/bsd/

File: Screen Shot 2016-10-27 at 23.19.10.png (2MB, 1080x1920px) Image search: [Google]

2MB, 1080x1920px

>>57297444

this is now a friendly apple general - /fag/

>>57297444
is OpenBSD's pkg_add and installation process vulnerable to MITM? Assuming I have a legitimate installation media

>>57297444
Are you going to buy a Talos?

>>57297503
No

>>57297674
How is it done? Keys built into the system? Can you provide a source for that? I haven't been able to find anything

How hard would it be to get into FreeBSD for home server use if I've been using various linux distros for 5-6 years now?

>>57297707
Syntax is a bit different, occasional compatibility issues but nothing a quick Google search wouldn't solve

>>57297722
What about smb share support? I only have one Windows PC but I would like to be able to set up a scheduled backup to my NAS.

Thanks for the help, anon.

>>57297706
Keys that ship with the default repos. Any external repo and the external programs themselves are vulnerable though.

>>57297830
If I use one of the servers hosted on OpenBSD.org for pkg path would I be safe?
And again, could you please provide citation for that? I haven't been able to find any info about it
>>57297793
I don't know anything about SMB, sorry anon
However after a quick search I found this link:
https://www.dan.me.uk/blog/2010/09/27/installing-samba-for-windows-file-sharing-in-freebsd/
It seems pretty elaborate

I'm currently trying out FreeBSD and i'm pretty happy with it except for the fact that i can't get around installing Steam on it with the linux compatibility feature, pls send help.

>>57297941
https://www.openbsd.org/faq/faq15.html
I'm still looking for a better source but it shows the line where it checks the signature on the package

>>57297941
OpenBSD comes with a signify(1) key, stored as /etc/signify/*-pkg.pub

Every package (.tgz) is hashed with sha256(1) and the result is stored in the SHA256 file (Think of it as an index file).
The SHA256 file is signed with the signify(1) key from the developers (saved as SHA256.sig).
pkg_add(1) will generate a hash of the downloaded .tgz with sha256(1) and then match it in the SHA256 file.
It will also check SHA256's signature (SHA256.sig)

Example SHA256.sig: ftp://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/SHA256.sig

So, if you trust the key stored in /etc/signify/*-pkg.pub then you can trust any OpenBSD mirror (even if its plain HTTP or FTP).
You can verify the signature by asking someone you trust (signify(1) creates small fingerprints so its pretty easy for a human) or buy a OpenBSD cd set (they include the signature).
Maybe just downloading the initial base install.iso or install.fs over https at https://ftp.openbsd.org/pub/OpenBSD/ is good enough for you.


BTW, every file within the .tgz is also hashed and verified after extraction (+CONTENTS file), this isn't really for combating MITM though.

>>57297444
How does one patch KDE2 under FreeBSD?

>>57298437
very carefully haha

>>57298113
>closed source software
>>>/soc/

>>57298141
>>57298238
Thank you

>>57297444
Does *BSD have application level firewall? How can I block a specific software from accessing the internet?

>>57298879
Could probably pick the port it's on.

>>57298879
Block it's port, as that's what they are.

>>57297707
Don't bother with FreeBSD.
https://vez.mrsk.me/freebsd-defaults.txt

>>57297941
>If I use one of the servers hosted on OpenBSD.org for pkg path would I be safe?

OpenBSD's pkg_add tool only installs signed packages by default. You have to manually go out of your way and specify options to install anything that does not pass the signature check.

are the FreeBSD ports really unaudited & insecure?

>>57298879
>Does *BSD have application level firewall? How can I block a specific software from accessing the internet?

You could also run the program as a dedicated user and block all internet traffic from that user in pf.conf

>>57299137
yes. with the exception of just a few ports on openbsd, pretty much all packages on every open source os are unaudited. freebsd's package manager has some security issues of its own though...

>>57299112
What about FreeNAS/NAS4Free?

#baot on rizon
``BSD and other things''

>>57297707
Pretty easy transition if you're used to distros without SystemD. I run Plex off of a BSD server, but I'm about to move it back to Fegdora 23.
I still run my router on OPNSense though, fantastic bsd-based router OS.

>>57300797
Cool, I'm planning on a NAS/FTP/Plex server, and I also want to set up a pfSense router. I have no experience with BSD so we'll see how it goes I guess...

>>57299142
You could also jail it in FreeBSD and block all traffic for that jail's IP.

Anyway, I see people talking about chrooting Firefox in OpenBSD. How is this done exactly?