ProHoster > Blog > internet nhau > OpenBSD 6.5 kuburitswa

OpenBSD 6.5 kuburitswa

Ndakaona chiedza kuburitswa kwemahara, muchinjika-chikuva UNIX-senge yekushandisa system OpenBSD 6.5. Iyo OpenBSD purojekiti yakavambwa naTheo de Raadt muna 1995, mushure kunetsana nevagadziri veNetBSD, semhedzisiro iyo Teo akanyimwa mukana weNetBSD CVS repository. Mushure meizvi, Theo de Raadt neboka revanhu vane pfungwa dzakafanana vakagadzira itsva yakavhurika sisitimu yakavakirwa paNetBSD sosi yemuti, izvo zvibodzwa zvikuru zvaive kutakurika (inotsigirwa ne 13 Hardware mapuratifomu), kumira, kushanda kwakaringana, kuchengetedzwa kwakasimba uye zvakabatanidzwa cryptographic maturusi. Saizi yekuisa yakazara ISO mufananidzo OpenBSD 6.5 base system ndeye 407 MB.

Pamusoro peiyo inoshanda sisitimu pachayo, iyo OpenBSD purojekiti inozivikanwa nezvikamu zvayo, izvo zvave kupararira mune mamwe masisitimu uye zvakaratidza ivo kuti ndeimwe yeakachengeteka uye yepamusoro-soro mhinduro. Pakati pavo: FreeSSL (fork OpenSSL), OpenSSH, packet filter PF, kuendesa madhimoni OpenBGPD uye OpenOSPFD, NTP server OpenNTPD, mail server OpenSMTPD, zvinyorwa terminal multiplexer (yakafanana neGNU skrini) tmux, daemon identd nekushandiswa kweIDENT protocol, imwe nzira yeBSDL kune GNU groff package - mandoc, protocol yekuronga kukanganisa-kushivirira masisitimu CARP (Common Kero Redundancy Protocol), huremu http server, faira yekubatanidza utility OpenRSYNC.

Pakati peshanduko dzinonyanya kukosha: inotakurika vhezheni yebgpd yakaunzwa, yakagadziridzwa kushanda mune mamwe maOS, kushandiswa kweXenocara uye tcpdump midzi ropafadzo kwakabviswa, iyo LDD linker inogoneswa nekusarudzika yeamd64 uye i386, MPLS rutsigiro rwave. yakagadziridzwa zvakanyanya, uye kudzivirirwa kubva kumabasa nemaitiro ekudzokera kumashure kwakasimbiswa. oriented programming (ROP), iyo yakapusa inodzokorodza DNS server unwind yawedzerwa, isina kutsanangurwa maitiro detector yakabatanidzwa mukernel, uye isu pachedu kuita kwersync utility yakasumwa.

chikuru kuvandudzika:

  • Paunenge uchivaka amd64 uye i386 zvivakwa, LDD linker yakagadziridzwa neLLVM purojekiti inoshandiswa nekukasira. Kune iyo mips64 architecture, tsigiro yekuvaka uchishandisa Clang yakawedzerwa;
  • Madhiraivha matsva epvclock eparavirtualized KVM timer uye ixl yeIntel Ethernet 700. Mutyairi weuaudio wakatsiviwa nekushandiswa kutsva nerutsigiro rwe USB Audio 2.0.
  • Kuvandudzwa kwekuita kweasina waya madhiraivha bwfm, iwn, iwm uye athn. Tsigiro yeRTM_80211INFO mameseji yakawedzerwa kune isina waya stack kuendesa yakadzama interface mamiriro eruzivo kune dhclient uye nzira mirairo. Maitiro ekunyarara kana uchibatanidza kune isina waya network yakashandurwa - kana iwe uine yakagadziriswa auto-connect list, OpenBSD haichabatanidza kune isingazivikanwe yakavhurika network (kudzosera maitiro apfuura, unogona kuwedzera isina chinhu network kune iyo rondedzero);
  • Iyo network stack inounza itsva bpe (Backbone Provider Edge) uye mpip (MPLS IP layer 2) pseudo-mudziyo madhiraivha. Yakawedzera tsigiro yekugadzirisa mamwe madhizaini ekufambisa eMPLS nzvimbo. Mutyairi wevlan akagoneswa kunzvenga mutsara kugadzirisa uye kubuda zvakananga kune yevabereki network interface. Yakawedzera txprio modhi kune ifconfig kudzora kukoshesa encoding mumisoro yemapaketi akaturikidzwa (anotsigirwa kune vlan, gre, gif uye etherip vatyairi);
  • Mukuita kweiyo bpf sefa, zvakave zvichiita kushandisa nzira yekudonha pasina kutora mapaketi. Iyi ficha inoshandiswa mutcpdump kusefa padanho rekutanga repacket riri kugamuchirwa nemudziyo;
  • Iyo installer inopa rubatsiro rdsetroot kuwedzera dhisiki mufananidzo kune kernel RAMDISK. Kuve nechokwadi chekubviswa kwezvimwe zvikamu zvekuburitswa kwekare panguva yekuvandudza system;
  • Yakavandudzwa system call pachena, iyo inopa faira system yekuwana yega. Iyo vhezheni nyowani inowedzera kuwonekwa kwemachisi ane hukama nedhairekitori rekushanda rezvino maitiro kana uchiparadzanisa nzira dzehukama. Iko kushandiswa kwestat uye kuwana kune yakaganhurirwa faira nzira zvikamu zvinorambidzwa. Zvekushandisa ospfd, ospf6d, rebound, getconf, kvm_mkdb, bdftopcf, Xserver, passwd, spamlogd, spamd, sensorsd, snmpd, htpasswd uye ifstated, kuchengetedzwa uchishandisa unveil kunoitwa;
  • Clang yakavandudza maturusi ekuvharira kushandiswa kwemaitiro ekudzokera-yakatarisana nehurongwa (ROP), iyo yakaderedza zvakanyanya kuwanda kwepolymorphic gadgets inowanikwa mune inoguma inoteedzera mafaira eiyo i386 uye amd64 architectures;
  • Clang yakavandudza kuita uye kuchengetedzeka kana uchishandisa
    kudzivirira nzira RETGUARD, yakanangana nekuomesera mashandiro ezvishandiso zvakavakwa pachishandiswa zvidimbu zvekukwereta zvekodhi uye maitiro ekugadzirisa anonangana nekudzoka. Kuti ikurumidze kushanda, data inoiswa mumarejista pachinzvimbo chestack pese pazvinogoneka, uye processor cache inoshandiswa zvakanyanya pakudzoka. RETGUARD zvakare yave kushandiswa panzvimbo pechinyakare stack dziviriro pane amd64 uye arm64 masisitimu;

  • Zvishandiso zvine chekuita netiweki stack zvakagadziridzwa: Tsigiro yekusefa MPLS mapaketi yakawedzerwa kune pcap-filter. Iko kugona kugadzirisa zvinotungamira nzira kwakawedzerwa kune ospfd, ospf6d uye ripd. IN
    ripd yakawedzera nzira yakavakirwa kudzivirira pledge. Yakawedzera sff uye sffdump modes kune ifconfig kuti uwane ruzivo rwekuongorora kubva kune optical transmitters;

  • Kuburitswa kwekutanga kwemugadzirisi mutsva anoratidzwa zorora, iyo inogadzirisa mibvunzo yeDNS inodzokororwa uye inogamuchira zvinongedzo chete pane interface 127.0.0.1.
    Unwind yakagadzirirwa kushandiswa pane vatengi masisitimu, senge laptops, inofamba pakati peakasiyana mawaya network. Kana ikaona kuvharika kweDNS traffic pane network yemuno, sunungura machinjiro ekushandisa kero yeinodzokorodza DNS server inotamiswa kuburikidza neDHCP, asi inoramba ichiyedza nguva nenguva kugadzirisa yakazvimirira uye nekukurumidza kana zvikumbiro zvakatanga kupfuura, inodzokera kune yakazvimiririra kuwana. DNS maseva;

  • Mu bgpd, basa rakaitwa kuderedza kushandiswa kwekuyeuka, yakapfava mitemo optimizer yakawedzerwa (inobatanidza mitemo yekusefa inosiyana chete mumaseti eseti), iyo BGP MPLS VPN yekumisikidza maitiro yakashandurwa, rutsigiro rweIPv6 BGP MPLS VPN yakawedzerwa. , uye "se-override" mashandiro akaitwa kutsiva muvakidzani AS kune yemuno AS munzira, akawedzera kugona kuenderana neanoverengeka nharaunda mumutemo mumwe, akawedzera maficha anoenderana "*", "local-se" uye "muvakidzani. -se ", basa rakagadziridzwa nemaseti makuru emitemo, yakawedzera mirairo mitsva yekushanda nemapoka akazvivakidzana akazvimiririra masisitimu ("bgpctl muvakidzani boka", "bgpctl ratidza muvakidzani boka", "bgpctl ratidza rib muvakidzani boka"), kugona kuwedzera network. kuBGP VPN matafura akawedzerwa kune bgpctl. Kekutanga, inotakurika vhezheni yeOpenBGPD-inotakurika yakagadzirwa, yakagadzirira kushanda pane masisitimu kunze kweOpenBSD;
  • Yakawedzerwa sarudzo kubsan kuona zviitiko zvemaitiro asina kutsanangurwa muOpenBSD kernel.
  • Iyo tcpdump utility inobvisa zvachose kushandiswa kwemidzi ropafadzo;
  • Kuvandudzwa kwemalloc kuita mune akawanda-tambo maapplication;
  • Iyo yekutanga vhezheni yechirongwa yakawedzerwa kune iyo kuumbwa OpenRSYNC nekuita kwayo kweiyo rsync faira yekubatanidza utility;
  • Iyo vhezheni yeOpenSMTPD mail server yakagadziridzwa, umo chiyero chitsva chekuenzanisa "kubva kurdns" chawedzerwa kune smtpd.conf, iyo inobvumidza iwe kusarudza masesesheni zvichienderana nekudzoreredza DNS resolution (kusarudza zita remuenzi neIP). Paunenge uchitsvaga mumatafura, kugona kushandisa zvirevo zvenguva dzose kwakawedzerwa;
  • Iyo OpenSSH 8.0 package yakagadziridzwa, ongororo yakadzama yekuvandudzwa inogona kuwanikwa pano;
  • Iyo LibreSSL package yakagadziridzwa, ongororo yakadzama yekuvandudzwa inogona kuwanikwa muzviziviso zvekuburitswa 2.9.0 ΠΈ 2.9.1;
  • Mandoc yakavandudza zvakanyanya kubuda kweHTML, yakagadziridzwa tafura yekupa, uye yakawedzera "-O" mureza kuti uvhure peji ine tsananguro yeizwi rakatarwa;
  • Iko kugona kweiyo Xenocara graphics stack kwakawedzerwa: iyo X server haichada kuisirwa neiyo setuid mureza kuti imhanye. Mutyairi we radeonsi Mesa anosanganisira tsigiro yehardware acceleration yeSouthern Islands (Radeon HD 7000) uye Sea Islands (Radeon HD 8000) GPUs;
  • C ++ zviteshi zvezvivakwa zvisiri kutsigirwa naClang zvave kuunganidzwa uchishandisa GCC kubva kumadoko. Huwandu hwezviteshi zveiyo AMD64 architecture yaive 10602, yeaarch64 - 9654, ye386 - 10535. Pazvikumbiro zviri muchiteshi, zvinotevera zvinocherechedzwa:
    • Nyenyedzi 16.2.1
    • Audacity 2.3.1
    • CMake 3.10.2
    • Chrome 73.0.3683.86
    • ffmpeg 4.1.3
    • GCC 4.9.4 uye 8.3.0
    • GNOME 3.30.2.1
    • Enda 1.12.1
    • JDK 8u202 uye 11.0.2+9-3
    • LLVM/Clang 7.0.1
    • LibreOffice 6.2.2.2
    • Lua 5.1.5, 5.2.4 uye 5.3.5
    • MariaDB 10.0.38
    • Tsoko 5.18.1.0
    • Mozilla Firefox 66.0.2 uye ESR 60.6.1
    • Mozilla Thunderbird 60.6.1
    • Node.js 10.15.0
    • OpenLDAP 2.3.43 uye 2.4.47
    • PHP 7.1.28, 7.2.17 uye 7.3.4
    • Postfix 3.3.3 uye 3.4.20190106
    • PostgreSQL 11.2
    • Python 2.7.16 uye 3.6.8
    • R 3.5.3
    • Ruby 2.4.6, 2.5.5 uye 2.6.2
    • Ngura 1.33.0
    • Sendmail 8.16.0.41
    • SQLite3 3.27.2
    • Meerkat 4.1.3
    • Tcl/Tk 8.5.19 uye 8.6.8
    • TeX Kurarama 2018
    • Vim 8.1.1048 uye Neovim 0.3.4
    • Xfce 4.12
  • Zvikamu zvechitatu zvinosanganisirwa neOpenBSD 6.5:
    • Xenocara graphics stack yakavakirwa paX.Org server 1.19.7 ine zvigamba, freetype 2.9.1, fontconfig 2.12.4, Mesa 18.3.5, xterm 344, xkeyboard-config 2.20;
    • LLVM/Clang 7.0.1 (ine zvigamba)
    • GCC 4.2.1 (ine zvigamba) uye 3.3.6 (ine zvigamba)
    • Perl 5.28.1 (ine zvigamba)
    • NSD 4.1.27
    • Unbound 1.9.1
    • Vanamukoti 5.7
    • Binutils 2.17 (ine zvigamba)
    • Gdb 6.3 (ine zvigamba)
    • Awk Aug 10, 2011
    • Expat 2.2.6

Source: opennet.ru

Voeg