@Larvitz we enable a bunch of these (and more) by default in BastilleBSD
undefined
BastilleBSD :freebsd:
@bastillebsd@fosstodon.org
Posts
-
Proper FreeBSD system hardning :)(all for sysctl) -
Happy Friday #FreeBSDHappy Friday #FreeBSD
-
Will be working on a new build of BastilleBSDWill be working on a new build of BastilleBSD .iso images to include the latest advisory fixes and base updates.
In the meantime, here's your reminder to `pkg upgrade` / `freebsd-update fetch install` on your FreeBSD systems.
-
Best NTP daemon?Best NTP daemon?
-
What are you building this week? -
Happy Friday #FreeBSDHappy Friday #FreeBSD
-
Happy Friday #FreeBSDHappy Friday #FreeBSD
-
Want to contribute?Want to contribute?
BastilleBSD is open-source.
Docs, testing, templates, feedback—all welcome.
Your expertise can help shape our next release!
-
Mini-guide: Deploying a simple nginx proxy jail:'nPKG nginxSERVICE nginx enableSERVICE nginx start'nSimple.Mini-guide: Deploying a simple nginx proxy jail:
PKG nginx
SERVICE nginx enable
SERVICE nginx startSimple. Reproducible. Automated.
-
In 2000, Poul-Henning Kamp introduced FreeBSD jails.In 2000, Poul-Henning Kamp introduced FreeBSD jails.
Fast forward 25 years: BastilleBSD lets you manage dozens (or hundreds) of them with ease.
Same roots, more polish.
We build on the shoulders of giants.
-
Want to isolate a DNS resolverWant to isolate a DNS resolver?
bastille create dns 14.3-RELEASE 10.0.0.53
bastille pkg dns install unbound
bastille service dns unbound enable
bastille service dns unbound startYou now have a private resolver in a jail, safe from the host.
-
Bastille networks can be bridged, NAT’d, or VNET’d.Bastille networks can be bridged, NAT’d, or VNET’d.
Run jails like mini-VMs, or keep them lean on localhost.
Flexibility is baked in.
Which setup do you prefer?
-
Did you know Bastillefiles let you declare system configs as code.Did you know Bastillefiles let you declare system configs as code. Example:
PKG nginx
SYSRC nginx_enable=YES
SERVICE nginx startInfrastructure as text—track it in git, share it with the world.
-
Quick tip:> bastille create alcatraz 14.3-RELEASE 10.17.89.63→ In one command, you’ve got an isolated FreeBSD jail spun up.Quick tip:
> bastille create alcatraz 14.3-RELEASE 10.17.89.63
→ In one command, you’ve got an isolated FreeBSD jail spun up.
Perfect for testing or deploying apps safely and cleanly.
-
Unix philosophy reminder: Do one thing well.Unix philosophy reminder: Do one thing well.
BastilleBSD keeps that spirit alive by automating FreeBSD jails cleanly.
Small tools, composable power.
What’s your favorite "do one thing well" tool?
-
Considering a jump from Docker to JailsConsidering a jump from Docker to Jails?
BastilleBSD gives you a lighter, faster, more secure alternative—no daemon overhead, just native FreeBSD isolation.
-
Happy Friday #FreeBSDFor those at #EuroBSDCon what have been the highlights so far?Happy Friday #FreeBSD
For those at #EuroBSDCon what have been the highlights so far?
-
Find myself curious to experiment with libreboot BIOS/UEFI boot firmware but it seems my laptop is not supportedFind myself curious to experiment with libreboot BIOS/UEFI boot firmware but it seems my laptop is not supported.
My current system is a Lenovo X1 Carbon (gen 6).
Anyone have experience with libreboot? Is it worth the work?
-
We wish everyone at #EuroBSDcon a great conference!We wish everyone at #EuroBSDcon a great conference! We'll make it to the EU one of these years. Until then, "Hello" from BastilleBSD and enjoy!