ProHoster > Blog > internet nhau > OpenBSD 6.7 kuburitswa

OpenBSD 6.7 kuburitswa

Introduced kuburitswa kwemahara muchinjiko-chikuva UNIX-senge yekushandisa system OpenBSD 6.7. Iyo OpenBSD purojekiti yakavambwa naTheo de Raadt muna 1995 mushure kunetsana nevagadziri veNetBSD, semhedzisiro iyo Teo akanyimwa mukana weNetBSD CVS repository. Mushure meizvi, Theo de Raadt neboka revanhu vane pfungwa dzakafanana vakagadzira itsva yakavhurika sisitimu yakavakirwa paNetBSD sosi yemuti, izvo zvibodzwa zvikuru zvaive kutakurika (inotsigirwa ne 12 Hardware mapuratifomu), kumira, kushanda kwakaringana, kuchengetedzwa kwakasimba uye zvakabatanidzwa cryptographic maturusi. Saizi yekuisa yakazara ISO mufananidzo OpenBSD 6.7 base system ndeye 470 MB.

Pamusoro peiyo inoshanda sisitimu pachayo, iyo OpenBSD purojekiti inozivikanwa nezvikamu zvayo, izvo zvave kupararira mune mamwe masisitimu uye zvakaratidza ivo kuti ndeimwe yeakachengeteka uye yepamusoro-soro mhinduro. Pakati pavo: FreeSSL (fork OpenSSL), OpenSSH, packet filter PF, kuendesa madhimoni OpenBGPD uye OpenOSPFD, NTP server OpenNTPD, mail server OpenSMTPD, zvinyorwa terminal multiplexer (yakafanana neGNU skrini) tmux, daemon identd nekushandiswa kweIDENT protocol, imwe nzira yeBSDL kune GNU groff package - mandoc, protocol yekuronga kukanganisa-kushivirira masisitimu CARP (Common Kero Redundancy Protocol), huremu http server, faira yekubatanidza utility OpenRSYNC.

chikuru kuvandudzika:

  • Iyo FFS2 faira sisitimu, iyo inoshandisa 64-bit nguva uye block value, inogoneswa nekusarudzika mukumisikidzwa kutsva kweanenge ese anotsigirwa ezvivakwa panzvimbo yeFFS (kunze kwekundisk, luna88k, uye sgi).
  • Nzira itsva yakawedzerwa kuti itarise huchokwadi hwekufona kwehurongwa, izvo zvinowedzera kuomesa kushandiswa kwekusagadzikana. Iyo nzira inobvumira masisitimu mafoni kuti aitwe chete kana awanikwa kubva munzvimbo dzakambonyoreswa ndangariro. Iyo nyowani msyscall () system yekufona yakakurudzirwa kumaka ndangariro nzvimbo uye activate dziviriro.
  • Nhamba yezvikamu zvinogona kugadzirwa pane imwe diski yakawedzera kubva pa7 kusvika ku15.
  • Iyo cron sarudzo parsing kodhi yakanyorwa patsva kuti itsigire getopt-senge maficha akadai se "-ns" uye kutsanangura zvakare mireza yakafanana. Iyo "sarudzo" munda mucrontab yakatumidzwa zita rekuti "mureza". Yakawedzera "-s" mureza kune crontab kuitira kuti muenzaniso mumwe chete webasa ugone kushanda panguva. Yakawedzerwa "~" mushandisi kutsanangura kukosha kwenguva isina kurongeka.
  • Iyo cwm hwindo maneja inoshandisa kugona kuona saizi yehwindo sechikamu chesaizi yehwindo rekutanga mune yakarongedzwa mataira.
  • Iyo powerpc architecture yachinja kushandisa Clang nekukasira uye yakagonesa yekuvaka-yakazvimiririra kuitiswa kwe mplock.
  • apmd yakavandudza tsigiro yekumira otomatiki uye hibernation (-z/-Z) - iyo daemon ikozvino inopindura kubhatiri kuchaja mameseji anotumirwa nemutyairi wemagetsi. Shanduko yekurara inoitika nekunonoka kwemasekonzi makumi matanhatu, izvo zvinopa mushandisi nguva yekutora kutonga.
  • Yakawedzera $REQUEST_SCHEME gadziriso inoshanduka kune yakavakirwa-mukati HTTP server kuchengetedza iyo yekutanga protocol (http kana https) paunenge uchitungamira, pamwe ne "strip" sarudzo yekubvumira akawanda chroots mu /var/www ye FastCGI maseva.
  • Iyo yepamusoro yekushandisa ikozvino inotsigira kupuruzira uchishandisa iyo 9 uye 0 makiyi.
  • Iyo nzira yekusunungura mapeji ekurangarira mune reverse kurongeka inounzwa, iyo inowedzera zvakanyanya kugona kwekushingaira kusunungura nhamba huru yemapeji.
  • Iyo isina kusungwa DNS server ine DNSSEC yekutarisa inogoneswa nekusarudzika.
  • Mafoni eSitimu anosunungurwa kubva pakuvhara kwepasirese
    __thrsleep(2), __thrwakeup(2), close(2), closefrom(2), dup(2), dup2(2), dup3(2), Flock(2), fcntl(2), kqueue(2), pombi (2), pombi2 (2) uye nanosleep (2), pamwe chete nechikamu cheiyo ioctl(2).

  • Yakawedzera tsigiro yehardware. Mutyairi mutsva weiwx akawedzerwa kuIntel AX200 wireless chips, uye mutyairi weiwm akawedzera tsigiro yeIntel 9260 uye zvishandiso 9560. Mutyairi werge akawedzerwa Realtek 8125 PCI Express 2.5Gb. Madhiraivha mazhinji matsva akakurudzirwa kuvandudza mashandiro paarm64 uye armv7 mabhodhi, kusanganisira yakawedzerwa rutsigiro rweRaspberry Pi 4 bhodhi uye yakagadziridzwa rutsigiro rweRaspberry Pi 2 uye 3.
  • Iyo sndio sound subsystem yakawedzerwa. Yakawedzera sioctl_open API uye sndioctl utility yekudzora ruzha kuburikidza ne sndiod. /dev/mixer yabviswa uye madoko ese akachinjirwa kune sndio pachinzvimbo chekernel musanganiswa interface. Sndiod inopa kushandiswa kwehardware vhoriyamu yekudzora maitiro. Kuti uwedzere kuchengetedzeka, kugara kwemushandisi kuwana /dev/audio* uye /dev/rmidi* kunorambidzwa.
  • Iyo isina waya stack inomira kubatana kune chero iripo yeWi-Fi network isingatsigire encryption, kunze kwekudaidza zvakajeka "ifconfig join" murairo. Inovimbisa kuti yekumashure scan yeanowanikwa network inotangwa kana iyo "ifconfig scan" yekuraira ichiitwa nemudzi mushandisi. Cache yezvabuda mu scan yawedzerwa. Yakawedzera mureza we "nwflag nomimo", wakaiswa kuburikidza neifconfig, iyo inobatsira kubvisa kurasikirwa kwepakeji mu11n modhi kana mudziyo uine unconnected antenna connectors. Yakawedzera tsigiro yeanoshanda scanning modhi yemutyairi we bwfm. Yakavandudza otomatiki switching pakati peasina waya network nekudzikisira kukosha kune network isingakwanise kubatana nayo.
  • Mutyairi mutsva wepppac akaonekwa mune network stack, iyo inosanganisira kuisirwa kwePPP Access Concentrator interface. Yakachinjwa npppd.conf marongero kuti ashandise pppac pachinzvimbo chekuti tun. Kana packet redirection yadzimwa, cheki yawedzerwa kutarisa kana kero yekuenda mupakiti inoenderana nekero yetiweki interface. Mobileip rutsigiro rwabviswa.
  • Vashandisi vasiri midzi vanorambidzwa kushandisa ioctl kushandura network interface kero uye kushandura maparamita epppoe interfaces.
  • sysupgrade inovimbisa kuti firmware updates (fw_update) inotangwa isati yatangazve isati yakwidziridzwa.
  • Iyo yekuvheneka system yekufona yakagadziridzwa kuti ipe faira system yekuwana yega. Nhamba yezvikumbiro kubva kunheyo yegadziriro iyo kudzivirira kushandisa unveil inoshandiswa yakawedzerwa kusvika ku 82. Kusanganisira vmstat, iostat uye systat inotamirwa kuzarura.
  • RSA-PSS rutsigiro rwakawedzerwa kune crypto (3).
  • DoT (DNS pamusoro peTLS) rutsigiro rwakawedzerwa kune unwind DNS solver. Yakawedzera "unwindctl status memory" command.
  • Kuitwa kweIPsec kwave kuchinyanya kuvandudzwa. Yakawedzerwa rutsigiro rwekufambisa otomatiki traffic pakati perdomain panguva yekuvharidzira uye decryption kudzivirira kubva kudivi-chiteshi kurwiswa. Yakawedzera rutsigiro rwekushandura rdomain kuita iked, uye yakawedzera 'rdomain' sarudzo ku iked.conf
    Iyo yakasarudzika nhanho ye iked uye isakmpd ndeye IPSEC_LEVEL_REQUIRE, iyo inodzivirira kugadziriswa kwemapaketi asina kuvharirwa anoenderana nekuyerera. Iyo curve25519, ecp256, ecp384, ecp521, modp3072 uye modp4096 algorithms yakawedzerwa kune Diffie-Hellman marongero eboka reIKE SA. Mu iked, nzira yekusimbisa yekusarudzika yakashandurwa kuita dijitari siginecha yechokwadi (RFC 7427). Yakawedzera ESN marongero ku iked.conf. Yakawedzerwa "-p" sarudzo yekusarudza isiri-yakajairwa UDP port nhamba.

  • Iko kugona kwetmux terminal multiplexer kwakawedzerwa uye dzakawanda sarudzo itsva dzakawedzerwa.
  • Iyo vhezheni yeOpenSMTPD mail server yakagadziridzwa. Iwo akavakirwa-mukati mafirita anoisa iyo "bypass" kiyi kiyi kusvetuka kugadzirisa pasi pemamiriro akatarwa. Inobvumira zita rekushandisa rezvino smtpd sesheni kuti ishandiswe mumasefa. Mu smtpd.conf, iyo parameter inobvumira kushandiswa kwe mail-kubva uye rctp-to.
  • Iyo OpenSSH 8.2 package yakagadziridzwa kuti ibatanidze tsigiro yeFIDO/U2F maviri-factor echokwadi tokeni. Iwe unogona kuona tsanangudzo yakadzama yekuvandudzwa pano.
  • Updated iyo LibreSSL package, umo kuiswa kweTLS 1.3 kwakavakirwa pamushini mutsva wehurumende uye subsystem yekushanda nemarekodhi kwapera. Nekumisikidza, chikamu chemutengi chete cheTLS 1.3 chinogoneswa izvozvi; chikamu cheseva chakarongwa kuti chiitwe nekusarudzika mukuburitswa kunotevera. Rondedzero yedzimwe shanduko inogona kuoneka muzviziviso zvekuburitswa 3.1.0 ΠΈ 3.1.1.
  • Huwandu hwemadoko eiyo AMD64 architecture yaive 11268, yeaarch64 - 10848, yei386 - 10715.
    • Xenocara graphics stack yakavakirwa paX.Org 7.7 ine xserver 1.20.8 + zvigamba, freetype 2.10.1, fontconfig 2.12.4, Mesa 19.2.8, xterm 351, xkeyboard-config 2.20;
    • LLVM/Clang 8.0.1 (ine zvigamba)
    • GCC 4.2.1 (ine zvigamba) uye 3.3.6 (ine zvigamba)
    • Perl 5.30.2 (ine zvigamba)
    • NSD 4.2.4
    • Unbound 1.10.0
    • Vanamukoti 5.7
    • Binutils 2.17 (ine zvigamba)
    • Gdb 6.3 (ine zvigamba)
    • Awk December 20, 2012
    • Expat 2.2.8

    Source: opennet.ru

Voeg