Tested on HardenedBSD 12

Installing ClonOS on HardenedBSD

From the official website:

ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management.

It adds a Host plataform, in this case, it will be HardenedBSD, bhyve, jails, cbsd, Puppet among others.

You can learn more in the webpage of the project.

Ok, let’s start.

Perform an update on your HardenedBSD system, if available:

# hbsd-update

Update your packages:

# pkg update

# pkg upgrade

Download or update your ports:

# git clone --single-branch --branch master https://github.com/hardenedbsd/hardenedbsd-ports/ /usr/ports/

Install the following packages:

# pkg install -y net/libvncserver security/gnutls databases/sqlite3 shells/bash www/npm \ www/nginx sysutils/py-supervisor sysutils/cbsd security/ca_root_nss \ www/node security/sudo databases/sqlite3 net/beanstalkd devel/git devel/pkgconf www/nginx \ lang/php72 www/php72-session archivers/php72-zip databases/php72-sqlite3 databases/php72-pdo_sqlite \ www/php72-opcache devel/php72-json security/php72-hash lang/go

Disable the following using hbsdcontrol:

# hbsdcontrol pax disable pageexec /usr/local/bin/node

# hbsdcontrol pax disable mprotect /usr/local/bin/node

# hbsdcontrol pax disable pageexec /usr/local/sbin/php-fpm

# hbsdcontrol pax disable mprotect /usr/local/sbin/php-fpm

# hbsdcontrol pax disable segvguard /usr/local/sbin/php-fpm

# hbsdcontrol pax disable pageexec /usr/local/bin/php

# hbsdcontrol pax disable mprotect /usr/local/bin/php

# hbsdcontrol pax disable segvguard /usr/local/bin/php

From here we will follow the same procedure for FreeBSD. Continue from the Checkout ClonOS ports tree: part. (I want to avoid copying and pasting the whole stuff)

Please refer here for the rest of the Tutorial

Now you have a Hardened ClonOS!

Disclaimer: This just covers the successful installation of ClonOS under HardenedBSD. I haven’t used it to create VMs and other stuff.

Thanks to the guys of BSD-VPS.cloud for providing the test VPS.