Archive > 16.7 Legacy Series

New HardenedBSD Build

(1/3) > >>

lattera:
I'm excited to announce yet another experimental OPNsense + HardenedBSD build! This build brings OpenSSL updates along with more HardenedBSD 11-CURRENT goodness. Also in the build is a brand spankin' new feature called Integriforce Whitelist.

Integriforce is a feature in which all executable files along with the shared objects they depend on in the filesystem are hashed. The hashes are loaded into the kernel and when it comes time to execute an application, the hash is checked. If the hash doesn't match, execution is forbidden. Where whitelisting comes into play is if an application or the shared objects it depends on is not in the list of hashes at all, execution is forbidden.

So, you get two things: data integrity of executables and application whitelisting. The NSA recently stated that application whitelisting along with exploit mitigations make their lives extremely difficult.

I haven't had the time to fix wireless (major changes involved), debug pfsync, or fix binary updates. So those usual caveats apply here. To update an existing installation: backup your config, reinstall, restore your config.

Download here

weust:
As before I will try out the installation on Hyper-V.
Hopefully the network adapter is detected this time.

Downloading has to wait a bit longer it seems.
The site it quite unresponsive atm. Getting time outs.

lattera:

--- Quote from: weust on March 06, 2016, 10:25:52 pm ---As before I will try out the installation on Hyper-V.
Hopefully the network adapter is detected this time.

--- End quote ---

Thanks! There have been a lot of Hyper-V related commits by upstream FreeBSD, especially related to networking.


--- Quote from: weust on March 06, 2016, 10:25:52 pm ---Downloading has to wait a bit longer it seems.
The site it quite unresponsive atm. Getting time outs.

--- End quote ---

Hey Franco, think you could mirror the files? ;)

franco:
Thanks, Shawn, super cool! I've added the files to the mirror and they are currently syncing, try any of these in a few hours:

https://opnsense.c0urier.net/snapshots/hbsd-exp-09/ (Sweden)
http://mirror.wjcomms.co.uk/opnsense/snapshots/hbsd-exp-09/ (UK)
http://mirror.sfo12.us.leaseweb.net/opnsense/snapshots/hbsd-exp-09/ (US West Coast)
http://mirrors.nycbug.org/pub/opnsense/snapshots/hbsd-exp-09/ (US East Coast)
https://opnsense.aivian.org/snapshots/hbsd-exp-09/ (China)

lattera:
Thanks a lot, Franco! I appreciate it!

Navigation

[0] Message Index

[#] Next page

Go to full version