Issue 242
Published July 23, 2025

WordPress on FreeBSD with BastilleBSD and more.

Releases

No releases.

BSDSec

No security announcements. As always, it’s worth following BSDSec. RSS feed available.

News

Valuable News Summary for 2025/07/21: The “Valuable News” weekly series provides a summary of news and articles related to UNIX/BSD/Linux systems. This edition includes various topics such as the capabilities of FreeBSD, installation guides for software like Forgejo and Gitea, and discussions on significant bugs and their impacts.

BSD Now 620: Postmortem for jemalloc: The Server That Wasn’t Meant to Exist, ZFS Performance Tuning – Optimizing for your Workload, what would a multi-user web server look like, That Grumpy BSD Guy: A Short Reading List, rsync’s defaults are not always enough, jemalloc Postmortem, and more.

Tutorials

WordPress on FreeBSD with BastilleBSD: A Secure Alternative: The article provides a comprehensive guide on setting up WordPress on FreeBSD using BastilleBSD as a secure alternative to Linux/Docker. It highlights the security and performance benefits of using FreeBSD and BastilleBSD for managing jails. The guide covers the installation and configuration of BastilleBSD, creation of jails for Apache, PHP, and MariaDB, and the setup of WordPress. It also includes steps for configuring IPv6, setting up a dedicated dataset for WordPress using ZFS, and securing the setup with HTTPS using certbot. The article emphasizes the advantages of using FreeBSD’s jail separation and ZFS versatility for better management and security.

FreeBSD PKGBASE pkgbasify(8) Tool Explained: The article discusses the PKGBASE concept, which is the future of packaging the FreeBSD Base system, already implemented in the upcoming 15.0-RELEASE version. Users can choose between the classic installation method or the PKGBASE way during the bsdinstall(8) stage. The PKGBASE is well-documented, and users can run a Personal FreeBSD PKGBASE Update Server. The FreeBSD Foundation sponsors the pkgbasify(8) tool, which converts FreeBSD 14.x or 15.x installations into a PKGBASE install. The process involves downloading the tool, making it executable, and running it, with the option to create a ZFS Boot Environment backup. The article also covers the upgrade process of the PKGBASE Base System and a test comparing a fresh PKGBASE install with a converted one. It notes that the shar(1) command is deprecated and provides a link to a repository for those who still need it. The article concludes by encouraging readers to share their thoughts.

OpenBSD Immutable Logging with chflags: The article discusses implementing immutable logging on OpenBSD to meet ISO 27001 compliance requirements. It explains how OpenBSD’s default logging system works and its vulnerabilities to tampering, especially by root users. The solution involves using OpenBSD’s chflags command to set system-level immutability flags (sappnd and schg) on log files. The implementation includes disabling automatic log rotation, creating a log archive directory, setting append-only flags on active logs, and creating a securelevel script to manage log rotation during boot. This approach ensures that even root users cannot modify or delete logs without rebooting into single-user mode, providing strong protection against log tampering while meeting forensic integrity requirements.

Setting Up Mullvad VPN on OpenBSD via WireGuard: The guide explains how to set up Mullvad VPN on OpenBSD using WireGuard, emphasizing Mullvad’s commitment to privacy. It details the installation and configuration of WireGuard, including generating a configuration file from Mullvad’s website. The process involves creating a configuration file, starting the WireGuard connection, and verifying its functionality. The guide assumes prior account setup with Mullvad and provides commands for both activating and deactivating the VPN connection. The summary highlights the steps and considerations for a more private browsing experience.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!

Become a Sponsor! Become a Patron!

We won't spam you. Unsubscribe any time.