Irregular Expressions » freebsd

Building a FreeBSD MAC Kernel – Part 2

Dan O'Connor — Fri, 21 May 2010 14:46:35 +0000

Once the sync is completed go to /usr/src

cd /usr/src/

There is a sys/ dir in under src/ in sys/ there is a listing of possible architectures you can build a kernel for, inside the one you select there is a conf/ dir.

If you do a ‘ls’ in the conf/ dir you will see the possible pre-built kernel configs you can select from. In the MAC config you will see a few options to uncomment. Remove the # from infront of ‘options MAC_BIBA’.

options        MAC
options        MAC_BIBA                # BIBA data integrity policy

Once you are done that go back to /usr/src/ and you can start to make the kernel.

make buildkernel KERNCONF=MAC
make installkernel KERNCONF=MAC

That’s the build completed but there is a few more steps to configuring biba on your system to come.

Building a FreeBSD MAC Kernel – Part 1

Dan O'Connor — Tue, 18 May 2010 18:42:39 +0000

No not a Mac as in Apple, a MAC as in mandatory access control kernel with biba!

To build your own MAC kernel or any FreeBSD kernel you will need to get the source tree, you can do this by using cvsup and a config file.

Mine is called supfile, and it looks like this.

*default tag=RELENG_7_2_0_RELEASE
*default host=cvsup3.jp.FreeBSD.org
*default prefix=/usr
*default base=/var/db
*default release=cvs delete use-rel-suffix compress

src-all

You will have to change the release as needed and you may want to pick another host. Once you have the file install cvsup.

pkg_add -rv cvsup-without-gui

Or you can use the ports tree if you want to, its under /usr/ports/devel/

Now run cvsup to download the tree.

cvsup /usr/supfile

And wait.

Verifying System Integrity

Dan O'Connor — Tue, 16 Feb 2010 03:28:48 +0000

The team at isc.sans.org has an BETA version of hash checking application. http://isc.sans.org/tools/hashsearch.html

I tired a few files from a FreeBSD machine I have, but it was not able to locate a match. I am sure there would have been more success if files from a Windows based system had been tried.

This will be an excellent tool to verify the integrity of files on systems, more then once I have been in a situation where I needed to validate the integrity of a file with out a know good sample available.

If the status of a machine is in question I would not even collect the has off the system while it is running, booting into a liveCD like Knoppix ( http://www.knoppix.org/ ) or my favorite FreeBSD ( http://www.freebsd.org/where.html ) is the best way to ensure the integrity of the hash.

On freebsd you can use the md5 or sha1 command.

> md5 /lib/libc.so.7
MD5 (/lib/libc.so.7) = e16f4e5c137bd7f445b32733f45ac268