FreeBSD is just plain old good UNIX with rock solid networking stack. It is quite popular amongst hosting companies, ISPs, portals (such as Yahoo) and a few large financial institutions because of its reliability, robustness and performance.
A new version of the FreeBSD is scheduled for release next week (4-May-2009). A beta 2 was made available for download few weeks ago for final round of testing before the official launch.
The new version 7.2 includes some useful improvements, stability, multiple IPv4 / IPv6 for jails (OS level virtualization that allows root to partition a FreeBSD-based computer system into several independent mini-systems), and much more.
FreeBSD jails are perfect for virtual hosting environments. It offers the following benefits
- Security - Each jail has its own process, users and account. No one can escape jail, thus providing an additional level of security. Usually, you need to setup jail for web server, mail server and database server.
- Ease of management - root can painlessly delegate several tasks (such as web or proxy or mail server) which require superuser access without handing out complete control over the system.
Multiple IP address for jail
FreeBSD 7.2 includes Multi-IPv4/v6/no-IP support patch written by Bjoern A. Zeeb. It is even possible to have jails without an IP address at all, which basically gives one a chrooted environment with restricted process view and no networking.
# jls -v
JID Hostname Path Name State CPUSetID IP Address(es) 6 mail.nixcraft.net /jails/mail.nixcraft.net ALIVE 5 10.24.55.106 126.96.36.199 2607:f0d0:3001:9::4
See how to configure multiple IPs with jail.
SCTP with IPv6 in jails has been implemented. The SCTP protocol provides reliable, flow-controlled, two-way transmission of data. SCTP provides a few benefits over TCP (quoting from the Wikipedia):
- TCP is relatively vulnerable to denial-of-service attacks, such as SYN attacks.
- TCP provides both reliable data transfer and strict order-of-transmission delivery of data. Some applications need reliable transfer without sequence maintenance, while others would be satisfied with partial ordering of the data. In both of these cases, the head-of-line blocking offered by TCP causes unnecessary delay.
- The stream-oriented nature of TCP is often an inconvenience. Applications must add their own record marking to delineate their messages, and must make explicit use of the push facility to ensure that a complete message is transferred in a reasonable time.
- The limited scope of TCP sockets complicates the task of providing highly-available data transfer capability using multi-homed hosts.
- See sctp(4) man page for further details.
32bit Compatibility with 64bit jails
Compatibility support which permits 32-bit jail binaries to be used on 64-bit systems to manage jails has been added.
BIND / Named Updated
ISC BIND has been updated to version 9.4.3-P2. The timezone database has been updated from the tzdata2008h release to the tzdata2009f release.
FreeBSD Desktop Environment
KDE is a powerful Free Software graphical desktop environment for Linux and Unix workstations. The supported version of the KDE desktop environment has been updated from 3.5.10 (x11/kde3) to 4.2.2 (x11/kde4). The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.22 to 2.26.
Hardware and Userland Support
The FreeBSD 7.2 now supports Ultra SPARC III (Cheetah) processor family. The agp driver now supports Intel G4X series graphics chipsets. Support for AMD/ATI r500, r600, r700, and IGP based chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been improved. The snd_hda driver has been updated. This changes include support for multiple codec per HDA bus, multiple functional groups per codec, multiple audio devices per functional group, digital (SPDIF/HDMI) audio input/output, suspend/resume, and part of multichannel audio.
The BTX boot loader program improved and now supports 4-byte volume ID that certain versions of Windows put into the MBR and invoking PXE by pressing F6 key on some supported BIOSes.
Many userland tools are updated. The du utility now supports an -l flag (counts a file with multiple hard links as multiple different files), an -A flag (display the apparent size instead of the disk usage) and a -B blocksize option to calculate block counts in blocks of blocksize bytes. This is different from the -k or -m options or setting BLOCKSIZE and gives an estimate of how much space the examined file hierarchy would require on a file system with the given blocksize.
The FreeBSD kernel virtual address space has been increased to 6GB. This allows subsystems to use larger virtual memory space than before. For example, zfs adaptive replacement cache (ARC) requires large kernel memory space to cache file system data, so it benefits from the increased address space. Note that the ceiling on the kernel map size is now 60% of the size rather than an absolute quantity.
Binary upgrades of i386 and amd64 systems
Make sure you run upgrade commands after backing up all data and configuration files. Systems running 7.0-RELEASE, 7.1-RELEASE, 7.2-BETA1, 7.2-RC1, 7.2RC2 can upgrade as follows (note: the procedure for doing source code based update is described here) :
# freebsd-update upgrade -r 7.2-RELEASE
You may ask to help by merging some configuration files or by confirming that the automatically performed merging was done correctly.
# freebsd-update install
Finally, you must reboot the system
# shutdown -r now
After rebooting, freebsd-update needs to be run again to install the new userland components:
# freebsd-update install
# shutdown -r now
Verify that is everything working fine, go though logs and make sure desired ports are opened:
# tail -f /var/log/messages
# tail -f /var/log/app.log
# sockstat -4
# jls -v
After reboot, just upgrade installed applications via FreeBSD ports system (note portmaster is not in the base system, you need to install it via /usr/ports/ports-mgmt/portmaster/):
# portsnap fetch update
# pkg_version -vl '<'
# portmaster -a
This release improves on the functionality of FreeBSD 7.1 and introduces often requested new features in jail. There is also support for fully transparent use of superpages for application memory. Overall, I'm pretty much impressed with new jail feature.
For more details about the release , refer to the official announcement on the FreeBSD mailing list. You can download the installation images from the FreeBSD mirrors (main FTP site) or via BitTorrent.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop