[tor-relays] Help with FreeBSD relays
xplato at protonmail.com
Wed Mar 31 20:49:38 UTC 2021
I looked at HardenedBSD and have actually moved to a different VPS so that can I use HBSD. FreeBSD was the only option I had at the time but both instances crashed repeatedly and it got so frustrating that I gave up on FreeBSD. I will give HardenedBSD a go.
Sent from ProtonMail for iOS
On Wed, Mar 31, 2021 at 10:12 AM, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> On Wed, Mar 31, 2021 at 01:09:45PM +0200, René Ladan wrote:
>> On 30-03-2021 15:47, Shawn Webb wrote:
>> > On Tue, Mar 30, 2021 at 02:36:36AM +0000, xplato wrote:
>> > > Greetings,
>> > >
>> > > I am a bit of a noob here so please bear with me. I ran a relay using Ubuntu with very few issues however I decide to add an additional relay and decided to use FreeBSD. They will only run for around 18 hours and then they shut down. I have adjust the torrc file every way I know how and increased the Max vnodes thinking this may have been my issue. I can post the sysrc and torrc if needed. Anyone that might help me figure this out I would be grateful otherwise I am going to reluctantly move them both back to Ubuntu.
>> > Emerald Onion runs over twenty Tor exit nodes on HardenedBSD 12 and
>> > 13. Given Tor's need for security, you might want to consider using
>> > HardenedBSD, a derivative of FreeBSD that implements exploit
>> > mitigations and security hardening technologies. FreeBSD's state of
>> > security leaves much to be desired. Tor's relay operators and users
>> > really should at least have exploit mitigations like ASLR and W^X
>> > applied.
>> But it won't fix the problem at hand, unless memory management in
>> HardenedBSD is different than in FreeBSD.
> Memory management is indeed different in HardenedBSD than in FreeBSD.
> HardenedBSD implemented a clean-room version of grsecurity's PaX ASLR.
> FreeBSD's version of ASLR, more appropriately called ASR, has known
> issues. HardenedBSD's does not.
> Shawn Webb
> Cofounder / Security Engineer
> tor-relays mailing list
> tor-relays at lists.torproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-relays