Index


Overview

The Spectre and Meltdown security vulnerabilities do not target the Statseeker product, rather they target the underlying operating system (OS) and hardware. As such the fixes for these issues were produced by the OS developers, Statseeker is simply including their fixes with the version of FreeBSD that is bundled with Statseeker. For more information on this issue, refer to the FreeBSD website (https://www.freebsd.org/).

[top]

Requirements

The version of FreeBSD which contains the fixes was distributed with Statseeker v5.4.2. In order to enable these fixes your Statseeker server must be v5.4.2 or higher.

[top]

Enable\Disable the Meltdown Fix

The Meltdown fix should be enabled by default on all Statseeker v5.4.2 (and above) servers. To check if the Meltdown fix is enabled on your Statseeker server:

  • SSH to the Statseeker server
  • Check the current state of the Meltdown fix with the following command
$ sysctl -a | grep pmap.pti

The response will contain the reference:

vm.pmap.pti:{value}

with a value of 1, indicating that the fix is enabled, and 0 indicating that it is not enabled.

You can alter the current state of the fix by:

  • Modifying /boot/loader.conf
  • Add a line for vm.pmap.pti: setting the value of 1 to enable, 0 to disable
  • Reboot your Statseeker server

[top]

Enable\Disable the Spectre Fix

To check if the Spectre fix is enabled on your Statseeker server:

  • SSH to the Statseeker server
  • Check the current state of the Spectre fix with the following command
$ sysctl hw.ibrs_active

The response will contain the reference:

hw.ibrs_active:{value}

with a value of 1, indicating that the fix is enabled, and 0 indicating that it is not enabled.

You can alter the current state of the fix by:

  • Modifying /boot/loader.conf
  • Add a line for hw.ibrs_active: setting the value of 1 to enable, 0 to disable
  • Reboot your Statseeker server
Note: if the process of enabling the Spectre fix fails, it may indicate that your server CPU does not have the required microcode to support the fix. Refer to the CPU manufacturers’ website for advice on how to acquire and apply this microcode.

[top]