A free Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD).
Questions tagged [freebsd]
17 questions
8
votes
1 answer
Is receiving IPv4 connections on AF_INET6 sockets insecure?
The FreeBSD man page for inet6 has the following:
By default, FreeBSD does not route IPv4 traffic to AF_INET6 sockets.
The default behavior intentionally violates RFC2553 for security
reasons. Listen to two sockets if you want to accept both IPv4…
imgx64
- 1,370
- 2
- 13
- 10
6
votes
1 answer
How secure is OpenSSH on FreeBSD?
In a discussion about the recent OpenSSL information disclosure vulnerability, the subject of OpenSSH being vulnerable came up. While OpenSSH is not vulnerable due to the problem lying in the TLS handshake, it opened discussion for the security of…
David Houde
- 5,464
- 1
- 27
- 22
4
votes
1 answer
How to use openssl ca with prime256v1?
I am new to the encryption world, and reading about this, most websites say to use the prime256v1 for better performance and security.
After some days testing, finally I get my openssl CA structure working, almost steps come from this guide:
FreeBSD…
Wisdom
- 41
- 1
- 4
3
votes
2 answers
Firewall egress filtering / quick whitelisting
Suppose your Aunt or Uncle is easily fooled by phishing attempts and their computer has multiple root kits and key loggers running. Assume their computing habits will never change.
Looking at his wireless router you can see that he only visits a…
user584583
- 215
- 1
- 12
3
votes
0 answers
Do BSD jails protect against some vulnerability class that LXC doesn't?
You can find many claims online regarding BSD jails being "better" in some way than Linux namespaces for containment, but they typically lack technical details.
From what I understand, the attack surface is pretty much equivalent (shared kernel…
viraptor
- 215
- 1
- 7
3
votes
1 answer
How can I ensure higher levels of privacy when hosting others' emails?
I can set up my own email server, and quite happy with it, using standard open source components - postfix, roundcube, etc on top of HardenedBSD or OpenBSD.
I'd like to offer the use of my email server to friends and family, as some of them have…
Stilez
- 1,664
- 8
- 13
2
votes
2 answers
How to hide or obfuscate the type of OS?
I get the OS type of a remote host by:
connecting to an open port (telnet 22);
using Nmap (nmap -A ).
What are techniques and how to hide or change the information about OS? I would like to get answers with respect to GNU/Linux or…
Apostle
- 123
- 8
2
votes
1 answer
Is native OpenZFS (on FreeBSD) block-level encryption secure?
I am considering using OpenZFS on FreeBSD. I am not quite sure how secure native OpenZFS encryption is? If somebody steals my server and the disks, is he able to decrypt the files?
In a Discord room I found a possible answer:
Native ZFS encryption…
Sybil
- 1,435
- 2
- 15
- 29
2
votes
1 answer
Is the traversal permission in a Unix filesystem exploitable by itself, in the absence of any other permissions/ACLs?
Scenario/question:
A unix directory tree has NTFv4 ACLs configured to allow an unprivileged account traversal on all dirs (but no other ACL granting further rights on any file/dir anywhere
In such a case, is it completely safe to universally grant…
Stilez
- 1,664
- 8
- 13
1
vote
0 answers
Tightly locking down a FreeBSD jail
Suppose one is running a single internet-facing daemon, as a service in a FreeBSD jail, and expects targeted hostile attacks targeting open WAN ports and services.
Like many services, the service and indeed its jail don't need interactive user login…
Stilez
- 1,664
- 8
- 13
1
vote
1 answer
Do systemd-nspawn containers provide the same security guarantees as FreeBSD jails?
I am evaluating the systemd-nspawn containers security and would like to know if the systemd-nspawn containers provide the same security guarantees as FreeBSD jails?
Specially, can an attacker escape from the container or manipulate the host?
z1naOK9nu8iY5A
- 111
- 1
1
vote
0 answers
Are BSD jails a "huge security liability"?
In this 2014 blog post from an apparently anti-BSD blog, the author criticizes BSD jails for being poorly designed and therefore insecure.
The opening paragraph reads:
If you’re thinking of employing FreeBSD jails in your server environment or use…
shadowtalker
- 541
- 4
- 11
1
vote
1 answer
Is BSD more secure than GNU/Linux?
BSD controls the OS while Linux is just a kernel. BSD is less popular than Linux, but which one is better in terms of security?
Henry WH Hack v3.0
- 2,109
- 2
- 23
- 37
0
votes
1 answer
Do I need dedicated firewall?
I have two servers in the datacenter.
FreeBSD <--> Windows Server
FreeBSD configured as a gateway for Windows Server.
What is the best:
FreeBSD has only firewall. All services are on the Win Server machine (e.g. firewall on FreeBSD, mail, web…
poison1456
- 11
0
votes
3 answers
Would FreeBSD and OpenBSD have similar known-past-vulnerability stats if they were configured similarly?
OpenBSD has had much fewer "code execution" vulnerabilities and even fewer exploits than FreeBSD, according to https://cvedetails.com…
MWB
- 303
- 2
- 11