Today, RaT posted on our forums about a recent connection discovered concerning some recent bot issues that we have had. I won't elaborate much as I feel that he did an effective explanation of it. What I will say is that I am nothing short of outraged by this misuse of tax dollars and the level of shadiness that this supposed place of "higher learning" has displayed. Furthermore, the staff at this university that carried forward with this should be nothing short of ashamed of themselves for employing such disgusting tactics that not only are unnecessary, but are a complete waste of time and money on all sides.
We here at SoldierX usually don't get involved in politics and with good reason. Typically, we have seen that such an involvement could harm our bottom line which is the primary reason. However, this election cycle has been anything but normal to say the least. After watching the primaries unfold, our very own Shinobi has decided that he has had enough and has announced that he will be running for the President of the United States of America.
When asked about his platform, his response was telling about the situation he feels our country is in, and his rhetoric was relentless. "Our country is dealing with a giant mess due to numerous failures to address pivotal issues within the last twenty five years due to party lines, and it's time to end this crap." which is a sentiment shared amongst many amongst the crew. His adoption of the slogans "With Jews You Lose" and "Let's Dump Trump" however is a controversial one. When asked about his choice of slogans, Jewish crew member RaT stated that he didn't approve of the message, but he approves of Shinobi. The most controversial aspect of his campaign is his plan after inaguration, in which he will reportedly defecate on the desks of numerous heads of federal agencies including, but not limited to the NSA, FBI, FDA, USDA, VA, DOJ, DOE, and Department of Homeland Security as he feels that they are in part responsible for the mess the country is in and they should have to deal with their share of the mess.
We at HardenedBSD have been hard at work on secadm. Brian Salcedo rewrote core parts of secadm, making it much more efficient. As part of the rewrite, the rule syntax has changed. Please refer to the new secadm.conf(5) manpage for details on the new syntax.
Here's what has changed between secadm 0.2 and secadm 0.3.0:
Integriforce in whitelist mode is a form of verified application whitelisting. When Integriforce is set in whitelisting mode, all desired applications along with their shared objects must have an Integriforce rule. The rtld should also have an Integriforce rule. If an application attempts to start and there is no Integriforce rule for that application or the shared objects it depends on, execution is denied. Whitelisting is only enforced when explicitly enabled and there is at least one Integriforce rule loaded.
As we at HardenedBSD found out with the new rewrite, in the beta releases of secadm 0.3, it was not possible to have Integriforce rules loaded for two files that were hardlinks to each other, like
/bin/test. secadm 0.3 now supports that, but will disregard the second (or following) rules. Both files are still protected as they really point to the same underlying file. As a result, if a hash mismatch occurs, the filename printed out refers to the first rule that matches the hardlinked file.
Congratulations to Ogma for being promoted to the rank of SOLDIERX Inductee. After much hard work, he has released his first project - VulnTrack. VulnTrack monitors the NIST vulnerability feed and compares it against your config file. When there is a pattern match (based on your configuration), VulnTrack alerts you by email and/or desktop notification. We hope that Ogma keeps up the hard work - as we hope to see him make it to full SX Crew in the near future.
In other news, with Ogma's promotion there are new openings for recruits. If you are interested in joining SX, please click here.
Due to some changes to google voice, RoboAmp 1.0.1 stopped working. RoboAmp has been updated to adapt to these changes, as well as a few other minor changes. You can get the new version here. If you would like to see more changes to RoboAmp or any of our other SX Labs releases, please drop by for our IRC meetings on Wednesdays at 3 PM EST.
In other news, the 2015 Wallpaper Contest has been extended until April 20th, 2016. Please keep those submissions coming!
I've published a new build of OPNSense 16.1.1 with HardenedBSD 11-CURRENT! You can grab the build from here: download.
Future things to work on:
For item #1, I've started work on getting wireless working with this commit. I need to ping Adrian Chadd to figure out how to get the MAC address and the other bits from ifconfig that are now hidden that the network interface code expects without having to do a temporary clone of the device.
For item #2, OPNSense recently revamped how they provide binary updates for base. HardenedBSD now has an official binary updating mechanism as well (thanks G2, Inc for sponsoring the work!). Instead of using OPNSense's updating mechanism, I'd rather eat my own dogfood and use hbsd-update. More info about hbsd-update can be found here.