PaulBSD August ‘22 updates

After 2 years with no news, there was time to deliver some news and updates about PaulBSD platform and software.

Infrastructure machines

Starting in late 2020, instances in Scaleway were migrated to the Contabo which is a german hosting service based in Nurnberg, DE for its primary site and in the US. It delivers for PaulBSD a reliable instance (now 2 years without any downtime) for a relatively low price:

• 6 CPU threads
• 16GB RAM
• 400GB SSD backed storage
• 400Mbps unmetered bandwidth For only 10,79 euros per mo

New programming language

As of 2021, rust-lang software was written. As some projets that were made using this language we can list some of these:

• ipblc: a proactive defence system like fail2ban, with a clustered message queuing technique to live update nftables based firewalls blocklist across all client agents. It works with the Go written software ipbl (server part). See above for more details.
• zabbixlaunch: a tool used to have a monitoring dashboard on novation launchpad mini. It works on recent problems on zabbix using its API.
• some challenges on https://root-me.org and https://www.newbiecontest.org/
• and some internal software

Golang and Rust are privileged at PaulBSD as programming languages for internal software, keeping Python for SaltStack modules and small quick and dirty scripts.

ipblc

As mentioned previously, ipblc is new security software designed to run in clustered mode with a server. Some of it’s features are the following :

• Designed for high-performance and a very small CPU / memory footprint.
• inotify based logfiles changes detector
• Multi-threading (a thread is parsing files while, an another thread receives to data from the message queing channel, and the last thread communicates to the firewall running on the host)
• ZMQ Message queing for communication between (REQ/REP mode from client to server to send ip, PUB/SUB for broadcast ip blocking to all ipblc agents)

See https://git.paulbsd.com/paulbsd/ipblc for more information and source code. As always for public sources from PaulBSD, the source code is under two-clause BSD License.

Continuous evolution

Public scope:

• https://git.paulbsd.com/paulbsd/paulbsd-salt: A plenty of SaltStack states for internal use.
• https://grafana.paulbsd.com: new public dashboard like ip-abuses (based on ipbl/ipblc IP collectors), with the legacy coronafana and fuel prices
• https://paste.paulbsd.com: a pastebin-like service for sharing data between users, docker based instance, deployed using saltstack.

Internal scope:

• A docker registry as been added on a new docker host has been provisioned in PaulBSD datacenter in Caen
• A caching proxy for APT software has been installed and is used / replicated across PaulBSD regions. It’s designed to keep deb packages on a local machines for each PaulBSD sites, and limit external bandwidth for already downloaded packages

Future

Some of these aspects will be the next focus for PaulBSD

• More clusterisable components of the platform, such use of clustered database systems with PostgreSQL and MariaDB, website, applications, etc.
• New software with centralised and network available configurations, with distributed aspect inside. Maybe more on etcd and related software.
• A management panel for many components, with HTML5 / vanilla JS for frontend and a Go or Rust written backend API service.
• Maybe a peertube based video service soon

Made with fun, again !