Guide to Unix/BSD/OpenBSD

From Wikibooks, open books for an open world
< Guide to Unix‎ | BSD
Jump to: navigation, search

This module contains information that is specific to OpenBSD.

Background[edit]

OpenBSD calls itself the "multi-platform, ultra-secure operating system". The OpenBSD team believes in strong security and code correctness. The OpenBSD team has a between six and twelve developers working on finding bugs and security holes in the system. OpenBSD also strives to be secure by default, meaning that the user does not have to be a security expert to secure the system. The OpenBSD project normally makes a new version every six months.

OpenBSD is known for having strict rules regarding bugs. Such as an application, not having a manual is considered a bug and therefore the application will not be included in the port (or package) tree. These rules are also included in the operating system. Should an application pose a security risk OpenBSD will kill the process on the spot. If there is a bug, and it is announced on the mailing list, then the OpenBSD team will come out with a patch in a matter of days. OpenBSD has only had two remotly exploitable bugs (both were in ssh and soon there afterwards patched), after a default install (with no additional services turned on) in over 10 years.

Notable Security Features[edit]

  • strlcpy() and strlcat()
  • Memory protection purify
  • W^X
  • .rodata segment
  • Guard pages
  • Randomized malloc()
  • Randomized mmap()
  • atexit() and stdio protection
  • Privilege separation
  • Privilege revocation
  • Chroot jailing
  • New uids
  • ProPolice

Installation[edit]

Main page: Guide to Unix/BSD/OpenBSD/OpenBSD Installation

OpenBSD has a easy although non-graphical installer.

Customization[edit]

Main page: Guide to Unix/BSD/OpenBSD/Customize Installation

You can change the default configuration files and install additional packages, by creating your own custom iso file.

As a firewall[edit]

Main page: Guide to Unix/BSD/OpenBSD/As a Firewall

OpenBSD uses pf ("packet filter") as a firewall. Though the authors originally contributed pf to OpenBSD, because it is free, other operating systems are including pf.

As a webserver[edit]

Main page: Guide to Unix/BSD/OpenBSD/As a Webserver

As of OpenBSD 5.6, OpenBSD ships with its own webserver, httpd(8). Apache, nginx and other webservers are available from ports.

As a desktop[edit]

Main page: Guide to Unix/BSD/OpenBSD/As a Desktop

Despite is reputation for being only for servers OpenBSD can also serve as a great workstation/desktop. OpenBSD uses pkg_add as their binary package management system. The pkg_add automatically resolves dependencies. If you get the packages from ftp, pkg_add is able to resolve all of the dependencies for you. Some of the desktop related packages in the binary package system include: KDE (3.5), Xfce, Gnome, fluxbox, blackbox, and e16. Many other packages are available through the port system which also resolves and compiles the dependencies for you.

References[edit]