security

  1. Cath O'Deray

    Log out everywhere; from all devices

    At <https://forums.freebsd.org/account/security> I could not see an obvious way to log out from all devices. So, in Firefox on FreeBSD, I: enabled multifactor authentication backed up codes changed my password logged out logged in. A simple reload of a logged-in Forums page in Firefox on...
  2. S

    general/other Internet facing server: FreeBSD or SmartOS hypervisor?

    I'm not quite sure where to ask this (networking, firewalls, network services or emulation might also work); mods please move if there's a better location. I've got a server currently running Windows-only software for my IP camera monitoring and I'd like to use it as a public facing web server...
  3. G

    Is an update coming to fix Firefox after 2024-51?

    I am in triple boot and on my two Linux distros there were updates to fix the critical vulnerability 2024-51. Does anyone know if there is work being done on that and if there will be an update for FreeBSD as well soon? (as I understand it all versions of Firefox are affected) Or did I miss...
  4. J

    FIDO2 security key (Yubikey 5 NFC) and Webauthn

    I recently try to use a Yubikey 5 NFC (via USB) with FreeBSD. I installed the packages libfido2-1.15.0 and py311-yubikey-manager-5.2.0, which respectively provide the fido2-token and ykman tools that seem to work just fine. However, when I try to go to https://webauthn.io/ and try using my...
  5. I

    Why are checksums different for the exact same package from "latest" and "quarterly"?

    I'm wondering why the checksums for exactly the same package for "latest" and "quarterly" are different. For example, these two are from "latest" of "FreeBSD:14:amd64": {"name":"bhyve-firmware","origin":"sysutils/bhyve-firmware","version":"1.0_2","comment":"Collection of Firmware for...
  6. I

    How to harden sshd_config to allow only 1 user to be logged in at any given time?

    How do I harden my sshd_config to allow only 1 user to be remotely logged in at any given time? (A non-admin/wheel and not-root user will login remotely, then upgrade (ie. "su -l admin) to admin/wheel, and then to root should be counted as the same user being logged in at any given time.) I...
  7. I

    How do I protect my host from rogue DHCP servers?

    So I have FreeBSD 14.0 with several real network interfaces (em0, igb0, wlan0, wlan1) and several loopback interfaces for jails. This configuration isn't final yet as I'm still experimenting. One of the real interfaces is facing the ISP, obviously, and hence it's configured by dhclient. It could...
  8. Lars Skogstad

    Questions regarding chkrootkit and Syslogk LKM rootkit

    Hi Did a random scan today with chkrootkit and rkhunter, chkrootkit gave me a warning: "Searching for Syslogk LKM rootkit... INFECTED: Possible Malicious Syslogk LKM rootkit installed" Anyone know anything about if this is normal error and can be ignored or if it can be something else? I...
  9. I

    Intel’s Total Memory Encryption

    Is Intel’s Total Memory Encryption (Multi-Key) feature supported in FreeBSD? And if so, how to enable it?
  10. I

    Attack Discovered Against SSH - is FreeBSD vulnerable?

    I have a concern about the recent news regarding the newly discovered SSH attacks, when "ChaCha20-Poly1305" or "CBC with Encrypt-then-MAC" is used. So, if we set up a server (sshd) or using it as a client (ssh) as default, would this vulnerability be relevant?
  11. Cath O'Deray

    Security: end of life dates for FreeBSD stable/12, 12.4, and stable/13

    stable/12 and 12.4 31st December 2023 <https://lists.freebsd.org/archives/freebsd-announce/2023-December/000113.html> stable/13 30th April 2026 <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273795#c4>
  12. J

    ZFS Security issues with snapshots for (longer term) backups

    I use ZFS snapshots and mirroring (both on a harddrive that is permanently connected and on harddrives that aren't always connected) as a means of keeping backups of my data. Using the snapshots, I can go back in time if I accidentally delete files or something else happened to my data on the...
  13. Cath O'Deray

    Security: Xfce screen locking with a laptop lid and multiple displays

    With an external display connected: closing the lid does not lock lock the screen. Is there a workaround? Essentially: for locking to succeed.
  14. LibreQuest

    Solved Website pen testing software

    Could anyone recommend any website pen testing software for FreeBSD? I have used vega scan in the past on Linux. But I don't know what tools are available for FreeBSD. I've done as much manual testing as I can think of so I'm looking for something automated. Thanks!
  15. m_pahlevanzadeh

    zebedee and 13.2

    Hello, My new server is 13.2 and port security/zebedee does not exist, But I had it in 12.x . Does it has security problem to removed ?
  16. L

    In kernel resource manager for tpm2 driver

    Does the tpm2 driver in freebsd does have in-kernel RM similar to what is available in Linux via /dev/tpm0rm0 ? This is the preferred solution apparently in Linux instead of using the tpm2-abrmd stack. This tpm2-abrmd is dependent on dbus.
  17. Wravoc

    My FreeBSD hardening script

    Hello all, my first post! Been using FreeBSD for a week or two now and I wanted to secure the simple things right away as is my nature. I wrote a Python script that can set and re-set: rc.conf sysctl.conf loader.conf login.conf Along with a set of mitigations that I've gathered over the...
  18. Z

    Create own proxy server on FreeBSD using Stunnel and 3proxy software with public key cryptography verification between the Stunnel server and Stunnel.

    This topic provides a solution on how to make own Proxy serwer, on a FreeBSD operating system, using Stunnel validated with public-key cryptography between Stunnel server and Stunnel client, for use by a web browser. The primary benefit is that, unlike other VPN, the client does not require...
  19. J

    acme.sh runs arbitrary commands from a remote server

    Anybody using security/acme.sh might want to upgrade: security/acme.sh runs arbitrary commands from a remote server! If you're using HiCA, you surely want to revoke & renew your certs (with a more trustworthy CA). See this GitHub issue: https://github.com/acmesh-official/acme.sh/issues/4659
  20. V

    Hardened malloc() for FreeBSD

    Is there a security oriented memory allocator for FreeBSD like GrapheneOS/Linux's Hardened_malloc library https://github.com/GrapheneOS/hardened_malloc or OpenBSD's Otto-malloc https://man.openbsd.org/malloc.3 where you can enable additional checks? I'd like to do additional hardening on some of...
Back
Top