EuroBSDcon 2024
EuroBSDcon was fantastic, as always :-) I talked to many interesting people during the four days about sudo and syslog-ng, and of course also about many other topics. I gave a sudo tutorial, and it went well, with some “students” already planning which features to implement at home. There were many good talks, including one from Dr. Marshall Kirk McKusick, who was with the FreeBSD project right from the beginning, and worked on BSD even earlier. The weather was also good to us, so I could look around in Dublin for a bit.
EuroBSDcon 2024
sudo
The first two days of the conference were tutorials. I gave a sudo tutorial, which was well received: https://events.eurobsdcon.org/2024/talk/FLCHU3/. Luckily my audience was very active: I got many good questions. They did not really know most of the advanced sudo features. As usual, I also received feature requests while giving my sudo tutorial. I forwarded those to Todd Miller, maintainer of sudo.
At the end of my tutorial I asked my audience, which sudo features they plan to implement on their network, when they get back to the office. These were the top 3:
- sub-command logging
- central session recording
- using the Audit API from Python
During the conference I received many questions asking why I delivered a sudo tutorial if I was wearing a syslog-ng shirt :-) In short: Todd Miller, maintainer of sudo, was my colleague for a couple of years. I quickly learned that sudo is a lot more than just a prefix, and started writing and talking about it: https://peter.czanik.hu/posts/on_teaching_sudo/
Another returning question was comparing sudo with sudo replacements. The reason is quite simple: most people are not aware of the features sudo provides. As soon as I mention some of the enterprise focused features, like session recording, central management through LDAP, plugin support, and others, suddenly they understand the difference. Replacements are good in single user environments, however only sudo includes features for enterprise environments.
syslog-ng
During the conference I wore syslog-ng t-shirts. First of all: I do not have any sudo t-shirts, but dozens of syslog-ng t-shirts :-) And also, because I work on syslog-ng both as my job, and as the maintainer of the syslog-ng port in FreeBSD. I handed out many syslog-ng stickers too. There are many active syslog-ng users among FreeBSD users and developers. They use syslog-ng on FreeBSD in very diverse environments: collecting jail logs, in various appliances, bank security, telecommunications, and others. I am always happy to hear some positive feedback, and here I received many!
Sometimes I even felt, as if I was a kind of celebrity. People knew my name, and came to me to talk a bit after following me on Twitter / LinkedIn / Mastodon for years. They were very happy to learn that MacOS / FreeBSD receives now some extra care (see: https://www.syslog-ng.com/community/b/blog/posts/version-4-8-0-of-syslog-ng-improves-freebsd-and-macos-support)
During the conference I also received a feature request for syslog-ng: a new source to collect FreeBSD audit logs. This is how I learned that FreeBSD also has audit logs :-) Implementing something in C would be time consuming, and there is no ETA for that right now. Luckily syslog-ng also has a program() source. For that I could put together a working configuration over the lunch break of the conference. Of course it still has some rough edges, like ugly error messages, unnecessary quotation marks, etc, but it’s a good start. Here is a sample output:
{
"fbaudit": {
"record": {
"text": "\"successful login root\"",
"subject": {
"_uidit-uid": "root",
"_tiddt-uid": "46906172.16.167.1",
"_siddt-uid": "909",
"_ruidt-uid": "root",
"_rgidt-uid": "wheel",
"_piddt-uid": "909",
"_gidit-uid": "wheel",
"_audit-uid": "root"
},
"return": {
"_retval": "0",
"_errval": "success"
},
"_version": "11",
"_timefier": "\"Sun Sep 22 15:36:46 2024\"",
"_msecfier": "\" + 770 msec\"",
"_modifier": "0",
"_eventon": "\"OpenSSH login\""
}
},
"TRANSPORT": "local+program",
"SOURCE": "s_fbaudit_xml",
"PRIORITY": "notice",
"MSGFORMAT": "raw",
"MESSAGE": "<record version=\"11\" event=\"OpenSSH login\" modifier=\"0\" time=\"Sun Sep 22 15:36:46 2024\" msec=\" + 770 msec\" ><subject audit-uid=\"root\" uid=\"root\" gid=\"wheel\" ruid=\"root\" rgid=\"wheel\" pid=\"909\" sid=\"909\" tid=\"46906172.16.167.1\" /><text>successful login root</text><return errval=\"success\" retval=\"0\" /></record>",
"HOST_FROM": "fb14",
"HOST": "fb14",
"FACILITY": "user",
"DATE": "Sep 22 17:45:39"
}
The conference
The conference was intense. Two days of tutorials co-located with the FreeBSD developer summit, and two days of talks. I delivered my sudo tutorial on the first day, and went back to my hotel quickly to rest a bit. I was completely exhausted from talking three hours straight. Then met up with some fellow Hungarians and FreeBSD developers for a beer that night. The next day I participated the developer summit, where I listened to interesting talks and discussions. In the late afternoon I walked around in Dublin.
The “real” conference happened on the third and fourth days. There were three parallel tracks, sometimes it was really difficult to choose where to go :-) There was a coffee break before each talk, which ensured that no matter how tired we were, we stayed awake :-) And of course it also gave us the possibility of networking. Lots of good discussions. It is difficult to pick highlights from the talks, all were great. My absolute favorite was given by Dr. Marshall Kirk McKusick: FreeBSD at 30 Years: Its Secrets to Success. It looked back at the history of the FreeBSD project and also shared some interesting statistics. I also learned about WifiBox, the latest news about FreeBSD RC scripts, or how to build an AI powered house. For a complete list of talks and tutorials, check the schedule.
Summary
I hope to see you next year in Zagreb at EuroBSDcon 2025 :-)