I'm not aware of any of the Juniper FW/VPN products that do SSL VPN (the Juniper Neoteris does, and it does it excellently and gracefully, but it's not a firewall and it won't do IPSec all by it's lonesome); all of their FW/VPN offerings (including the low-end for-soho-use fw's) do IPSec and L2TP+IPSec.
There are various programs/scripts that deal with ssh scanning, but that's a really nice angle to it. I've been using DenyHosts on my production servers (it's in ports, I'm running 6.0-RELEASE on sparc and x86) and it's been working a treat.
To name a few other ways to handle it, there's fwscan.sh, DenyHosts, fail2ban, blockhosts, bruteforceblocker (uses pf) and i'm sure i'm missing a bunch of others.
WTF? I can't remember the last time I saw FreeBSD ports break. Not even a SINGLE package.
OK, do me a favor and get yourself a FreeBSD box. as root, go into/usr/ports/misc/instant-workstation and run a "make install clean" and let me know if that works for you. Hasn't worked for me in ages. There's no way to get a quick desktop with FreeBSD without doing a bunch of work -- installing X, a desktop and then X apps so that you can actually use it (firefox, gaim, xmms/rhythmbox et al).
as I understand it, Trusted Solaris will/has become an extention to the Solaris 10 OE, so the issue would probably be porting the solaris kernel and userland changes to OpenSolaris so that it can then be ported over to this OS.
the Belenix Live CD of OpenSolaris here is not bad; needs work from a user's perspective, but as a "this is what solaris looks like, without having to install it" perspective, it's great. Needs polish (more apps installed, a smoother boot if possible, a configured.bash_profile:), maybe webmin pre-installed so that you can tinker with the OS itself easier etc) IMO, but it's great that they were able to do it at all.
Reminds me of the Samuel Johnson qoute: "...like a dog's walking on his hind legs. It is not done well; but you are surprised to find it done at all."
don't worry, they have lots of oxen.
I'd be interested in seeing a google-simple UI to OSU's "maintain" DNS and DHCP program (although maintain is already a simplification of isc's dhcp and djbdns, something like that would be a real boon to admins who don't want to deal with dhcp and dns via CLI all the time).
building ports in the "cd/usr/ports/misc/package && make install clean" manner does leave install stuff behind in/usr/ports/distfiles and in the work directory (if you don't do a make distclean in/usr/ports), so that may be what the parent was referring to.
When will apt finally replace/usr/ports in FreeBSD?
Is this something that's like, wildly wanted? Most FreeBSD users seem to like ports...and if you're in a hurry or using old hardware, there's always pkg_add -r [packagename]. I do love apt, but why bother?
the point is to help minimize your risks. depending on your thresholds for false positives and how many of those you get, an IDP is a fucking godsend. I personally know of two networks tied at the hip (legally, physically and contractually etc) but seperate in management and mission etc and the only real difference between them is that the one running a commercial IDP (e.g., not Snort; I know the company, and the products, but am avoiding mentioning them for the slashvertising BS) and the other isn't. The one that isn't has essentially been unable to get to the internet for more than 6 hours in a row in the last 10 days or so, and the one that does hasn't had a virus/trojan/worm moment of downtime. These are large networks with 10K+ users each that are very visible (e.g., lots of public IPs, fairly large local and international precesnse), that folks rely on. The one that's running the IDP may get some false positives and I know that it can be a complete pain to troubleshoot stuff like that, but if the options are a) troubleshoot a mostly working net and a few clients down and b) troubleshoot a mostly dark network and try to get thousands of folks, dozens of VLANs up and running and limiting virus spreading using nothing more than firewall rules and ACLs on routers and switches, I'll take option A any day of the week. Maybe your idea of fun is segregating your network into smaller chunks that you can then divide up amongst techs to do cleanups -- only to be screwed again the next time some jackass decides to bring in a laptop or his USB drive or a CDR full of mp3s and some programs he downloaded or whatever, but I've got better things to do with my time (like deal with the three users who're making false positives happen).
you may want to take a look at http://www.freebsdwiki.net/index.php/USB_storage and consider giving your mountpoint a more generic name if you're going to put different devices on it (assuming that this is your problem with/dev/mp3player pointing to a camera instead of a real mp3player.)
Re:Why FreeBSD is not good for most businesses
on
Why FreeBSD
·
· Score: 1
your experience is valid, but I have two criticisms: FreeBSD documentation is not really hard to find, and in general a lot more centralized than linux docs (although it can be a lot more dreary to read -- it's one of the reasons things like the link in my sig exist) and that FreeBSD really has proven itself as being able to shine in corporate arenas long before linux become a real player in the corporate OS world (hotmail along should pretty much prove that.) Yes, it can be harder to find a decent FreeBSD admin. Conversely, it's a lot easier to find a shoddy linux admin (ie, the type who gets lost without a GUI).
Slashdot Mirror
so have some beer.
Well, consider reading /. before taking viagra...
I'm not aware of any of the Juniper FW/VPN products that do SSL VPN (the Juniper Neoteris does, and it does it excellently and gracefully, but it's not a firewall and it won't do IPSec all by it's lonesome); all of their FW/VPN offerings (including the low-end for-soho-use fw's) do IPSec and L2TP+IPSec.
Agreed, they're great. If you have a lot of users, licenses can be a bit pricey though.
how's that desktop PDP-11 working out for you, btw?
There are various programs/scripts that deal with ssh scanning, but that's a really nice angle to it. I've been using DenyHosts on my production servers (it's in ports, I'm running 6.0-RELEASE on sparc and x86) and it's been working a treat. To name a few other ways to handle it, there's fwscan.sh, DenyHosts, fail2ban, blockhosts, bruteforceblocker (uses pf) and i'm sure i'm missing a bunch of others.
OK, do me a favor and get yourself a FreeBSD box. as root, go into /usr/ports/misc/instant-workstation and run a "make install clean" and let me know if that works for you. Hasn't worked for me in ages. There's no way to get a quick desktop with FreeBSD without doing a bunch of work -- installing X, a desktop and then X apps so that you can actually use it (firefox, gaim, xmms/rhythmbox et al).
yes, but the Network Stalin Protocol is still being worked out. (with my luck, someone will link to an RFC for NSP....)
Uh....he didn't say he was going to live for free in cuba
are you browsing with the new, porn-redirecting IE yet?
so move to kansas and be safe from darwinism. common sense, really.
oooh....the common sense dollar! that's a big market!
as I understand it, Trusted Solaris will/has become an extention to the Solaris 10 OE, so the issue would probably be porting the solaris kernel and userland changes to OpenSolaris so that it can then be ported over to this OS.
Reminds me of the Samuel Johnson qoute: "...like a dog's walking on his hind legs. It is not done well; but you are surprised to find it done at all."
don't worry, they have lots of oxen. I'd be interested in seeing a google-simple UI to OSU's "maintain" DNS and DHCP program (although maintain is already a simplification of isc's dhcp and djbdns, something like that would be a real boon to admins who don't want to deal with dhcp and dns via CLI all the time).
fool! it's the illuminati!
building ports in the "cd /usr/ports/misc/package && make install clean" manner does leave install stuff behind in /usr/ports/distfiles and in the work directory (if you don't do a make distclean in /usr/ports), so that may be what the parent was referring to.
Is this something that's like, wildly wanted? Most FreeBSD users seem to like ports...and if you're in a hurry or using old hardware, there's always pkg_add -r [packagename]. I do love apt, but why bother?
i think you meant "grammer" editor.
the point is to help minimize your risks. depending on your thresholds for false positives and how many of those you get, an IDP is a fucking godsend. I personally know of two networks tied at the hip (legally, physically and contractually etc) but seperate in management and mission etc and the only real difference between them is that the one running a commercial IDP (e.g., not Snort; I know the company, and the products, but am avoiding mentioning them for the slashvertising BS) and the other isn't. The one that isn't has essentially been unable to get to the internet for more than 6 hours in a row in the last 10 days or so, and the one that does hasn't had a virus/trojan/worm moment of downtime. These are large networks with 10K+ users each that are very visible (e.g., lots of public IPs, fairly large local and international precesnse), that folks rely on. The one that's running the IDP may get some false positives and I know that it can be a complete pain to troubleshoot stuff like that, but if the options are a) troubleshoot a mostly working net and a few clients down and b) troubleshoot a mostly dark network and try to get thousands of folks, dozens of VLANs up and running and limiting virus spreading using nothing more than firewall rules and ACLs on routers and switches, I'll take option A any day of the week. Maybe your idea of fun is segregating your network into smaller chunks that you can then divide up amongst techs to do cleanups -- only to be screwed again the next time some jackass decides to bring in a laptop or his USB drive or a CDR full of mp3s and some programs he downloaded or whatever, but I've got better things to do with my time (like deal with the three users who're making false positives happen).
SunOS: the reason firewalls were invented.
don't worry, the repost will be.
you may want to take a look at http://www.freebsdwiki.net/index.php/USB_storage and consider giving your mountpoint a more generic name if you're going to put different devices on it (assuming that this is your problem with /dev/mp3player pointing to a camera instead of a real mp3player.)
your experience is valid, but I have two criticisms: FreeBSD documentation is not really hard to find, and in general a lot more centralized than linux docs (although it can be a lot more dreary to read -- it's one of the reasons things like the link in my sig exist) and that FreeBSD really has proven itself as being able to shine in corporate arenas long before linux become a real player in the corporate OS world (hotmail along should pretty much prove that.) Yes, it can be harder to find a decent FreeBSD admin. Conversely, it's a lot easier to find a shoddy linux admin (ie, the type who gets lost without a GUI).
"Do you want to install Flash? Y/n"
y
This will change repositories and update your system to include flash in your browser(s) etc. Sure?
Why not include the multiple repositories that you need to install all the desktop stuff in different apt.conf files?