpreter.
- Now with PIE on base!

You can grab it from Here. (60.6 Mb)

root password: solobsd

BSD Cards

El año pasado estuve editando las GNU/Linux Cards creadas por Ugo Yak, para crear una versión de las BSD Cards. Por ahí las dejé olvidadas y ahora me he decidido a continuarlas, por lo que iré publicando de una en una para tener tiempo de crear más.

Sirva esto también para ayudar a promover los sistemas operativos BSD.

Aquí la primera:

#1.- FreeBSD

Problemas con pkg en FreeBSD/HardenedBSD

Si alguna vez has tenido problemas con pkg y al momento de instalar cualquier paquete te topas con un error parecido al siguiente:

Fetching cyrus-sasl-2.1.26_12.txz: 100%  467 KiB 478.5kB/s    00:01   
pkg: cached package cyrus-sasl-2.1.26_12: size mismatch, fetching from remote
Fetching cyrus-sasl-2.1.26_12.txz: 100%  467 KiB 478.5kB/s    00:01   
pkg: cached package cyrus-sasl-2.1.26_12: size mismatch, cannot continue

 Solamente debes ejecutar:

pkg update -f

Y asunto arreglado!

Añadiendo Discos Nuevos en FreeBSD

Para añadir discos nuevos a un sistema con FreeBSD, simplemente añadimos el disco y como root hacemos:

# gpart create -s GPT ada1
# gpart add -t freebsd-ufs -a 1M ada1

 Listo! Ahora sí, a crear un nuevo sistema de archivos y montarlo.

SoloBSD 10.3-STABLE-v44.5

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.5

- Changelog v44.5
- Added Python3.4 interpreter.

You can grab it from Here. (58.7 Mb)

root password: solobsd

UPDATE: I've added a tar file in order to be able to create a rescue partition. Just follow the instructions below.

a) create your UFS partition with sysinstall or gpart (e.g. ada0p2)
b) create a filesystem on the partition (e.g. newfs /dev/ada0p2)
c) mount the slice and extract your .tar file on it
d) configure a bootmanager (e.g. gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0)
e) boot from your rescue system and enjoy :)

You can grab it from Here. (60.6 Mb)

UPDATE 2: Ok, now you have Python to start learning, but, you want to keep your .py files! Now we have persistency. Just dd this image (71 Mb) to a USB drive or Hard Drive and you are ready to go!

SoloBSD 10.3-STABLE-v44.4

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.4

- Changelog v44.4

You can grab it from Here. (45.8 Mb)

root password: solobsd

SoloBSD 10.3-STABLE-v44.3

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.3

- Changelog v44.3

You can grab it from Here. (45.8 Mb)

root password: solobsd

SoloBSD 10.3-STABLE-v44.2

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.2

- Changelog v44.2

You can grab it from Here. (45.8 Mb)

root password: solobsd

SoloBSD 10.3-STABLE-v44.1

There is a new build of SoloBSD 10.3-STABLE based on the latest HardenedBSD stable branch version 44.1

- Changelog v44.1

You can grab it from Here. (45.8 Mb)

root password: solobsd

SoloBSD 10.3-PRERELEASE-v44

There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 44

- Changelog v44

You can grab it from Here. (45.8 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-PRERELEASE-v42.2

There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 42.2

- Changelog v42.2

You can grab it from Here. (45.7 Mb)

root password: solobsd

Lección sobre PIE, RELRO, BIND NOW y compatibilidad W^X

Esta mañana estuve charlando con Shawn Webb en el canal de IRC #HardenedBSD, acerca del nuevo soporte para PIE + RELRO + BIND NOW + compatibilidad W^X en Firefox para HardenedBSD y esto es lo que me comentó:

lattera SoloBSD: also, I hope you enjoy PIE + RELRO + BIND NOW + W^X compat firefox like I am ;)
SoloBSD what all of those things do?
SoloBSD PIE is Position-Independent Executable
SoloBSD I almost got that
SoloBSD so it is randomly running in memory space right?
lattera PIE means that the application itself will be loaded in a random spot in memory
lattera RELRO means that the relocation section will be marked as read-only
lattera BIND NOW means that the runtime linker will resolve all symbols (like functions, variables, etc.) immediately, before running the application
SoloBSD RELRO ----> cause sometimes is maked as r/w
SoloBSD right?
lattera if an application doesn't use RELRO, the part in memory where the relocation entries are located will be marked as RW
SoloBSD so what can go wrong there?
lattera W^X compat means that its javascript interpreter won't create RWX memory mappings
SoloBSD someone can write there?
lattera yeah, there's a part of the application called the PLT/GOT
lattera and that part is abused by attackers
SoloBSD got it
lattera if it's marked as RW, then an attacker can redirect function calls
lattera so when you think your application is calling printf(), it's really calling evil_printf()
SoloBSD ohhh interesting, and the same goes for W^X, right?
lattera kinda/sorta, but not really
lattera if a memory mapping is marked as RWX, then an attacker could write arbitrary code into that mapping and execute it
lattera W^X means "exclusively write or execute, but not both"
lattera so if a memory mapping is marked as writable, it can't be marked as executable
lattera and if a memory mapping is marked as executable, it can't be marked as writable
SoloBSD got that now
SoloBSD ok question on PIE, correct me if I'm wrong, which is likely possible, from the HBSD Internals lecture:
SoloBSD OpenBSD does the same, but we already know where the memory stack lives, right? which doesn't happen with HBSD
lattera OpenBSD has enabled PIE for all of base, something which we haven't done, yet
lattera we have PIE enabled for certain applications like ssh and sshd
lattera and HardenedBSD is the only BSD with true stack randomization, if I remember right
lattera meaning we randomize the top of the stack address
SoloBSD and that's why we love it, right?????
SoloBSD :)
lattera we still also utilize a random stack gap, too, to provide more entropy

Espero sirva para entender un poco más cómo funciona todo esto en HardenedBSD.

RELEASE: SoloBSD 10.3-PRERELEASE-v42.1

There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 42.1

- Changelog v42.1

You can grab it from Here. (44.8 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-BETA3-v41.1

There is a new build of SoloBSD 10.3-BETA3 based on the latest HardenedBSD stable branch version 41.1

- Changelog v41.1

You can grab it from Here. (42.2 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-BETA3-v41

There is a new build of SoloBSD 10.3-BETA3 based on the latest HardenedBSD stable branch version 41

- Changelog v41

You can grab it from Here. (42.2 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-BETA2-v40.4

There is a new build of SoloBSD 10.3-BETA2 based on the latest HardenedBSD stable branch version 40.4

- Changelog v40.3
- Changelog v40.4

You can grab it from Here. (42.1 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-BETA1-v40.2

There is a new build of SoloBSD 10.3-BETA1 based on the latest HardenedBSD stable branch version 40.2

- Changelog v40.2

You can grab it from Here. (42.1 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-PRERELEASE-v40.1

There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 40.1

- Changelog v40.1

You can grab it from Here. (42.1 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-PRERELEASE-v40

There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 40

- Changelog v40

Packages:

- Removed package smartmontools

We have done some changes on the kernel, making it smaller.

You can grab it from Here. (42 Mb)

root password: solobsd

RELEASE: SoloBSD 10.3-PRERELEASE-v39.2

There is a new build of SoloBSD 10.3-PRERELEASE based on the latest HardenedBSD stable branch version 39.2

- Changelog v39.2

We have done some changes on the kernel, making it smaller.

You can grab it from Here. (42 Mb)

root password: solobsd

Manual de PC-BSD 10.2

Es para mi un honor anunciarles la finalización de los trabajos de traducción del Manual de PC-BSD al español en su versión 10.2

Fueron 10 arduos meses en los que nos propusimos terminar lo poco que había traducido en ese momento y el día de hoy finalmente está completado y revisado.

Agradezco la colaboración de:

fcaminiti
ManuelMegias

Quienes dedicaron parte de su tiempo libre a completar este esfuerzo.

Con este esfuerzo, el Español, es el primer idioma en que es traducido el Manual de PC-BSD completamente.

Gracias.

Pueden consultar la edición HTML en este enlace.

Pueden obtener la edición en ePub en este enlace.

RELEASE: SoloBSD 10.2-STABLE-v39

There is a new build of SoloBSD 10.2 based on the latest HardenedBSD stable branch version 39.1

- Changelog v39

- Changelog v39.1

Updated packages:

- rsync 3.1.2_1

You can grab it from Here. (45.5 Mb)

root password: solobsd

RELEASE: SoloPi 11.0-CURRENT

We are pleased to announce SoloPi, our Raspberry Pi 2 build based on FreeBSD 11.0-CURRENT

You can grab it from Here. (161.6 Mb)

Decompress it, and copy the image to your microSD card.

At least a 4 GB microSD card is required.

user: solopi
password: solopi