View Single Post

Recommended for: folks who've had experience with any general *nix
Targeted Role: Network infrastructure (firewall, gateway), and server (can be used a desktop too, but not by most average *nix users)

General Description:
OpenBSD, contrary to what its name implies, is a tightly built, secure from install, NetBSD based operating system. Its built from the ground up with security in mind, and in its history, I beleive that it has only had one remotely exploitable vulnerability. This operating system is the home of pf, a powerful general purpose stateful packet filter, and OpenSSH, the SSH package that everyone knows and loves. Because of this, its an excellent OS for use in firewall, gateway and other network infrastructure setups. I cannot argue whether or not pf is better than Linux's iptables, however what can be said is that it can definitely be used to create very articulate firewall behavior, and provide excellent address translation services (NAT, BiDirectional NAT and port redirection).

Software Management:
OpenBSD has 2 principal methods of software management:
  • You can install OpenBSD's native software using pkg utlities. The pkg_[add/delete/info/etc/] utlities allow you to manage software that was built specifically for OpenBSD. A lot of this software is audited by the OpenBSD team, so you can be sort of assured that the software being installed through this method is about as secure as the OS is. (well, not all the time, by mostly)
  • The second method is through ports. Using the ports system, you can install software that wasn't natively designed for OpenBSD. OpenBSD's ports borrows a lot from FreeBSD, so you'll find a whole assload of software available there. The ports system are installed and managed using make. Theres no garuntees for software built and installed from ports, as its software which has been "imported" from elsewhere, and isn't natively OpenBSD's.

This is the best part.

If you're an experience *nix user, installation is SUPER SIMPLE.
I just upgraded my OpenBSD box to the latest version today, and it took me less than 10 minutes. Actual installation from square one takes only slightly longer, and thats cause the hardest part is just setting up your disk slices***. Seriously, the whole of OpenBSD installation fits on ONE FLOPPY. (There are three, but really, you're mainly using just the 1st one) If your machine is hooked up to the Internet, you can start the installation of that floppy, and then bring in the gzipped tar files over the net. The entire size of the system isn't that big either. ALL tar files required to set up an OpenBSD system with ALL options enabled for intallation (X server, etc.) weighs LESS THAN 150 megabytes. The installer is capable of pulling the files over HTTP, FTP, off a partition or a CDROM, your choice. And mind you, this is all off a single floppy.

OpenBSD's installer doesn't get the praise it deserves, and I think that needs to be remedied.

Granted, the system doesn't come with as much software as a typical Linux's default isntall, but for a server or firewall system, you're aren't looking for that in the first place.

***: clarification: BSDs use the concept of disk slices. Think of them as partitions within a partition. One would create a BSD partition, then use BSD's disklabel to create disk slices within that partition. Filesystems are then assigned to these slices in fstab the way you'd assign them to partitions in Linux.

Last edited by Tekronis; 08-27-2005 at 06:37 PM..
Old 08-27-2005, 06:31 PM Tekronis is offline  
Reply With Quote