Category Archives: FreeBSD

IT Security Brothers (http://itsb.pro)

Hi guys, I would like to present you our new project IT Security Brothers http://itsb.pro
We provide pentest, consultations and IT outsourcing services.
Feel free to hire us for IT jobs.

FreeBSD 8.0 -> 8.2 csup

upgrade freebsd

root@asterisk /etc/csup # ls
doc-all    ports-all  src-all    src-sys
root@asterisk /etc/csup # cat src-all
*default host=cvsup5.ru.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_8_2
*default delete use-rel-suffix
*default compress src-all

next

root@asterisk /etc/csup # csup src-all
root@asterisk /etc/csup # cd /usr/src && make cleandir && make buildworld
root@asterisk /usr/src # make buildkernel KERNCONF=MYKERNEL
root@asterisk /usr/src # make installkernel KERNCONF=MYKERNEL
root@asterisk /usr/src # reboot
root@asterisk /usr/src # mergemaster -p
root@asterisk /usr/src # make installworld
root@asterisk /usr/src # make delete-old
root@asterisk /usr/src # make delete-old-libs
root@asterisk /usr/src # mergemaster -iFU// very carefully !!
root@asterisk /usr/src # reboot

FreeBSD: disable sendmail completely

1. Edit /etc/rc.conf:

#sendmail disable
sendmail_enable="NO
«
sendmail_submit_enable=»NO
«
sendmail_outbound_enable=»NO
«
sendmail_msp_queue_enable=»NO"

But this is not enough, because Demon periodic it will still run to send all notices to user root, next:

2. cp /etc/defaults/periodic.conf /etc/periodic.conf

3. Edit /etc/periodic.conf:

daily_output="/var/log/daily.log
«
weekly_output=»/var/log/weekly.log
«
monthly_output=»/var/log/monthly.log"

4. echo «NO_SENDMAIL=true» >> /etc/make.conf

5. shutdown now enterexit or reboot

FreeBSD: vlan

[root@shell]# ifconfig vlan659 create
[root@shell]# ifconfig vlan450 create
[root@shell]# nano /etc/rc.conf

#vlan settings
ifconfig_bge0="up
«
cloned_interfaces=»vlan659 vlan450
«
ifconfig_vlan659=»inet 1.2.3.4 netmask 255.255.255.252 vlan 659 vlandev bge0
«
ifconfig_vlan450=»inet 10.11.12.13 netmask 255.255.255.0 vlan 450 vlandev bge0"

FreeBSD: zsh for created users as default shell

 

If we want to ensure that all users that will be created in the system by default as a shell, and zsh have a certain configuration, then do the following:

cat > /etc/adduser.conf
passwdtype=yes
homeprefix=/home
defaultshell=/usr/local/bin/zsh

Next, take your config for zsh and make it default for all:

cp ~/.zshrc /etc/zshrc

At creation of the new user there will be an invitation to configure zsh, but we do not need this:

cat > /usr/share/skel/dot.zshrc



FreeBSD: update portage tree

Create config for update portage tree via csup

[root@shell]# cat >> /etc/csup/ports-all < < END
*default host=cvsup5.ru.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
*default compress ports-all
END

run update:

[root@shell]# csup /etc/csup/ports-all

add this command to /etc/crontab for daily update

next, update system and kernel sources:

Continue reading FreeBSD: update portage tree

FreeBSD 7-8 Exploit & Patch

Local Exploit ups right from the ordinary user to root.

http://seclists.org/fulldisclosure/2009/Nov/371

Launches the exploit from the user and get the root rights.

Patching:

cd /usr/src/libexec/rtld-elf
cp rtld.c rtld.c.bak
ee rtld.c

Find the part of the file:

if (!trust) {
unsetenv (LD_ «PRELOAD»);
unsetenv (LD_ «LIBMAP»);
unsetenv (LD_ «LIBRARY_PATH»);
unsetenv (LD_ «LIBMAP_DISABLE»);
unsetenv (LD_ «DEBUG»);

and change it to:

if (!trust) {
if (unsetenv (LD_ «PRELOAD») || unsetenv (LD_ «LIBMAP») ||
unsetenv (LD_ «LIBRARY_PATH») || unsetenv (LD_ «LIBMAP_DISABLE») ||
unsetenv (LD_ «DEBUG») || unsetenv (LD_ «ELF_HINTS_PATH»)) {
_rtld_error («environment corrupt; aborting»);
die ();
}
}

Next, write a make && make install, now you can check again exploit, it's work.

FreeBSD: Update the ports tree

Method # tricky (because I am about him not even guess, although should be):

[shell@root]# cd /usr
[shell@root]# rm -rf ports
[shell@root]# sysinstall -> Configure -> Distribution -> ports -> ftp ->choose ftp server with which to merge the ports.

[shell@root]# ls /usr //if you see a catalog of ports — then everything is OK.