Category Archives: FreeBSD

IT Security Brothers (

Hi guys, I would like to present you our new project IT Security Brothers
We provide pentest, consultations and IT outsourcing services.
Feel free to hire us for IT jobs.

FreeBSD 8.0 -> 8.2 csup

upgrade freebsd

root@asterisk /etc/csup # ls
doc-all    ports-all  src-all    src-sys
root@asterisk /etc/csup # cat src-all
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=RELENG_8_2
*default delete use-rel-suffix
*default compress src-all


root@asterisk /etc/csup # csup src-all
root@asterisk /etc/csup # cd /usr/src && make cleandir && make buildworld
root@asterisk /usr/src # make buildkernel KERNCONF=MYKERNEL
root@asterisk /usr/src # make installkernel KERNCONF=MYKERNEL
root@asterisk /usr/src # reboot
root@asterisk /usr/src # mergemaster -p
root@asterisk /usr/src # make installworld
root@asterisk /usr/src # make delete-old
root@asterisk /usr/src # make delete-old-libs
root@asterisk /usr/src # mergemaster -iFU// very carefully !!
root@asterisk /usr/src # reboot

FreeBSD: disable sendmail completely

1. Edit /etc/rc.conf:

#sendmail disable

But this is not enough, because Demon periodic it will still run to send all notices to user root, next:

2. cp /etc/defaults/periodic.conf /etc/periodic.conf

3. Edit /etc/periodic.conf:


4. echo «NO_SENDMAIL=true» >> /etc/make.conf

5. shutdown now enterexit or reboot

FreeBSD: vlan

[root@shell]# ifconfig vlan659 create
[root@shell]# ifconfig vlan450 create
[root@shell]# nano /etc/rc.conf

#vlan settings
cloned_interfaces=»vlan659 vlan450
ifconfig_vlan659=»inet netmask vlan 659 vlandev bge0
ifconfig_vlan450=»inet netmask vlan 450 vlandev bge0"

FreeBSD: zsh for created users as default shell


If we want to ensure that all users that will be created in the system by default as a shell, and zsh have a certain configuration, then do the following:

cat > /etc/adduser.conf

Next, take your config for zsh and make it default for all:

cp ~/.zshrc /etc/zshrc

At creation of the new user there will be an invitation to configure zsh, but we do not need this:

cat > /usr/share/skel/dot.zshrc

FreeBSD: update portage tree

Create config for update portage tree via csup

[root@shell]# cat >> /etc/csup/ports-all < < END
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
*default compress ports-all

run update:

[root@shell]# csup /etc/csup/ports-all

add this command to /etc/crontab for daily update

next, update system and kernel sources:

Continue reading FreeBSD: update portage tree

FreeBSD 7-8 Exploit & Patch

Local Exploit ups right from the ordinary user to root.

Launches the exploit from the user and get the root rights.


cd /usr/src/libexec/rtld-elf
cp rtld.c rtld.c.bak
ee rtld.c

Find the part of the file:

if (!trust) {
unsetenv (LD_ «PRELOAD»);
unsetenv (LD_ «LIBMAP»);
unsetenv (LD_ «LIBRARY_PATH»);
unsetenv (LD_ «LIBMAP_DISABLE»);
unsetenv (LD_ «DEBUG»);

and change it to:

if (!trust) {
if (unsetenv (LD_ «PRELOAD») || unsetenv (LD_ «LIBMAP») ||
unsetenv (LD_ «LIBRARY_PATH») || unsetenv (LD_ «LIBMAP_DISABLE») ||
unsetenv (LD_ «DEBUG») || unsetenv (LD_ «ELF_HINTS_PATH»)) {
_rtld_error («environment corrupt; aborting»);
die ();

Next, write a make && make install, now you can check again exploit, it's work.

FreeBSD: Update the ports tree

Method # tricky (because I am about him not even guess, although should be):

[shell@root]# cd /usr
[shell@root]# rm -rf ports
[shell@root]# sysinstall -> Configure -> Distribution -> ports -> ftp ->choose ftp server with which to merge the ports.

[shell@root]# ls /usr //if you see a catalog of ports — then everything is OK.