Blog

Blog Tags

Tags for all of the blog articles

Latest Blog Entries:

BSD Honeypots with Zeek talk accepted for Virtual ZeekWeek 2020

2020-10-08

I submitted a modified BSD Honeypots talk to ZeekWeek 2020 and the talk was accepted. This talk will be shorter and focus on the use of Zeek with the intel framework and a honeypot running within FreeBSD jails. Similar to BSDCan, Virtual ZeekWeek will be online only. You can still register, but viewing may be limited for certain talks. Virtual ZeekWeek 2020 will take place from October 13th through the 15th....

BSD Honeypots talk accepted at BSDCan 2020

2020-06-01

My talk, “BSD Honeypots - Of course it runs on BSD” was accepted by the BSDCan 2020 committee earlier this year. Due to the pandemic, BSDCan organizers moved the conference to an online format. All of the scheduled talks will be made available as a stream during their spot on the schedule. I checked today, and it appears that the conference will be freely available online, so take this opportunity to enjoy great BSD content from a great BSD conference....

New Website 2020

2020-04-09

After a long time, we have finally updated the website using HUGO to generate the static-site content. I wish to thank Project Trident for sharing their website setup on github, which our site is based on. In working through the setup, I even found a typo that helped both of our sites look better. We are looking forward to more content for the rest of 2020, including some blog posts coming up soon so stay safe and stay healthy....

Xorg and fun with local root privileges

2018-12-03

Last week, I gave a talk at the CharmBUG meetup on the recent Xorg vulnerability that allowed for local users to elevate their privileges through a vulnerability in the Xorg command line options. The vulnerability allowed users to overwrite files and run code as the root user. The original vulnerability was found in recent versions of Xorg on Debian, RHEL, and CentOS, but was not patched in OpenBSD until the details of the vulnerability were released....

Running CentOS with Bhyve

2018-01-10

With the addition of UEFI in FreeBSD (since version 11), users of bhyve can use the UEFI boot loader instead of the grub2-bhyve port for booting operating systems such as Microsoft Windows, Linux and OpenBSD. The following page provides information necessary for setting up bhyve with UEFI boot loader support: https://wiki.freebsd.org/bhyve/UEFI Features have been added to vmrun.sh to make it easier to setup the UEFI boot loader, but the following is required to install the UEFI firmware pkg:...

From BSDCan to vBSDCon

2017-08-04

As always, BSDCan 2017 was another great conference. I recommend BSDCan to anyone I speak to as one of the best BSD conferences to attend in this part of the world. I gave my talk on the State of Network Security Monitoring (NSM) tools on the BSD operating systems. The talk was well received, but I will be updating my slides when I give this talk again at vBSDCon with updated information and allow time for more questions....

Running Bro in a FreeBSD Jail

2017-01-18

A few weeks ago, a user on the Bro IDS mailing list was looking for a way to run Bro in a FreeBSD jail. FreeBSD jails provide the foundation of operating system-level virtualization, later utilized and enhanced by Solaris zones, and those containers that everyone thinks are something new. To avoid going on a complete rant, I recommend the following write-up as an overview of FreeBSD jails: https://www.freebsd.org/doc/handbook/jails.html The purpose of this howto is to document that basic steps necessary to use Bro within a FreeBSD jail....

Recap of BroCon and SuriCon 2016

2016-11-28

In September, I gave a talk about running Bro NSM on BSD operating systems. The talk was well received and stirred interest in the BSD operating systems and their use for network security monitoring. The slides (and at the some point the video) for my talk are posted here: https://www.bro.org/community/brocon2016.html One of the interesting things I learned at this conference, was the important role that FreeBSD plays in regards to Bro....

vmrun.sh - The default way to use bhyve on FreeBSD

2016-07-13

bhyve is a type-2 hypervisor that is installed by default in FreeBSD 10+. One of its greatest features is how simple the interface is to create and run virtual machines on FreeBSD. Since bhyve first appeared in FreeBSD 10, the operating systems support has expanded beyond FreeBSD and OpenBSD to include most Linux distributions and Microsoft Windows. In FreeBSD 11, bhyve will feature graphical support (UEFI-GOP) allowing for graphical UEFI installations....

Daemon Security, a Silver Sponsor of vBSDCon 2015

2015-09-08

Daemon Security is a “Silver Sponsor” of vBSDCon 2015, the biennial BSD conference hosted by Verisign, Inc. The conference will bring together members of the BSD community in a series of round-table discussions including presentations on various BSD topics including system administration, networking and security. Daemon Security is proud to be sponsoring this event for a second time to help solidify the BSD operating systems as the only choice for deploying security tools and solutions....

Hunter NSM - A modular platform for deploying network sensors

2015-07-27

Hunter NSM is a simple install script for Snort or Bro IDS with JSON logging configured for FreeBSD. This is a simplified version of the snorby install script, as the goal is to provide a modular platform to plug into any existing security architecture. The current version has been tested on FreeBSD 10.1 and HardenedBSD. The script is available on github: https://github.com/shirkdog/hunter-nsm Author: Michael Shirk...

zfscron - A great idea from the BSDNow podcast

2015-05-29

First off, if you are interested in all of the latest news and information on the BSD operating systems, you should checkout the [BSDNow] (http://www.bsdnow.tv) podcast. In the segment where Allan Jude and Kris Moore discuss viewer’s questions, Allan was talking about creating zfs snapshots of your home directory every 30 minutes or so. This seemed like a great idea to capture changes that may have occurred since the last daily backup in your user home directory....

Mumblehard - Malware that affects Linux and BSD Systems

2015-05-05

Several websites have discussed this writeup by Marc-Etienne M.Leveille of ESET in regards to the Mumblehard malware ESET discovered while working with a customer. Though Linux malware (just like OSX malware) is nothing new, this software included a very interesting binary packer that actually detects BSD systems. The attack vector for this malware was by way of Joomla and Wordpress exploits, and an illegal copy of DirectMailer, which installs the backdoor once the software is loaded (M....

jail.conf hack when upgrading from FreeBSD 9.x to 10

2015-04-29

If you are still using FreeBSD 9.x, you will want to migrate your jails to the new jail.conf format when you upgrade to FreeBSD 10. The new jail.conf format has been around since FreeBSD 9.1: jail.conf manpage In an effort to assist with migrating to the new jail.conf format, a template file is created based on the configuration of the jails within your rc.conf file. In the following example, a jail called “testjail” is configured in rc....

ZFS-Backup now supports a non-root user.

2015-01-14

zfsbackup.sh has been modified to use a non-root user with the necessary privileges to perform ZFS send/receive and to administer snapshots. The script was initially a proof-of-concept for providing an easy way to do backups. Now the zfsbackup.sh script requires a non-root user to operate. Checkout the updated code on github: http://github.com/shirkdog/zfsbackup/ Author: Michael Shirk...

Upgrading FreeBSD, make sure you upgrade your zpools

2014-12-29

Depending on the way you perform upgrades (freebsd-update or building from source) you may be interested in features that were added in the 10.1 release of FreeBSD for ZFS. The following options were added with the latest stable release of FreeBSD: spacemap_histogram</b> This features allows ZFS to maintain more information about how free space is organized within the pool enabled_txg Once this feature is enabled ZFS records the transaction group number in which new features are enabled....

ZFS Corruption: Postmortem

2014-09-17

Are you performing backups of your filesystems? A recent blog post described the process for using remote snapshots with ZFS to ensure data is backed up. This post describes an incident where data was almost lost on a ZFS filesystem due to a corrupted pool (Are you backing up your filesystems yet?). A VM running within VirtualBox only had a single VirtualDisk with ZFS as its filesystem. One day, while using the VM, the power went off on the host operating system....

Simple ZFS Backup Script

2014-08-05

ZFS is a powerful filesystem that helps to maintain integrity by avoiding data corruption. A useful feature of ZFS is its ability to clone filesystems. Creating snapshots allows for filesystems to be cloned and restored if anything happens to the original data. Going beyond this is the ability to maintain incremental changes between snapshots. There are a number of scripts available that setup a similar backup system, but the idea here is to maintain a current dataset, with the ability to restore from two previous backups....

Full Featured FreeBSD Desktop in 5 Minutes

2014-03-27

The FreeBSD community has been very excited about http://www.freebsd.org/doc/handbook/pkgng-intro.html, the next generation package manager now installed by default with FreeBSD 10. pkgng allows for binary packages to be installed in a similar fashion to yum or apt-get on Linux. The most important feature of binary packages is the speed at which a system can be deployed. pkgng allows for the creation of custom repos that can be configured with pkg.conf files....

Updates for the Daemon Security Blog and website

2014-01-03

An archive has been created to save older blog postings in an effort to provide updated content for current initiatives. The Snorby installation script has been placed on github where development will be tracked. New blog postings will be coming in the next few weeks including the steps for building Bro IDS on OpenBSD and other BSD configuration options. Author: Michael Shirk...

Daemon Security, a Silver Sponsor of vBSDCon 2013

2013-10-07

Daemon Security is a “Silver Sponsor” of vBSDCon 2013, the first biennial BSD conference being hosted by Verisign, Inc. The conference will bring together members of the BSD community in a series of round-table discussions including presentations on various BSD topics including system administration, networking and security. Daemon Security is proud to be sponsoring this event to help solidify the BSD operating systems as the only choice for deploying security tools and solutions....

Cisco Acquires Sourcefire, what of open source security?

2013-07-24

Cisco announced on July 23rd that it will be acquiring Sourcefire for 2.7 billion dollars. The first reaction from everyone in the Snort community was, “What will happen with open source Snort?”. Marty Roesch, Founder and CTO of Sourcefire and the author of the Snort IDS assured everyone that Snort will remain free and open source. Even with the worse case being that Cisco does not support open source Snort, where does this leave the state of open source security?...

BSD Magazine Article for Jails Firewall with pdf

2013-06-08

The May BSD Magazine has been released which includes an article about configuring the pf firewall with FreeBSD jails. This article provides a way to expose jailed services with pf. The article is available at http://bsdmag.org/magazine/1838-jails-firewall-with-pf...

BSD Magazine Article for FreeBSD MAC Part 5

2013-03-26

The March BSD Magazine has been released which includes the fifth and final part of the “Hardening FreeBSD with Mandatory Access Controls” articles. This article highlights the mac_ifoff, mac_portacl, and MAC LOMAC modules. The article is available at http://bsdmag.org/magazine/1832-handling-kernel-panic...

BSD Magazine Article for FreeBSD MAC Part 4

2012-12-21

The December BSD Magazine has been released which includes part 4 of the “Hardening FreeBSD with Mandatory Access Controls” which highlights the mac_seeotheruids module. The article is available at http://bsdmag.org/magazine/1826-linux-jails-in-pc-bsd...

BSD Magazine Article for FreeBSD MAC Part 3

2012-09-12

The September BSD Magazine has been released which includes part 3 of the “Hardening FreeBSD with Mandatory Access Controls” which highlights the mac_bsdextended module and the ugidfw utility. The article is available at http://bsdmag.org/magazine/1812-what-s-new-in-pc-bsd-9-1...

The one thing cloud computing is supposed to do is not fail

2012-07-17

Two interesting failures in cloud computing occurred over the past couple of weeks. The first failure was a power outage caused by severe storms that brought down the East Coast Cloud services for Amazon (Cohen, 2012). The outage affected sites like Netflix as it disrupted streaming services for customers (Cohen, 2012). The second failure occurred when a electrical glitch brought down power in the Salesforce data center in Silicon Valley (Babcock, 2012)....

Copyright © 2020 Daemon Security Inc. | Privacy Policy
Terms and Conditions | Email Daemon Security
443-579-5162