DOCSLIB.ORG

Junos® OS Software Installation and Upgrade Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Junos® OS Software Installation and Upgrade Guide Junos® OS Junos® OS Software Installation and Upgrade Guide Published 2021-03-24 ii Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Junos® OS Junos® OS Software Installation and Upgrade Guide Copyright © 2021 Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. iii Table of Contents About This Guide | xxi 1 Junos OS Overview Junos OS Overview | 2 Junos OS Overview | 2 2 System Back Up and Recovery Backing Up an Installation Using Snapshots | 7 Understanding How to Back Up an Installation on Switches | 7 Creating a Snapshot and Using It to Boot a QFX Series Switch | 9 Creating a Snapshot on an External USB Flash Drive and Using It to Boot a QFX Series Switch | 10 Creating a Snapshot and Using It to Boot a QFX3500 and QFX3600 Series Switch | 11 Creating a Snapshot and Using It to Boot an EX Series Switch | 14 Creating a Snapshot on a USB Flash Drive and Using It to Boot the Switch | 14 Creating a Snapshot and Using It to Boot an SRX Series device | 15 Creating a Snapshot and Using It to Boot an SRX Series device | 15 Backing Up the Current Installation on SRX Series Devices | 18 Creating a Snapshot and Using It to Boot an ACX Series Router | 21 Understanding System Snapshot on an ACX Series Router | 21 Example: Taking a Snapshot of the Software and Configuration | 22 Recovery Using an Emergency Boot Device | 26 Creating an Emergency Boot Device for Routers | 27 Creating an Emergency Boot Device for QFX Series Switches | 28 Recovering the Installation Using an Emergency Boot Device | 30 Performing a Recovery Installation | 32 Rescue and Recovery of Configuration File | 33 Saving and Reverting a Rescue Configuration File | 34 iv Saving a Rescue Configuration File | 34 Reverting to the Rescue Configuration | 38 Copy Backup Configurations and Restoring a Saved Configurations | 39 Copy Backup Configurations to the Router | 39 Restoring a Saved Configuration | 39 Reverting to the Default Factory Configuration by Using the request system zeroize Command | 42 Recovery of Junos OS | 42 Recovering from a Failed Software Installation | 43 Recovering Junos OS on a Device Running Junos OS with Upgraded FreeBSD | 45 How to Recover Junos OS with Upgraded FreeBSD | 49 Ways to Recover Junos OS with Upgraded FreeBSD Without the Use of the CLI | 49 How to Access the Junos Main Menu, Boot Menu, and Options Menu | 53 How to Access the Junos Main Menu | 53 How to Access the Boot Menu | 55 How to Access the Options Menu | 56 Autorecovery of Configuration, Licenses, and Disk Information on SRX Series Devices | 57 3 Installing, Upgrading, and Downgrading Software Software Installation and Upgrade Overview | 63 Software Installation and Upgrade Overview | 63 Junos OS and Junos OS Evolved Installation Package Names | 69 Junos OS and Junos OS Evolved Installation Packages Prefixes | 70 Junos OS and Junos OS Evolved Release Numbers | 75 Junos OS and Junos OS Evolved Editions | 76 Boot Sequence on Devices with Routing Engines | 77 Preparing for Software Installation and Upgrade | 81 Upgrade or Reinstall Junos OS | 82 Checklist for Reinstalling Junos OS | 82 Log the Software Version Information | 84 Log the Hardware Version Information | 86 Log the Chassis Environment Information | 88 v Log the System Boot-Message Information | 89 Log the Active Configuration | 92 Log the Interfaces on the Router | 93 Log the BGP, IS-IS, and OSPF Adjacency Information | 94 Log the System Storage Information | 96 Validating the Configuration Image Before Upgrading or Downgrading the Software | 97 Ensuring Sufficient Disk Space for Junos OS Upgrades on SRX Devices | 98 Verifying Available Disk Space on SRX Series Devices | 98 Cleaning Up the System File Storage Space | 99 Verifying Junos OS and Boot Loader Software Versions on an EX Series Switch | 101 Verifying the Number of Partitions and File System Mountings | 101 Verifying the Loader Software Version | 103 Verifying Which Root Partition Is Active | 104 Verifying the Junos OS Version in Each Root Partition | 105 Downloading Software | 107 Downloading Software Using a Browser | 107 Downloading Software Using the Command-Line Interface | 108 Downloading Software Using Download Manager (SRX Series Only) | 110 Reinstall Junos OS | 112 Reconfigure Junos OS | 113 Configure Host Names, Domain Names, and IP Addresses | 113 Protecting Network Security by Configuring the Root Password | 115 Check Network Connectivity | 117 Managing YANG Packages and Configurations During a Software Upgrade or Downgrade | 118 Backing up and Deleting the Configuration Data | 119 Restoring the YANG Packages and Configuration Data | 119 Installing Software on Routing Devices | 121 Installing the Software Package on a Router with a Single Routing Engine | 121 Installing the Software Package on a Device with Redundant Routing Engines | 123 Preparing the Device for the Installation | 123 vi Installing Software on the Backup Routing Engine | 125 Installing Software on the Remaining Routing Engine | 127 Finalizing the Installation | 130 Installing Software on EX Series Switches | 132 Understanding Software Installation on EX Series Switches | 133 Installing Software on an EX Series Switch with a Virtual Chassis or Single Routing Engine (CLI Procedure) | 135 Installing Software on an EX Series Switch with Redundant Routing Engines (CLI Procedure) | 138 Preparing the Switch for the Software Installation | 139 Installing Software on the Backup Routing Engine | 141 Installing Software on the Default Primary Routing Engine | 142 Returning Routing Control to the Default Primary Routing Engine (Optional) | 144 Upgrading the Loader Software on the Line Cards in a Standalone EX8200 Switch or an EX8200 Virtual Chassis | 145 Booting an EX Series Switch Using a Software Package Stored on a USB Flash Drive | 149 Installing Software on QFX Series Devices | 151 Installing Software Packages on QFX Series Devices | 151 Installing the Software on QFX10002-60C Switches | 152 Installing a Standard Software Package on QFX5000 and EX4600 Switches | 153 Installing a Standard Software Package on QFX10002 Switches | 154 Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release 15.1X53- D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches | 157 Installing a Software Package on QFX10008 and QFX10016 Switches | 161 Upgrading Software by Using Automatic Software Download for Switches | 165 Configuring DHCP Services for the Switch | 166 Enabling Automatic Software Download on a Switch | 166 Verifying That Automatic Software Download Is Working Correctly | 167 Upgrading Jloader Software on QFX Series Devices | 168 Jloader Software Version 1.1.4 Guidelines | 171 Upgrading Jloader Software on a QFX3500 Switch | 171 Upgrading Jloader Software on a QFabric System | 174 vii Installing Junos OS Software with Junos Automation Enhancements | 183 How To Install Third-Party Software on Devices Running Junos OS Evolved | 189 Personality Upgrade Process | 191 Understanding the Personality Upgrade Process for a Device | 191 Supported Personality Upgrades | 193 Upgrading the Personality of a Device by Using a USB Flash Drive | 194 Upgrading the Personality of a Device by Using CLI | 195 How to Upgrade the Personality of a Device on Junos OS | 195 Upgrading the Personality of a Device by Using a PXE Boot Server | 198 Upgrading the Personality of SRX1500 Device by Using a PXE Boot Server | 202 Upgrading the Personality of SRX4100 Device by Using a PXE Boot Server | 206 Upgrading the Personality of SRX4600 Device by Using a PXE Boot Server | 210 Upgrading the Personality of QFX10002-60C and PTX10002-60C Devices | 214 Upgrading the Personality of QFX10002-60C and PTX10002-60C Devices Using the PXE Boot Server | 214 Upgrading the Personality of QFX10002-60C and PTX10002-60C Devices Using the USB Option | 219 Upgrading the Personality of QFX10002-60C and PTX10002-60C Devices Using the CLI Option | 220 Upgrading the Personality of QFX10002-60C and PTX10002-60C Devices Using Zero Touch Provisioning (ZTP) | 222 Upgrade the NFX250 Software to NFX250 NextGen Software | 230 NFX250 NextGen Software Upgrade Overview | 230 Prerequisites | 230 Upgrade to NFX250 NextGen Software Architecture | 233 Installing Software on SRX Series Devices | 233 Understanding Junos OS Upgrades for SRX Series Devices | 234
Load more

  1014
Copy Link
Recommended publications
  • The Title Title: Subtitle March 2007
    sub title The Title Title: Subtitle March 2007 Copyright c 2006-2007 BSD Certification Group, Inc. Permission to use, copy, modify, and distribute this documentation for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE DOCUMENTATION IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS DOCUMENTATION INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CON- SEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEG- LIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENTATION. NetBSD and pkgsrc are registered trademarks of the NetBSD Foundation, Inc. FreeBSD is a registered trademark of the FreeBSD Foundation. Contents Introduction vii 1 Installing and Upgrading the OS and Software 1 1.1 Recognize the installation program used by each operating system . 2 1.2 Recognize which commands are available for upgrading the operating system 6 1.3 Understand the difference between a pre-compiled binary and compiling from source . 8 1.4 Understand when it is preferable to install a pre-compiled binary and how to doso ...................................... 9 1.5 Recognize the available methods for compiling a customized binary . 10 1.6 Determine what software is installed on a system . 11 1.7 Determine which software requires upgrading . 12 1.8 Upgrade installed software . 12 1.9 Determine which software have outstanding security advisories .
    [Show full text]
  • Recent Security Enhancements in Netbsd
    Recent Security Enhancements in NetBSD Elad Efrat < [email protected] > September 2006 Abstract Over the years, NetBSD obtained the position of the BSD focusing on portability. While it is true that NetBSD offers an easily portable operating system, care is also given to other areas, such as security. This paper presents the NetBSD philosophy of security, design decisions, and currently offered security features. Finally, some of the current and future research will be revealed. 1. Introduction Running on almost twenty different architectures, and easily portable to others, NetBSD gained its reputation as the most portable operating system on the planet. While that may indicate high quality code, the ever demanding networked world cares about more than just that. Over the past year, NetBSD evolved quite a bit in various areas; this paper, however, will focus on the aspect relating to security. This paper was written and structured to present a full overview of the recent security enhancements in NetBSD in an easily readable and balanced form that will satisfy new, intermediate, and experienced users. References were sprinkled across the text to provide more information to those who want the gory details, while preserving the continuity. Section 2 will present the bigger picture of security in NetBSD: how NetBSD perceives security, the design decisions of NetBSD software in general and the security infrastructure and features more specifically. Section 3 will present a detailed overview of the recent enhancements in the security infrastructure and features of NetBSD including, where relevant, details about the design, implementation, and possible future development. Section 4 will present current security-related research and development in NetBSD, and section 5 will discuss how the described enhancements work together to provide a more secure platform.
    [Show full text]
  • Comparaţie Între Versiuni BSD
    UNIVERSITATEA POLITEHNICA BUCUREŞTI FACULTATEA DE ELECTRONICĂ, TELECOMUNICAŢII ŞI TEHNOLOGIA INFORMAŢIE Comparaţie între versiuni BSD -Sisteme de operare avansate- Profesor coordonator Masterand Conf. Dr. Ing. Ştefan Stăncescu Rînciog Florentina-Cosmina Master IISC, an I Bucureşti 2015 Cuprins 1. Introducere BSD ............................................................................................................ 3 1.1 Scurt istoric............................................................................................................. 3 1.2 Dezvoltare .............................................................................................................. 3 1.3 Descendenţi BSD ................................................................................................... 4 2. FreeBSD ........................................................................................................................ 5 2.1 Utilizare ...................................................................................................................... 5 2.2 Caracteristici tehnice .................................................................................................. 5 2.3 Securitate .................................................................................................................... 6 3. NetBSD ......................................................................................................................... 7 3.1 Utilizare .....................................................................................................................
    [Show full text]
  • CYBERSECURITY When Will You Be Hacked?
    SUFFOLK ACADEMY OF LAW The Educational Arm of the Suffolk County Bar Association 560 Wheeler Road, Hauppauge, NY 11788 (631) 234-5588 CYBERSECURITY When Will You Be Hacked? FACULTY Victor John Yannacone, Jr., Esq. April 26, 2017 Suffolk County Bar Center, NY Cybersecurity Part I 12 May 2017 COURSE MATERIALS 1. A cybersecurity primer 3 – 1.1. Cybersecurity practices for law firms 5 – 1.2. Cybersecurity and the future of law firms 11 – 2. Information Security 14 – 2.1. An information security policy 33 – 2.2. Data Privacy & Cloud Computing 39 – 2.3. Encryption 47 – 3. Computer security 51 – 3.1. NIST Cybersecurity Framework 77 – 4. Cybersecurity chain of trust; third party vendors 113 – 5. Ransomware 117 – 5.1. Exploit kits 132 – 6. Botnets 137 – 7. BIOS 139 – 7.1. Universal Extensible Firmware Interface (UEFI) 154– 8. Operating Systems 172 – 8.1. Microsoft Windows 197 – 8.2. macOS 236– 8.3. Open source operating system comparison 263 – 9. Firmware 273 – 10. Endpoint Security Buyers Guide 278 – 11. Glossaries & Acronym Dictionaries 11.1. Common Computer Abbreviations 282 – 11.2. BABEL 285 – 11.3. Information Technology Acronymns 291 – 11.4. Glossary of Operating System Terms 372 – 2 Cyber Security Primer Network outages, hacking, computer viruses, and similar incidents affect our lives in ways that range from inconvenient to life-threatening. As the number of mobile users, digital applications, and data networks increase, so do the opportunities for exploitation. Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs, and data from unintended or unauthorized access, change, or destruction.
    [Show full text]
  • The Bsds & Pkgsrc
    The BSDs & pkgsrc - Introductory fun for the whole family Featuring slides from a past life describing The BSD Family of Operating Systems Sevan Janiyan [email protected] @sevanjaniyan Berkeley CSRG 1977 - 1995 There are two main flavors of UNIX: one from AT&T ("original") and one from the University of California, Berkley ("extra crispy") FreeBSD handbook 1989 NetBSD Guide 2014 NetBSD Internals OpenBSD FAQ NetBSD IoT visionaries by targeting a Toaster VAX support veriexec ATF Unprivileged builds build.sh pkgsrc FreeBSD Moving towards free from GPL in base dummynet jails / VIMAGE geom ports bhyve Capsicum RISC-V support BERI - CheriBSD OpenBSD libc LibreSSL PF CARP ipsec.conf pledge vmm OpenSSH/SMTPD/BGPD/SPFD/HTTPD DragonFly BSD HAMMER Scaling on multi-cpu systems Clustered Filesystem Scheduler improvements LWKT (Light Weight Kernel Thread) / User Thread Scheduler vkernel swapcache RetroBSD LiteBSD Copycenter licensed The way it was characterized politically, you had copyright, which is what the big companies use to lock everything up; you had copyleft, which is free software's way of making sure they can't lock it up; and then Berkeley had what we called ‘copycenter’, which is ‘take it down to the copy center and make as many copies as you want.’ — Kirk McKusick, BSDCon 1999 NASA Android Network stack OpenBSD libc pkgsrc mksh Apple NetBSD & FreeBSD for Darwin PF Airport OS Juniper Toyota NetApp OpenBSD libraries? Force10 Sony Playstation …. Packaging Ports Started in FreeBSD circa 1994 NetBSD pkgsrc / OpenBSD ports adopted around 1997 DragonFly BSD Dports ~ 2012? pkgsrc platform support pkg_tools pkgng OpenBSD pkg_tools? FreeBSD - poudriere NetBSD pkgsrc - pbulk OpenBSD - dpb FreeBSD Porters Handbook NetBSD pkgsrc guide OpenBSD ports FAQ DragonFly BSD Howtodports Security Notification FreeBSD vuxml pkgsrc pkg-vulnerabilities.
    [Show full text]
  • From Roof to Basement - Netbsd Introduction & Status Report
    From roof to basement - NetBSD Introduction & Status Report - Hubert Feyrer <[email protected]> Contents ● What does NetBSD look like? ● So what is NetBSD? ● Introducing NetBSD: Some Applications & Products ● NetBSD 4 and beyond What does NetBSD look like? NetBSD looks like ... KDE NetBSD looks like ... GNOME NetBSD looks like ... XFCE NetBSD looks like ... Xen So what is NetBSD? NetBSD is ... ● A descendant of 4.4BSD Unix ● A “general purpose” Unix/Linux-like Open Source Operating System ● Not Linux – NetBSD has its own kernel and userland ● A small core system that can be adjusted for many purposes via pkgsrc: Desktop, Web and Database servers, Firewalls, ... ● Secure and Performant, of course! ● Focussed on multiplatform portability Features: Thousands of packages via pkgsrc Many areas of application One Operating System, 1 Source Modern & Vintage Hardware More than fifty Hardware Platforms Introducing NetBSD: Some Applications & Products NetBSD from roof to basement: On Air International Space Station, on-plane systems Roof WaveLAN routers, surveillance cameras, embedded boards Office Highspeed networking, desktop, Embedded development Entertainment Various game consoles and robots Basement Storage solutions, servers “Commodity” Networking: ● Various WLAN-Routers and Access-Points by Allied Telesis, IIJ/Root and Apple: ● Seclarity's SiNic Router-on-a-card ● Avocent KVM Switches ● Surveillance- and Webcams by SGI, Panasonic and Brains Inc. Embedded Boards: PowerPC, MIPS ● MIPS – NetBSD/evbmips ● Malta 4/5kc, Access Cube, AMD Alchemy, Atheros, Meraki Mini ● PowerPC – NetBSD/evbppc ● Virtex-4 ML403 FPGA, Motorola Walnut, Marvell, Plat'Home OpenBlockS Embedded boards: SH3/4, ARM ● Super-Hitachi - NetBSD/sh3 ● CqREEK, Computes 7709, KZ-SH4-01: ● ARM, StrongARM, Xscale – NetBSD/evbarm ● Mesa 4C81, Gumstix + peripherals, Technologic Systems' TS-7200, ..
    [Show full text]
  • The BSD Associate Study Guide the BSD Associate Study Guide: the Beginning BSD Unix Administration Book
    The Beginning BSD Unix Administration Book The BSD Associate Study Guide The BSD Associate Study Guide: The Beginning BSD Unix Administration Book November 24, 2011 Editor: Jeremy C. Reed Book Wiki: http://bsdwiki.reedmedia.net/ Copyright c 2006-2011 BSD Certification Group, Inc. Permission to use, copy, modify, and distribute this documentation for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE DOCUMENTATION IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WAR- RANTIES WITH REGARD TO THIS DOCUMENTATION INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN AC- TION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENTATION. NetBSD and pkgsrc are registered trademarks of the NetBSD Foundation, Inc. FreeBSD is a registered trademark of the FreeBSD Foundation. Contents Introduction vii 1 Installing and Upgrading the OS and Software 1 1.1 Recognize the installation program used by each operating system . 1 1.2 Recognize which commands are available for upgrading the operating system . 5 1.3 Understand the difference between a pre-compiled binary and compiling from source . 6 1.4 Understand when it is preferable to install a pre-compiled binary and how to do so . 7 1.5 Recognize the available methods for compiling a customized binary . 7 1.6 Determine what software is installed on a system .
    [Show full text]
  • Software Security
    Software security Aleksey Cheusov [email protected] Minsk, Belarus, 2012 Secure string functions ◮ strlcat, strlcpy (*BSD, Solaris, AltLinux, Cygwin, Interix) ◮ getline (POSIX 2008) ◮ snprintf (C99) ◮ scanf (%Ns) ◮ ... Stack smashing protection (SSP) ◮ Canary ◮ Available since gcc-4.1 (-fstack-protector, -fstack-protector-all) ◮ ”Base system” compiled with SSP: OpenBSD, NetBSD (partially), AltLinux... ◮ SSP always enabled in gcc: OpenBSD, AltLinux... (-fno-stack-protector) Address Space Layout Randomization (ASLR) ◮ Shared libraries ◮ Enabled: Hardened Gentoo, OpenBSD, AltLinux ... ◮ Disabled by default: NetBSD (sysctl, paxctl) ◮ Stack segment ◮ Enabled: Hardened Gentoo, OpenBSD, AltLinux ... ◮ Disabled by default: NetBSD (sysctl, paxctl) ◮ Data segment, mmap, PIC (Position Independent Executable) ◮ Enabled: Hardened Gentoo, OpenBSD ... “Chroot is not and never has been a security tool.” c Problems ◮ Unprivileged user: fchdir(2), ptrace(2), getcwd(3) ◮ Root: mknod(2), mount(8), chroot(2) . Solutions ◮ Unprivileged user: Hardened Gentoo, NetBSD ◮ Root: Hardened Gentoo, NetBSD (patch) Non-executable stack and heap (NX bit) ◮ PaX: Hardened Gentoo, NetBSD (original implementation) ◮ WˆX: OpenBSD ◮ Exec Shield: Linux kernel (patch), Fedora(?), RHEL(?) PaX MPROTECT ◮ Hardened Gentoo ◮ NetBSD (disabled y default, sysctl, paxctl) PaX Segvgard ◮ Hardened Gentoo ◮ NetBSD (disabled y default, sysctl, paxctl) Veriexec, a file integrity subsystem ◮ NetBSD Per-user directory for temporary files ◮ NetBSD (/tmp) ◮ AltLinux (/tmp/.private/$USER, tempnam(3) and
    [Show full text]
  • What's New in Netbsd in 2006 ?
    What’s new in NetBSD in 2006 ? Emmanuel Dreyfus October 24, 2006 Abstract NetBSD is known as a highly portable operating system, but its strengths are not limited to being available on many platforms. NetBSD goals also include security, performance, standards conformance and clean design. Development of innovative features also occurs. In this paper, we will have a look at the new features that have been integrated into NetBSD this year. 1 NetBSD in the news 1.1 Dead or irrelevant? Thanks to the numerous and valuable contributions from Slashdot’s anonymous coward, we are now all aware that *BSD is dying [1]. While the recurrent Slashdot troll gave us strong warnings about FreeBSD’s and OpenBSD’s imminent deaths for years, NetBSD was often omitted. Did that mean NetBSD was already dead? The EuroBSDCon 2005 social event was called "the night of the living dead", in reference to the Slashdot troll. That was an attractive point of view, since it implied that dead projects like the *BSD could be alive and kicking after all. Unfortunately, NetBSD did not show any sign of life that night, as it was even outperformed by DragonFly BSD at the beer drinking contest. The few people who still remembered an OS called NetBSD were still puzzled about the death of NetBSD: did it occur while nobody was watching? Fortunately, on the 30th of August 2006, one of the NetBSD project founders sent an insightful message to the netbsd-users@ netbsd.org mailing list [2]. In that message, Charles M. Hannum explained that NetBSD had increasingly become irrelevant.
    [Show full text]
  • Running-Daemons-Non-Root
    5/18/2019 Running daemons non-root Running daemons non-root Simon J. Gerraty Juniper Networks, Inc. 2019 Imagine something very witty here Agenda Introduction Daemons need privileges Approach Progress Further work Q&A Introduction Running daemons non-root was goal 20 years ago Hacking kernel always an option Modern FreeBSD offers better solutions Capabilities (Capsicum) Mandatory Access Control (MAC) Daemons need privileges open AF_UNIX sockets in protected dirs open raw sockets bind reserved ports set fib (routing instance) read[/write] routing socket set sysctl values tweak rlimits configure devices read/write /dev/mem file:///Users/sjg/work/rst/talks/obj/run-daemons-non-root-slides.htm 1/8 5/18/2019 Running daemons non-root CLI needs privileges too setuid open MGD managemnt socket run ping, traceroute with restricted options careful to drop privs when not needed raising privs controlled by MGD (uses fine grained permissions control) better if simply run as user ? possibly safer to remain setuid for opening managemnt socket then permanently drop privs Goal run daemons as unprivileged user minimize collateral damage from bugs and exploits use of Verified Exec mitigates local exploits allow controlled and specific privilege escalation just enough to do the operations needed allow gradual transition potentially one daemon at a time many filesystem related privileges could be addressed by redesign subdir of /var/run/ with group write permissions makes transition more disruptive Hack the kernel? simple (for some value of simple) if brutal Cheswick
    [Show full text]
  • The Netbsd Guide
    The NetBSD Guide (2021/05/08) The NetBSD Developers The NetBSD Guide by The NetBSD Developers Published 2021/05/08 12:08:23 Copyright © 1999, 2000, 2001, 2002 Federico Lupi Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 The NetBSD Foundation All brand and product names used in this guide are or may be trademarks or registered trademarks of their respective owners. NetBSD® is a registered trademark of The NetBSD Foundation, Inc. Table of Contents Purpose of this guide............................................................................................................................ xvii I. About NetBSD.................................................................................................................................. xviii 1 What is NetBSD?............................................................................................................................1 1.1 The story of NetBSD..........................................................................................................1 1.2 NetBSD features.................................................................................................................1 1.3 Supported platforms...........................................................................................................2 1.4 NetBSD’s target users.........................................................................................................2 1.5 Applications for NetBSD...................................................................................................2
    [Show full text]
  • The Netbsd Guide
    The NetBSD Guide (2008/02/19) The NetBSD Developers The NetBSD Guide by The NetBSD Developers Published 2008/02/19 18:52:52 Copyright © 1999, 2000, 2001, 2002 Federico Lupi Copyright © 2003, 2004, 2005, 2006, 2007, 2008 The NetBSD Foundation All brand and product names used in this guide are or may be trademarks or registered trademarks of their respective owners. NetBSD® is a registered trademark of The NetBSD Foundation, Inc. Table of Contents Purpose of this guide ............................................................................................................................ xvii I. About NetBSD .................................................................................................................................. xviii 1 What is NetBSD? ............................................................................................................................1 1.1 The story of NetBSD..........................................................................................................1 1.2 NetBSD features.................................................................................................................1 1.3 Supported platforms ...........................................................................................................2 1.4 NetBSD’s target users.........................................................................................................2 1.5 Applications for NetBSD ...................................................................................................2 1.6
    [Show full text]