security

Could anyone recommend any website pen testing software for FreeBSD? I have used vega scan in the past on Linux. But I don't know what tools are available for FreeBSD. I've done as much manual testing as I can think of so I'm looking for something automated. Thanks!

Hello, My new server is 13.2 and port security/zebedee does not exist, But I had it in 12.x . Does it has security problem to removed ?

Does the tpm2 driver in freebsd does have in-kernel RM similar to what is available in Linux via /dev/tpm0rm0 ? This is the preferred solution apparently in Linux instead of using the tpm2-abrmd stack. This tpm2-abrmd is dependent on dbus.

Hello all, my first post! Been using FreeBSD for a week or two now and I wanted to secure the simple things right away as is my nature. I wrote a Python script that can set and re-set: rc.conf sysctl.conf loader.conf login.conf Along with a set of mitigations that I've gathered over the...

This topic provides a solution on how to make own Proxy serwer, on a FreeBSD operating system, using Stunnel validated with public-key cryptography between Stunnel server and Stunnel client, for use by a web browser. The primary benefit is that, unlike other VPN, the client does not require...

Anybody using security/acme.sh might want to upgrade: security/acme.sh runs arbitrary commands from a remote server! If you're using HiCA, you surely want to revoke & renew your certs (with a more trustworthy CA). See this GitHub issue: https://github.com/acmesh-official/acme.sh/issues/4659

Is there a security oriented memory allocator for FreeBSD like GrapheneOS/Linux's Hardened_malloc library https://github.com/GrapheneOS/hardened_malloc or OpenBSD's Otto-malloc https://man.openbsd.org/malloc.3 where you can enable additional checks? I'd like to do additional hardening on some of...

I've finally enabled w^x for on 13.1-RELEASE-p1: # sysctl -a |grep wx kern.elf32.allow_wx: 0 kern.elf64.allow_wx: 0 For the usual suspects that struggle with this, I've used elfctl or proccontrol to circumvent the restriction. Unfortunately, I've come across one program that persistently...

I do not have a static IP for my computer connected by fiber to home. My ISP assigns an IP address by DHCP, is there a way of making my ISP's router at my home remember the address assigned to me by local settings? I do not fully understand but this URL to a how-to guide points to a method...

Somewhat duplicating portions of what I posted on a different thread, to provide context : Tried installation from the Ports tree, I was doing that to understand the process of installing software from source using the Ports collection. There were error messages while running...

After a couple of years, I have started to use FreeBSD again. Previously I was using Linux, and in all my servers I have installed "PSAD" package, which detect the Port Scanners IP addresses and bans them through IPTabels rules. I have searched the same in FreeBSD but does not exit. something...

Heads up: So, this turned out to be very long. Longer than I anticipated before I started writing. Also, I'm not completely certain whether this shouldn't have gone into user space programing. Since it's still very much tied into base, I'll leave it here for the moment and ask the moderators to...

Has anyone got a good reference for how to set up krb5p security? I've got NFSv4 running fine without security, but that kerberos setup has been a major pain in the neck. There doesn't seem to be much logging going on, no matter how much -d or -h's I use. It appears, Wireshark is my only utility...

$ gpg --allow-non-selfsigned-uid --no-default-keyring --keyring /tmp/tmp.s7YEIIZX --import /tmp/tmp.oVtOGme1 ... gpg: invalid armor header: mQINBF+5ojQBEADSqQjD4h1lOwAGgmz4dK0Zf4JkoJCpQ7jw2B5jigNySdKf1rQN\n gpg: CRC error; DDCBB0 -...

The .zfs snap directory is world readable. Is this not a security concern ? zpool set listsnapshots=on tank

Security can be anything. Currently issues are spread over the forum ?

I notice that after successful installation of KDE on FreeBSD, there are many files linked into the kernal, as shown by the command "kldstat". (1) I wondering where is this configured - what file(s)? I checked /boot/loader.conf and /etc/rc.conf and couldn't find them there. (2) Is there a...

There are several tutorials and guides on how to install OpenVAS on FreeBSD; however, recently OpenVAS was renamed to Greenbone Security Assistant, spread across multiple packages and now no longer fits any of the past setup descriptions. After wading through the documentation myself, I figured...

Stories about ransomware and malware corruption seem to be on the increase. They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals. Colonial paid 4.4 million. There is a story in Wired about a theft of RSA SecureID seeds from an air-gapped...

My Thinkpad T480 suspends and resumes successfully and with no problems. However, I noticed that if I hit Ctrl-C a few times during the resume process, I kill X and the screen saver and get a password-free access to the shell. This is a major vulnerability and I hope there is a fix for it. Has...