# Learning FreeBSD



## int0x50 (Jul 23, 2021)

I have a general question. I would like to learn about these:

. internals of FreeBSD - the kernel, design, administration; etc
. programming - writing drivers, fixing things, writing C based applications; etc.
. security - the security features available, i would like to contribute as well, like scurity review, fixing; etc

I going through the handbook, currently.

Please suggest links, videos, blogs, books or anything I should look into.


----------



## Geezer (Jul 23, 2021)

int0x50 said:


> writing C based applications
> 
> Please suggest links, videos, blogs, books or anything I should look into.








						Amazon.com: C Programming Language, 2nd Edition: 8601410794231: Brian W. Kernighan, Dennis M. Ritchie: Books
					

Amazon.com: C Programming Language, 2nd Edition: 8601410794231: Brian W. Kernighan, Dennis M. Ritchie: Books



					www.amazon.com


----------



## SirDice (Jul 23, 2021)

int0x50 said:


> . internals of FreeBSD - the kernel, design, administration; etc


"The design and implementation of the FreeBSD operating system". There's a first edition that's a little old, get the second edition. (it seems there's a third edition now too, if there is get that one).


----------



## Crivens (Jul 23, 2021)

FreeBSD Device Drivers


----------



## a6h (Jul 23, 2021)

If you can afford to buy multiple books, follow "The [ordered] Roadmap". Otherwise, start with following materials. Official books/articles are free!

1. RTFM (man 1-9) +  studying /src + /ports
2. STFW
3. FreeBSD official books/article
4. grymoire.com
5. The C Programming Language 2nd by K&R
6. The Design and Implementation of the FreeBSD Operating system 2nd by McKusick

>>> The [ordered] Roadmap <<<

*I. RTFM:*
* man(1-9)
* pulled /src and /ports

*I. STFW:*
* site:forums.freebsd.org
* site:lists.freebsd.org
* site:bugs.freebsd.org
* site:github.com/freebsd

*I. 101*
1. Official FreeBSD Book: FreeBSD Handbook
2. Official FreeBSD Book: Frequently Asked Questions for FreeBSD
3. Official FreeBSD Article: Frequently Asked Questions About The FreeBSD Mailing Lists

*II. Shell/Admin:*
1. Beginning Portable Shell Scripting by Seebach
2. Official FreeBSD Article: Practical rc.d scripting in BSD
3. Official FreeBSD Book: FreeBSD Porter's Handbook
4. Official FreeBSD Article: Writing FreeBSD Problem Reports

*III. C:*
1. The C Programming Language 2nd by K&R
2. C A Reference Manual 5th by Harbison
3. Expert C Programming by Linden

*IV. Architecture:*
1. Official FreeBSD Book: Architecture Handbook
2. Official FreeBSD Book: Developers' Handbook
3. The Design and Implementation of the FreeBSD Operating system 2nd by McKusick
4. Official FreeBSD Article: FreeBSD Release Engineering
5. Official FreeBSD Article: Committer's Guide

*V. Advanced/Security:*
1. TCP/IP Illustrated vol.1 by Stevens
2. Advanced Programming in the Unix Environment by Stevens
3. UNIX Network Programming vol.1 by Stevens
4. Applied Cryptography 2nd by Schneier
5. Hacking The Art of Exploitation 2nd by Erickson

*[ VI. Nice extra stuff! ]*
1. UNIX System Administration by Hein
2. Sed and Awk by Robbins
3. Introduction to Algorithm by Cormen
4. The Practice of Programming by Keringhan
5. Modern Operating systems by Tanenbaum


----------



## astyle (Jul 23, 2021)

vigole said:


> 5. Modern Operating systems by Tanenbaum


I actually have that one... Tanenbaum's stuff is rather dry, and it takes some time for it to sink in. But once it does, it's incredible how things begin to add up to a VERY solid foundation.


----------



## George (Jul 23, 2021)

The book "FreeBSD device drivers for the intrepid", unfortunately, hasn't been updated in a while. Many examples won't compile (be warned). I think it is somewhere on github as pdf.

Last year I was thinking about making a Video series on the FreeBSD Kernel, or on how to write device drivers. I thought of this order:
Introduction.
How download the source code.
how to use kldload, kldunload, memstat -m.
write a hello world driver.
Compilation issues.
introduce sysctls.
Introduce Makros such as DEV_MODULE, DRIVER_MODULE and the likes.
dev entries and MAKE_DEVICE.
Kernel buffer.
... and so on..

In the end, it is not difficult. All you need is c. Imo even a script kiddy can be taught to write drivers.


----------



## int0x50 (Jul 23, 2021)

thank you very much to all. 

I think I have to add few more clarity. 

The internals, programing and security, I want to learn that is specific to the FreeBSD world.

I have been programming C for many years and my specialization is into Cyber security. My area of working is into malware analysis, security code review, writing fuzzing tools, conducting penetration testing.


----------



## a6h (Jul 24, 2021)

int0x50 said:


> My area of working is into malware analysis, security code review, writing fuzzing tools, conducting penetration testing.


In that case:

* I suppose you're familiar with gdb, gcc, strace, *ELF*, etc. Also malware analysis implies you should know things about *binary analysis* too.
* There're many books; most of them useless -- nearly all books on this planet is useless! I won't waste time to read one of those. I rather spend time on Number Theory -- helpful in crypt* ... .
* There're few useful blogs, which I'm sure you're familiar with it.
* There's zero benefit from watching videos and nearly all infosec(cringe word BTW) security-related websites are _click-baiting ^C/^V SEO operations_!
* *BUT* fortunately, most of the BSD-related blogs/websites, e.g. FreeBSD, OpenBSD, etc. are not in that camp. vermaden often posts under "Valuable News" title. You can follow those links and discover new BSD-related blogs/websites. He's not a slouch, he know what he's doing.

* You didn't mention which platform you're familiar with, and you didn't mention *C++* either, so I think you're a [former-]Linux user not a Windows one. To shape your expertise toward FreeBSD: learn about CLANG and lldb. I prefer GDB! There's also dtrace, and you have to know ins and outs of ELF too -- but I'm sure you're already there, *malware analysis *(quote: "your area of working") demands that. Learn about ZFS, jail, FS and boot/partition in the context of FreeBSD. Unlike OpenBSD, building a custom kernel is a thing here. Learn how to do that. You need VMM, learn how to use bhyve.


----------



## Geezer (Jul 24, 2021)

int0x50 said:


> I have been programming C for many years and my specialization is into Cyber security. My area of working is into malware analysis, security code review, writing fuzzing tools, conducting penetration testing.



I am a bit lost.


----------



## astyle (Jul 24, 2021)

What vigole is talking about - it's stuff like taking advantage of memory leaks in C++ to escape detection by security/snort3 and security/oinkmaster, the math behind the cryptography schemes, implementation of GOST (Yes, that is available on FreeBSD).

The usefulness of debuggers is to load a binary in and see which subroutines it tries to call. For example, when a security researcher at Kaspersky Labs loaded the Stuxnet binary into a debugger, it was under a MB worth of compiled code, and it while it was obviously designed to spread from one machine to to another, it took a team of such researchers a few days to figure out what in the world the virus was targeting.

Benefits of learning jails and bhyve - that sets up either a honeypot or a controlled environment that the virus can run rampant in. If your rules can contain it, great. If not - that's a problem that requires attention from you and your customer.


----------



## a6h (Jul 24, 2021)

Thanks astyle and I approve your message! Well said.


----------



## astyle (Jul 24, 2021)

oh, and pen(etration) testing... People who actually do that for a living would not recommend it as a career. People, (especially the ones actually calling the shots at the shop), get awfully pissed about having their own security flaws exposed, and will sooner get you in jail for digital trespassing (and possibly getting in the way of productivity at work) than actually fix the flaws you discover. Good luck trying to use a pen testing contract as a legal defense, even if someone from that shop actually gave you money for performing the testing. Your client (Unless it's the shop's president) risks being fired himself if his boss discovers that the disruption was a result of  hiring someone to hack the network. It's a bit of a gamble to wait until things cool off before confessing that a pen test was conducted, and these are the conclusions / recommendations drawn from that test.


----------



## int0x50 (Jul 24, 2021)

thank you very much vigole. The entire malware industry is very much happening in the windows world. So in that aspect, I am coming from Windows domain. In fact, I started programming from MS DOS 4.01. I am familiar with OllyDBg, IDA static analysis and reverse engineering.

I would not say I am a Linux person, we I used Linux only for penetration testing purpose. However, I very much like the idea of open source and complete control over the system that is running. Since more than malware analysis and penetration testing, I started using computers because I like programming. So I was always interested to see the source code of kernel and other software. I started using Linux from Red Hat 7. I tried using FreeBSD and OpenBSD but didn't actively follow that, most probably the complexity was setting up drivers for my dial-up modems. No virtualization on those days, to try up.

Now I am fully into FreeBSD because, I have been hearning alot on the rock solid thing and I really like the documentation. How many times I struggled in Linux world, for various reasons.

Now my idea is to learn how to look into the FreeBSD kernel, understand the FreeBSD internals (esp from working and administration perspective). If I can, then would like to create tools and do bug fixes. 

and obviously since i am coming from security, i would to learn and contribute to security in FreeBSD.

And the most of the things you mentioned, I agree. I am not a Kali linux guy, who uses tools. I am more like a gentoo linux guy, who loves to compile and create things in C and assembly.

I hope i have made things clear.


----------



## Deleted member 30996 (Jul 24, 2021)

I'm a proponent of the Empirical Paradigm, preferring to get my hands on it to to see what makes things happen as opposed to reading about it. Unless it's something I need to study first to grasp the concept of.

I never got past the part about Ken Thompson in the front of The OpenSolaris Bible before I had a box set up to work with. I had to reference it once or twice but had OpenInidana, OpenSolaris and Solaris SysV boxen. Not to mention a perfectly good copy of The OpenSolaris Bible I've never read.


I do have a Kali Linux 2021.2 box on metal. I have several FreeBSD laptops and  found room for Kali on one of them. Especially since Kali has Firewalk, which is no longer available in the ports tree:

For reference purposes of my wallpaper only.


----------



## hardworkingnewbie (Jul 24, 2021)

Use "marshall kirk mckusick" as search term on Youtube, and you will get a bunch of videos like this, some older some younger.





_View: https://www.youtube.com/watch?v=nwbqBdghh6E_





_View: https://www.youtube.com/watch?v=E04LxKiu79I_





_View: https://www.youtube.com/watch?v=V6AxdJ-jdUg_


There are many more FreeBSD related talks on YouTube.


----------



## astyle (Jul 24, 2021)

hardworkingnewbie : you might want to post screenshots, rather than use tags for embedded media... This was actually discussed in the Music Thread since Thursday:









						Music…
					

None of the videos are showing up today. It was all working yesterday. Is it just me or is it everyone?




					forums.freebsd.org


----------



## grahamperrin@ (Jul 24, 2021)

int0x50 said:


> … my specialization is into Cyber security. …



Maybe of interest: Using procfs For Forensics and Incident Response – DMFR SECURITY


----------



## drhowarddrfine (Jul 24, 2021)

int0x50 said:


> I am familiar with OllyDBg


The best tool I ever used for assembly. I have the source from an older version. Was always wanting to port it to FreeBSD but never had the time.


----------



## kpedersen (Jul 24, 2021)

int0x50 said:


> In fact, I started programming from MS DOS 4.01. I am familiar with OllyDBg, IDA static analysis and reverse engineering.


Another one to try is devel/radare2. It is basically like a TUI version of OllyDbg. It works on Windows, Linux and FreeBSD. I actually made the original port a while back when the tool was a *lot* simpler.

It now also supports patching binaries (My favorite feature of OllyDbg) so you don't need to hack at the binary with a separate hex editor any more .

My main use for it is NOP'ing out DRM (mainly cracking Unity3D for Linux and BX Pro) but I am sure there are more legitimate uses too!

(There is also devel/ghidra but I find it overrated)


----------



## a6h (Jul 25, 2021)

kpedersen said:


> Another one to try is devel/radare2.


Just a heads-up for X-Windows-ers. radare2 is IDA Pro of FLOSS circle. Yes, it's not exactly the same, but if you consider the licence fee variable... it looks same to me.


----------



## int0x50 (Jul 25, 2021)

thank you all.

Yes, Ollydbg is a wonderful tool to use. I think the tool was long stopped in development. Esp, when it comes to binaries written for x64, the latest x32dbg and x64dbg are used widely. Still the same interface like Olly but with lot more functionalities. Like in-memory patching; etc. I am not sure if it is available in FreeBSD.

Thanks for DMFR grahamperrin. I shall look into this.

I have not used radare2, but most of the time I use IDA Free (earlier versions) and mostly get into dynamic analysis using debugger.

I am very much interested to learn FreeBSD (esp the kernel and userspace) from performance and security perspective. thank you everyone for the guidance.

Why not, I might build a FreeBSD based OS used for security engineers. Sorry, if this was too much .


----------



## Phishfry (Jul 25, 2021)

int0x50 said:


> Why not, I might build a FreeBSD based OS used for security engineers.


Release script in section 7.1.1 is a good place to start.








						FreeBSD Release Engineering
					

Describes the approach used by the FreeBSD release engineering team to make production quality releases of the FreeBSD Operating System. It describes the tools available for those interested in producing customized FreeBSD releases for corporate rollouts or commercial productization




					docs.freebsd.org


----------



## Phishfry (Jul 25, 2021)

After mastering release.sh you will want to add packages to your image. Skip ahead to our appliance builders.








						Introduction to NanoBSD
					

This document provides information about the NanoBSD tools, which can be used to create FreeBSD system images for embedded applications, suitable for use on a USB key, memory card or other mass storage media.




					docs.freebsd.org
				








						NanoBSD [BSD Router Project]
					






					bsdrp.net
				








						Poudriere image [BSD Router Project]
					






					bsdrp.net
				




Learning make.conf and src.conf and kernel slimming you can get some very small images.
Starting at 100 Megabytes for the most bare basic image.


----------



## drhowarddrfine (Jul 25, 2021)

int0x50 No. Those are Windows only tools just like Olly was but the source is available. Hmm.

Meh. The FreeBSD tools are fine.


----------



## astyle (Jul 25, 2021)

int0x50 said:


> Why not, I might build a FreeBSD based OS used for security engineers. Sorry, if this was too much .


I'd instead suggest spinning up a FreeBSD VM, and install some tools. No need to reinvent the wheel. 
My frustration with Linux is actually exactly that - there's an uncontrollable proliferation of Ubuntu-based distros that pop up, and then are abandoned after a few years when people discover how much work it is to maintain a whole infrastructure to support what frankly amounts to a few non-default options in the base system.


----------



## int0x50 (Aug 1, 2021)

Phishfry - thanks for pointing to FreeBSD Release Engineering. I shall look into this.

astyle - i agree with you. i think with what Phishfry said, we can do a VM based customization, that can be used in security space.

grahamperrin - thanks for DMFR security.

to everyone, thank you very much, for great information and support.

I started looking from https://docs.freebsd.org/en/books/. there are useful handbook's to start.


----------



## astyle (Aug 1, 2021)

int0x50 said:


> can be used in security space.


You've heard of OpenBSD, have you? They famously claim 'Only two remote holes in the default install, in a heck of a long time!' right on openbsd.org in red font.  I tried playing with OpenBSD at the tail end of my college career, but never made a go of it.

OpenBSD people, IMHO, do loudly claim to be very security-focused, and doing a better job of it than everybody else, here is how - but code audits (both automated and by humans) are time-consuming, and only go so far. Equivalent functionality is relatively easy to implement on FreeBSD, but real security means learning how to load a copy of the Stuxnet binary into devel/gdb, figuring out what the 900-KB binary is even trying to do, and connecting a few dots...


----------



## int0x50 (Aug 2, 2021)

astyle.  i have heard of this aspect of OpenBSD. However, I have not used this as a mainstream OS, because as part of my work, I use Windows and Linux as well. So, my OS'es runs in vm. I used VirtualBox earlier, then switched to KVM (Debian). Now i am fully into FreeBSD using bhyve. 

I think OpenBSD has limited support in bhyve.


----------



## hardworkingnewbie (Aug 2, 2021)

astyle said:


> OpenBSD people, IMHO, do loudly claim to be very security-focused, and doing a better job of it than everybody else, here is how - but code audits (both automated and by humans) are time-consuming, and only go so far. Equivalent functionality is relatively easy to implement on FreeBSD, but real security means learning how to load a copy of the Stuxnet binary into devel/gdb, figuring out what the 900-KB binary is even trying to do, and connecting a few dots...


Well the OpenBSD people are quite fanatic when it comes to security. Security is their main priority, so don't expect OpenBSD to take the performance crown anywhere. For most tasks it is performing ok, but will be most likely always be outperformed by FreeBSD or Linux. 

Security means for them, amongst other things, this: 

* the default system comes with everything turned off. Want to have SSH access? You have to enable it... and so on and on. 
* quite often rebuilding the wheel from scratch with various success because the standard implementation of a well established protocol didn't fit into their philosophy, either license wise or for other reasons. Examples of that are: OpenNTPD, OpenSMTPD, OpenSSH, OpenBGPD, Pf, CARP. Also the LibreSSL fork. OpenSSH is clearly the most popular of these, though.
* if something threatens security they will do cut corners without compromise. When it for example became obvious that hyperthreading is a hardware security issue their response was to turn if off by default. Or dropping loadable kernel module support entirely back in 2014.
* when informed about exploits they've got some of the best in industry response times ever in terms of fixing it, communication to the world and pushing it out. 
* as a result their kernel code base is also much, much smallers compared to other OS. OpenBSD kernel is around 3 milliones LOC, FreeBSD more around 10. 

So due to that when you're new to OpenBSD you've got to rethink some of your practices.


----------



## astyle (Aug 2, 2021)

hardworkingnewbie said:


> So due to that when you're new to OpenBSD you've got to rethink some of your practices.


This is probably why I never made a go of it. OpenBSD made things too inconvenient in the name of security. Having to remember to enable this and that is hard enough in FreeBSD, and OpenBSD was, IMHO, much worse in that regard. Encryption/security plugins from the OpenBSD camp is top-notch stuff, I'll grant them that, and I'm grateful that they do share the expertise - but for my OS, I'm gonna stick with FreeBSD, thank you very much.


----------



## kpedersen (Aug 2, 2021)

I personally find that on suitable hardware, OpenBSD is easier than FreeBSD. A clean (minimized) Xorg is already in base. KMS/DRM drivers are also part of this for AMD and Intel. It asks if you want SSH from the main installer too. Firmware files are all on firmware.openbsd.org and it installs the correct ones with `fw_update`.

FreeBSD does win in the functionality department but I certainly can say that OpenBSD feels really clean and elegant. Unless you specifically need FreeBSD functionality (Jails, VirtualBox, Old Nvidia are my main ones), then it is still a really good choice, it gets a lot of things very right.


----------



## int0x50 (Aug 2, 2021)

astyle said:


> This is probably why I never made a go of it. OpenBSD made things too inconvenient in the name of security. Having to remember to enable this and that is hard enough in FreeBSD, and OpenBSD was, IMHO, much worse in that regard. Encryption/security plugins from the OpenBSD camp is top-notch stuff, I'll grant them that, and I'm grateful that they do share the expertise - but for my OS, I'm gonna stick with FreeBSD, thank you very much.



I think it's purely because of how cybersecurity space works. the way the threat actors have evolved over the last three decades, they have made this cybersecurity as an industry!.

initially, there was only anti-virus, and people thought it's cybersecurity. then came the firewall. initially people allowed many ports and blocked whatever they don't want. then that changed, deny_all first and allow only when it is required. now the industry is going by the idea of zero trust. don't just trust anything.

the spear volume of traffic, the devices and use cases are too much that, monitoring and defending is becoming really difficult.

now with that, I would certainly agree the style of OpenBSD. that is very much in line with security mindset.

however, if you see the security controls are really becoming a headache and not helping the people who want to release and do things very fast and quick. in fact, the containers (dockers) solve this problem greatly.

overall, it has become like a cat and mouse game and this has never changed!


----------



## a6h (Aug 3, 2021)

hardworkingnewbie said:


> * the default system comes with everything turned off. Want to have SSH access? You have to enable it... and so on and on.


OpenBSD installation enables the sshd(8) by default. If it's disabled, you've done that during the installation, or during the upgrade and in the sysmerge(8) phase.

Why that procudure, i.e. the "Start sshd(8) by default" is important?

1. There's a default pf(4) config in the rc(8) script.
2. The default blocks everything, with the exception of SSH and ICMP.
3. In the boot time, pf(4) replaces default PF configs -- in the rc(8), with your customised pf.conf(5) rules.
4. If you screw up the pf.conf(5), then pf(4) keeps the default.
5. STEP #2 & STEP #4 implies that you can ssh(1) to the machine, even with a corrupted pf.conf(5).
6. STEP #6 is crucial, esp. when the machine is a remote one.


----------



## a6h (Aug 3, 2021)

hardworkingnewbie said:


> * as a result their kernel code base is also much, much smallers compared to other OS. OpenBSD kernel is around 3 milliones LOC, FreeBSD more around 10.


FreeBSD kernel was small. Then they've added ZFS to the kernel. I think about 250,000+ LOC. But it's not the whole story. Refer to the McKusick's. There's some data about LOC on his book.


----------



## astyle (Aug 3, 2021)

vigole said:


> FreeBSD kernel was small. Then they've added ZFS to the kernel. I think about 250,000+ LOC. But it's not the whole story. Refer to the McKusick's. There's some data about LOC on his book.


Doing `# kldstat` shows zfs.ko as a separate, loaded kernel module, at least on my machine. Yeah, that happens if you select ZFS instead of UFS at install. My point is, I don't think ZFS is really part of the kernel - it's a separate loadable kernel module that has merely been included in base.txz. My educated guess is that UFS is part of the kernel, but I'm too lazy to spin up a VM just to verify that won't be getting a ufs.ko listing from doing a `# kldstat`.


----------



## cmoerz (Aug 4, 2021)

astyle said:


> Doing `# kldstat` shows zfs.ko as a separate, loaded kernel module, at least on my machine. Yeah, that happens if you select ZFS instead of UFS at install. My point is, I don't think ZFS is really part of the kernel - it's a separate loadable kernel module that has merely been included in base.txz. My educated guess is that UFS is part of the kernel, but I'm too lazy to spin up a VM just to verify that won't be getting a ufs.ko listing from doing a `# kldstat`.


For the lazy typists: you don't get a ufs module. It's built in for the GENERIC kernel.


----------



## Deleted member 30996 (Aug 5, 2021)

I've had OpenBSD boxen but am more comfortable with FreeBSD in knowing I've got all 3rd party app. vulnerabilities patched.

They use syspatch as an update mechanism. Ravenports was an option for updating programs, but when you start running here to get this and there to get that I start thinking of another OS/Service. No shade at OpenBSD by it.

FreeBSD feels more polished as a Desktop OS, but that may be a reflection of my experience in comfort using the two.

If no BSD's were in the mix I'd be using a Debian based system like Kali. and have a Kali box on metal now. apt-get works for me.


----------



## int0x50 (Aug 6, 2021)

Trihexagonal, how do you find if there are vulnerabilities that exists in the packages and software (including FreeBSD) running?

I tried cvechecker, but it's not working.


----------



## Deleted member 30996 (Aug 6, 2021)

I run these three commands at least once a day.

`portsnap fetch update
pkg audit -F
freebsd-update fetch`

The first command updates my ports tree and gets me the latest /usr/ports/security/vuxml file for any new program vulnerabilities found.
The second command checks that file for vulnerabilities in my programs.
The third checks for updates to the base system:

If the `freebsd-update fetch` command doesn't download any updates there are none.
If it downloads updates you need to install them. 
Then issue the shutdown command that it may be well with thee

`freebsd-update install
shutdown -r now`


----------



## Vull (Aug 6, 2021)

pkg-audit() -- audit installed packages against known vulnerabilities


----------



## int0x50 (Aug 6, 2021)

thank you Trihexagonal and Vull


----------

