Secure Architectures with OpenBSD

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 95%)
Other sellers (Paperback)
  • All (12) from $1.99   
  • New (5) from $16.00   
  • Used (7) from $1.99   

Overview

"This book works in tandem with the OpenBSD's manual pages. As a result, it will help many users grow and get the most from the system."—Theo de Raadt, OpenBSD project leader.

"The OpenBSD system intimidates many administrators who would benefit from using it. This book lets people start much higher up on the curve. Secure Architectures with OpenBSD not only presents the hows, but also shows some of the whys that only insiders know."Mike Frantzen, NFR Security

"Secure Architectures with OpenBSD explains all of the tasks an administrator has to know about to successfully maintain an OpenBSD server. It helps the reader save time by condensing the vast amount of information available in man pages into a compact form, reducing unneeded information, and explaining other things in much more detail and prose than a man page can afford."Daniel Hartmeier, the OpenBSD Project

"This book will become the de facto text for OpenBSD administration. Unix and BSD books abound, but none cover OpenBSD with the clarity and expertise of Palmer and Nazario. They explain the optimal way to configure and administer your OpenBSD machines, with a keen eye to security at all stages."Brian Hatch, coauthor of Hacking Exposed Linux and Building Linux Virtual Private Networks

Descended from BSD, OpenBSD is a popular choice for those who demand stability and security from their operating system. No code goes into OpenBSD without first undergoing a rigorous security check, making it a terrific choice for Web servers, VPNs, and firewalls.

Secure Architectures with OpenBSD is the insider's guide to building secure systems using OpenBSD. Written by Brandon Palmer and Jose Nazario, this book is a how-to for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system.

After getting readers started with OpenBSD, the authors explain system configuration and administration, then explore more exotic hardware and advanced topics. Every chapter of the book addresses the issue of security because security is integrated into almost every facet of OpenBSD. Examples appear throughout the book, and the authors provide source code and system details unavailable anywhere else. This goes well beyond the basics and gives readers information they will need long after they have installed the system.

Key topic coverage includes:

  • Installation and upgrade details
  • Basic system usage in OpenBSD versus other Unix systems
  • Third-party software via packages and the ports tree
  • SMTP services in OpenBSD
  • Web services with Apache
  • Using OpenBSD as a firewall
  • OpenBSD as a Kerberos V client and server
  • Use of Ipsec
  • Configuration and use of IPv6
  • Network intrusion detection

Secure Architectures with OpenBSD takes you inside OpenBSD, giving you the insights and expertise no system manual can provide. The companion Web site tracks advances and changes made to the operating system, and it contains updates to the book and working code samples.

Read More Show Less

Editorial Reviews

From The Critics
Slashdot.org
One nice feature of this book is that its authors refer to Linux equivalents where appropriate, e.g., in terms of configuration and system file locations and names. This makes it an ideal text for a Linux sysadmin who wants to take OpenBSD for a test drive on the public network. Two chapters covering the OpenBSD packet filter (pf) and IPSec are the gems of this text and even advanced Linux users will likely benefit from alternative approaches to solving the same problems in the alternate universe of a different operating system.
Read More Show Less

Product Details

  • ISBN-13: 9780321193667
  • Publisher: Addison-Wesley
  • Publication date: 4/2/2004
  • Pages: 544
  • Sales rank: 1,426,658
  • Product dimensions: 6.80 (w) x 9.10 (h) x 1.20 (d)

Meet the Author

Brandon Palmer is a member of Crimelabs Security Research Group, a think tank and consulting firm, and has performed security audits and penetration testing for networks and systems.

Jose Nazario is a senior software engineer at Arbor Networks, an Internet security company. As a member of the OpenBSD project, he has written ports, made bug notes, and contributed to the code. Jose also runs the community forum at www.deadly.org and serves as a consultant and researcher at Crimelabs Security Research Group.

Read More Show Less

Read an Excerpt

Chapter 1: Introduction

The OpenBSD operating system (OS) is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OS is well designed for both workstation and server use. OpenBSD supports many mainstream applications and also offers great hardware support. Because OpenBSD doesn't face many of the business pressures to increase sales and employ trendy gimmicks that Linux and other BSD systems have to deal with, it is able to be designed on technical merit. This means that while the system works very well, it isn't targeted at the user who wants to be able to "point and click" and not read the documentation. This book is written to help new users understand the features of the OpenBSD system and to give more seasoned users the education to fully exploit all that OpenBSD has to offer.

OpenBSD came into existence on October 18, 1995, at 08:37 when Theo de Raadt committed the first branch into the CVS server from the NetBSD tree. The first release, OpenBSD2.0, became available in autumn 1996. Release dates have been every six months since then, with the most recent version, 3.4, being released on November 1, 2003.

There are no firm numbers on a user base for OpenBSD. Even though CD sales could give an estimate, CDs are used to install only some systems. A huge number of installations are done over the Internet. The user base is, however, "pretty incredible," says Theo.

1.1 What Will This Book Cover?

This book will cover the hardware that most users will be faced with, and some notes about other hardware they may not encounter. The i386 architecture is used for most of the examples as that is where most users first encounter it. Note, however, that OpenBSD works almost the same on all architectures.

The book is broken down into the following sections:

  • Introduction This chapter.
  • Overview of OpenBSD A quick overview of what OpenBSD is and some of its main features.
  • Installation A walkthrough of an installation detailing what various options mean, why one should make certain decisions, and what's really happening in the background. This up-to-date discussion applies specifically to the OpenBSD 3.4 installation, but also to most other versions.
  • Basic Use Basic system usage and some of the major usage differences between OpenBSD and other UNIX systems.
  • Basic Default Services Usage and management of services that run by default on a freshly installed system.
  • Online Help Resources Descriptions of the "man," GNU Info, and "perldoc" facilities for online help.
  • X Window System Information regarding the XWindow system on an OpenBSD host.
  • User Administration Addition and deletion of users and management of the space that these users will work in.
  • Networking Setting up basic networking, advanced networking topics, and bridging.
  • inetd Function and configuration of services that are run from inetd.
  • Other Installed Services Additional information about services that are installed on a default system, but not enabled on start-up.
  • Precompiled Third-Party Software: Packages Use of the precompiled packages that are available for OpenBSD.
  • The Ports Tree: Third-Party Software from Source Use of the ports tree and compiling applications from source.
  • Disks and Filesystems The creation and care of filesystems and disk devices.
  • Backup Utilities Tools and techniques for system backup.
  • Housekeeping Regular system housekeeping chores.
  • Mail Server Operations SMTP services in OpenBSD.
  • The Domain Name Services The domain name system setup and use.
  • Web Servers with Apache Web services with the Apache and mod ssl servers.
  • OpenSSH The OpenBSD secure shell daemon and client.
  • The OpenBSD Development Environment Languages and software development tools.
  • Packet Filtering and NAT Using OpenBSD as a firewall and setting up systems to do NAT (Network Address Translation).
  • NFS: The Network Filesystem Setting up and using an OpenBSD NFS server and client.
  • NIS and YP Services Configuration of an NIS server and clients.
  • Kerberos Configuration and operation of OpenBSD as a Kerberos V client and server.
  • Authentication Methods The numerous login methods for OpenBSD, including S/Key.
  • IPsec: Security at the IP Layer Configuring an OpenBSD client and gateway for secure IP networking.
  • IP Version 6 (IPv6) Overview of how OpenBSD is able to use IPv6 and basic usage in normal activities.
  • Systrace A system call policy mechanism, which can safely limit the actions of any application on an OpenBSD system.
  • Network Intrusion Detection While not a standard part of OpenBSD, use of tools in the ports tree to allow OpenBSD to be used as a network security monitor.
  • Upgrading Upgrading an OpenBSD system.
  • Kernel Compilation The GENERIC kernel, the few reasons to compile a new kernel, and tweaks to the kernel without compilation.
  • Bug Reports with OpenBSD Checking for and reporting system bugs.
  • CVS Basics Use of CVS on OpenBSD to access the kernel source and for system deployment.
  • Applying Source Code Patches Ways to apply system and application patches.
  • Tuning the Kernel with sysctl Tunable kernel parameters.
  • A dmesg Walkthrough Information available from dmesg and how it applies to system use.
  • Core File Evaluation Evaluation of core files from system and application crashes.
  • Other OpenBSD Tools and Resources Documentation reference for OpenBSD and other sources of information.
  • IPsec m4 m4 processing scripts for the IPv6 chapter.

During the preparation of this book, a friend who was reviewing the table of contents asked me, "Where is the chapter on security?" Just as in OpenBSD, security is everywhere. We sprinkle it in almost every chapter, because this is how security is best done. A chapter or two at the end of a book simply cannot demonstrate how OpenBSD has integrated security into almost every facet of the system.

1.2 Whom Is This Book For?

This book targets both the user who is new to OpenBSD and the user who has been using the system for a while. It is not intended to be a beginner's guide; it presumes that the user knows UNIX and is moving to OpenBSD or looking to expand his or her knowledge base. In addition, given that networking is a core function of any OpenBSD system, having a basic understanding of networking is important. This book will not cover the specifics of editors like vi or emacs; the user is expected to be able to edit his or her own files. Finally, this book concentrates on the use of server-end tools; it will not cover the clients being used to access these services, except in terms of how that might change decisions during server configuration.

The first section of the book can probably be skimmed by experienced and savvy UNIX administrators, but many will want to read these chapters in depth. These chapters include the basics of the layout of the OpenBSD system and its installation.

Read More Show Less

Table of Contents

1. Introduction.

WhatWill This Book Cover?

Whom Is This Book For?

Book Syntax.

About the Authors.

Brandon Palmer.

Jose Nazario.

Contributing Authors.

Acknowledgments.

I. GETTING STARTED.

2. Overview of OpenBSD.

A Brief History of OpenBSD.

OpenBSD Security.

The OpenBSD Security Model.

The Audit.

Cryptography.

Proactive Security.

Which Applications Are and Are Not Secure?

Licensing.

The Feel of OpenBSD.

Filesystem Layout.

Security.

User Friendliness.

Packages and Ports.

Where Is OpenBSD Used?

3. Installation.

Supported Hardware.

System Preparation.

Getting the Files for Installation.

Selecting Boot Media.

Booting.

The Boot Configuration.

Creating a Serial Console.

Platform-Specific Information.

Boot Example.

Filesystem Partitioning.

A Private System.

A Multiuser System with Untrusted Users.

Server Partitioning.

Firewall.

Swap Space Allocation.

Partitioning Example.

Network Configuration.

Network Setup Example.

Base Software Set Installation.

Types of Installations.

Descriptions of the Installation Sets.

Installation Example.

Post-Installation.

Time Zone Information and Example.

After Reboot.

Customizing the Installation Process.

Creating Site-Specific Files.

Jumpstarting Installations.

Customized Installation Floppies.

Upgrading an Installation.

4. Basic Use.

General Filesystem Layout.

/bin and /sbin.

/usr/bin and /usr/sbin.

/var.

/tmp.

/usr/local.

/home.

/dev.

/sys.

/stand.

Start-up and Shutdown.

Logging In.

RC Scripts.

Default Processes.

Random PID Values.

Ports and Packages.

Networking in Brief.

APM: Automatic Power Management.

Mouse Control with wsmoused.

5. Basic Default Services.

inetd: The Super-Server.

The Use of TCPWrappers.

syslog: The Logging Service.

Electronic Mail with sendmail.

The Secure Shell Server sshd.

6. Online Help Resources.

Manual Pages.

Which Manual Page?

The Layout of the Manual.

Notable Manual Pages.

Added Sections.

Writing Your Own Manual Pages.

GNU Info Pages.

Converting Info to Manual Pages.

perldoc and Pod.

Package-Specific Documentation.

Other Sources.

7. X Window System.

Installation.

Quick Setup.

Troubleshooting Configuration.

xdm.

Window Managers.

Basic X Applications.

Remote Display.

X and Security.

II. SYSTEM CONFIGURATION AND ADMINISTRATION.

8. User Administration.

User Creation and Deletion.

Altering the Default New User Options.

vipw and Group Management.

Self Account Administration for Users.

User Limits with ulimit.

Process Accounting.

Privileged Users with sudo.

The sudoers File.

Logging with sudo.

Security of sudo.

Restricted Shells.

Restricting Users with systrace.

9. Networking.

Device Support.

Virtual Interface Drivers.

Kernel Messages.

Basic Setup.

Interface Media Options.

DNS Client Configuration.

DHCP.

Alias Addresses.

ARP: Address Resolution Protocol.

Diagnostic Information.

Routing.

Bridging.

PPP.

User Dial-up with PPP.

Listening Ports and Processes.

Troubleshooting.

10. inetd.

ftpd.

sftp.

telnetd.

shell.

fingerd.

identd.

comsat.

ntalkd.

popa3d.

Internal Services.

Kerberos Services.

RPC Services.

11. Other Installed Services.

tftpd.

rarpd/bootparamd.

The Remote Shell.

Time Services.

Mouse Services.

Printing.

dhcpd: The DHCP Server.

Requirements.

Configuration.

Starting dhcpd.

DHCP Leases.

Considerations to Note.

BOOTP Support.

12. Precompiled Third-Party Software: Packages.

An Overview of Packages.

Installation of Packages.

Local Installation Sources.

Network Installation Sources.

Options for Package Installation.

Uninstalling Packages.

Options for Uninstallation.

Upgrading Packages.

Information About Installed Packages.

Third-Party Software and Security.

13. The Ports Tree: Third-Party Software from Source.

Ports.

Getting the Ports Tree.

The Structure of the Ports Tree.

The Life Cycle of a Ports Build.

Building a Package from Ports.

Making Many Ports at Once.

Updating Specific Ports.

Troubleshooting.

14. Disks and Filesystems.

Disk Devices.

The Concatenated Disk Driver and RAIDFrame.

Filesystems.

New Filesystems.

Other Common Filesystems: ext2, msdos, iso9660.

Disk Quotas.

Soft Updates.

Other Tricks to Speed Up Access.

Disklabels.

Mounting Filesystems.

Pseudo-Disks with vnconfig.

Caring for Filesystems.

The Last Resort for Mistakes: scan ffs.

Listing Open Files and Devices.

15. Backup Utilities.

Introduction.

Devices.

Preliminaries.

Backup Strategies.

Data-Specific Options.

Authentication.

Available Tools.

cpio.

pax.

dump and restore.

tar.

Additional Tools from Ports and Packages.

Amanda.

GNU tar for Backups.

Backup Using rsync.

16. Housekeeping.

What Is Housekeeping?

Regular System Scripts.

Daily Checks.

Weekly Checks.

Monthly Checks.

Logfile Rotation.

Scheduling Facilities.

The cron System.

at.

Controlling Execution of at Jobs.

17. Mail Server Operations.

Introduction to Electronic Mail.

Overview of Electronic Mail in OpenBSD.

sendmail.

Virtual Hosting.

Security with STARTTLS.

Upgrading.

POP Server Administration.

IMAP Server Administration.

Mailing List Software.

E-mail Security.

MTA Security.

POP Security.

Message Security.

18. The Domain Name Services.

Introduction to DNS.

Configuring the Resolver.

The DNS Server named.

A Simple Caching-Only Nameserver.

DNS Security Issues.

Firewall Rules for DNS.

Upgrading named.

BIND8 and BIND9.

DJBDNS.

DNS Tools.

dig.

host.

nslookup.

nslint.

Resources.

Troubleshooting.

19. Web Servers with Apache.

Apache.

Quick Overview.

chroot.

SSL.

Using Dynamic Content in the chroot Environment.

Modules for Apache.

OtherWeb Servers.

Apache 2.0.x 19.4.2 thttpd.

MiscellaneousWeb Server Tools.

Squid.

mod load.

weblint.

analog.

20. OpenSSH.

Command-Line Use.

ssh.

scp.

ssh-keygen.

ssh-agent and ssh-add.

sshd.

Configuration.

Client Options.

Server Configuration Options.

Use in Other Packages.

Command Line.

Privilege Separation.

sftp.

III. ADVANCED FEATURES.

21. The OpenBSD Development Environment.

Introduction.

Editors.

Compilers and Languages.

Base Language Support.

Default Security Options.

Additional Languages from Ports.

Debuggers.

Additional Debugging Tools from Ports.

Tracing System Calls.

Additional Source Code Development Tools.

make.

automake.

Imake and xmkmf.

Libraries.

Shared Library and Object Tools.

Documentation.

22. Packet Filtering and NAT.

Introduction to Firewalls.

Introduction to PF.

The PF Configuration File.

Firewalls with PF.

Introduction to Network Address Translation.

NAT with PF.

Redirection.

Advanced PF Usage.

Tables.

Anchors.

Packet Scrubbing.

Rate Limiting.

Transparent Filtering.

Load Balancing.

Selective Filtering Based on the Operating System.

Logging with pflogd.

Examining the State Table with pfsync.

Determining Firewall Rules.

Opening Ports.

Authenticated Firewall Rules.

Firewall Performance Tuning.

23. NFS: The Network Filesystem.

Introduction to NFS.

NFS Client Configuration.

NFS Server Configuration.

Kernel Configuration.

Configuration of the Server.

NFS Security.

24. NIS and YP Services.

Introduction to NIS.

Client Setup.

Server Setup.

Security.

Resources.

25. Kerberos.

What Is Kerberos?

Why Use Kerberos?

Key Concepts in Kerberos.

Overall System Setup.

Clock Synchronization.

Build Support for Kerberos.

Client Setup.

Client Configuration.

Obtaining Tickets.

Kerberos Server Setup.

KDC Configuration.

keytab Creation.

Initialization Realm.

Controlling Access to the Administrative Server.

Starting the Kerberos Server.

Activating Kerberos V Services at Start-up.

Kerberizing Services.

Secure Shell.

telnet.

Windows 2000 and Kerberos V.

Security of the Kerberos Scheme.

Resources.

Troubleshooting.

26. Authentication Methods.

Authentication Overview.

passwd.

skey.

S/Key Setup.

Getting Passphrases.

sshd Setup and Usage with S/Key.

Additional Login Classes.

lchpass.

chpass.

Token-Based Authentication Methods.

Kerberos.

radius Method.

reject Method.

27. IPsec: Security at the IP Layer.

Introduction.

IPsec Basics.

Creating x509 Keys.

Setting Up IPsec.

Kernel Requirements.

Endpoint Setup.

Manual Configuration.

Automatic Configuration.

Testing/Debugging the Configuration.

tcpdump.

ipsecadm monitor.

/kern/ipsec.

/var/run/isakmpd.pcap.

/var/run/isakmpd.report.

netstat -nr.

Example VPN Configurations.

Transport: OpenBSDÐOpenBSD + Tunnel: NetÐNet.

Transport: None + Tunnel: NetÐNet.

Transport: OpenBSDÐOpenBSD + Tunnel: None.

Wireless Laptop to a Secure Gateway.

OpenBSDÐOpenBSD Through an OpenBSD PF NAT Firewall.

28. IPv6: IP Version 6.

How IPv6Works.

Special Addresses.

Tunnelling IPv4 and IPv6.

Kernel Setup.

Userland Setup.

Normal Use.

Manual Configuration.

Configuring a Router for IPv6.

Configuring a Host for IPv6 Automatically.

Getting on the IPv6 Network.

Freenet6.

IPv4 and IPv6 Proxying.

Some IPv6-Ready Applications.

Service Support for IPv6.

sendmail.

Secure Shell Daemon.

DNS.

Apache.

Routing Daemons.

DHCP Daemons.

IPsec with ISAKMP.

Kerberos V 400

Programming with IPv6.

IPv6 and Security.

Firewalling IPv6 with pf.

Resources.

Troubleshooting.

29. systrace.

Introduction.

Example Use.

Creating Policies.

Editing Policies.

The Benefit of a Local Caching Name Server.

Privilege Elevation with systrace.

Where to Use systrace.

System Coverage with systrace.

Additional Uses for systrace.

Software Testing.

IDS Logging.

Limitations of systrace.

Resources.

30. Network Intrusion Detection.

Introduction.

Snort.

Installation.

Configuration.

Loading New Rules.

Snort Add-Ons.

Integration with PF.

Other IDS Solutions.

Important Notes.

Resources.

31. Upgrading.

Upgrading an Installation.

CVS and Branches.

System Preparation.

Upgrading from Binary Sets.

Upgrading from Source.

Upgrading Configuration Files.

Using mergemaster.

Manual Merging.

Binary Format Changes and Upgrades.

32. Kernel Compilation.

Why Recompile a Kernel?

Why Not Reconfigure and Rebuild Your Kernel?

Where to Get the Source and How to Compile.

Information to Be Set in the Configuration Files.

Tweaking a Built Kernel.

Kernel-Userland Synchronization.

33. Bug Reports with OpenBSD.

Introduction.

Diagnosing a Problem.

Check with Others.

Develop a Solution.

The OpenBSD Bug Tracking System.

Reporting Bugs with sendbug.

IV. APPENDIXES.

A. CVS Basics.

How to Set Yourself Up for CVS.

CVS and the pserver.

Using CVS.

CVS and Tags.

Speeding Up CVS.

Choosing a Mirror.

Compression.

Ignoring Parts of the Tree.

Resources.

B. Applying Source Code Patches.

What Are Patches?

The Structure of a Patch.

Using the patch Tool.

Obtaining Patches for OpenBSD.

C. Tuning the Kernel with sysctl.

What Are Tunable Parameters?

Using sysctl.

Reading Variables.

Writing to Variables.

The Variable Hierarchy.

Filesystem Improvements.

D. Admesg Walkthrough.

What Does dmesg Give Us?

What Do the Messages Mean?

The Boot Messages.

E. Core File Evaluation.

Applications That Crashed.

Kernel Crash Dump Analysis.

Using ddb.

Post-Reboot Analysis.

Examining the Process Table.

F. Other OpenBSD Tools and Resources.

Web Pages.

Software Mirrors.

BSD-Specific Software.

Generic Software Sites.

Mailing Lists.

User Groups.

Newsgroups.

RFC Availability.

G. IPsec m4.

Index.

Read More Show Less

Preface

Chapter 1: Introduction

The OpenBSD operating system (OS) is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OS is well designed for both workstation and server use. OpenBSD supports many mainstream applications and also offers great hardware support. Because OpenBSD doesn't face many of the business pressures to increase sales and employ trendy gimmicks that Linux and other BSD systems have to deal with, it is able to be designed on technical merit. This means that while the system works very well, it isn't targeted at the user who wants to be able to "point and click" and not read the documentation. This book is written to help new users understand the features of the OpenBSD system and to give more seasoned users the education to fully exploit all that OpenBSD has to offer.

OpenBSD came into existence on October 18, 1995, at 08:37 when Theo de Raadt committed the first branch into the CVS server from the NetBSD tree. The first release, OpenBSD2.0, became available in autumn 1996. Release dates have been every six months since then, with the most recent version, 3.4, being released on November 1, 2003.

There are no firm numbers on a user base for OpenBSD. Even though CD sales could give an estimate, CDs are used to install only some systems. A huge number of installations are done over the Internet. The user base is, however, "pretty incredible," says Theo.

1.1 What Will This Book Cover?

This book will cover the hardware that most users will be faced with, and some notes about other hardware they may not encounter. The i386 architecture is used for most of the examples as that is where most users first encounter it. Note, however, that OpenBSD works almost the same on all architectures.

The book is broken down into the following sections:

  • Introduction This chapter.
  • Overview of OpenBSD A quick overview of what OpenBSD is and some of its main features.
  • Installation A walkthrough of an installation detailing what various options mean, why one should make certain decisions, and what's really happening in the background. This up-to-date discussion applies specifically to the OpenBSD 3.4 installation, but also to most other versions.
  • Basic Use Basic system usage and some of the major usage differences between OpenBSD and other UNIX systems.
  • Basic Default Services Usage and management of services that run by default on a freshly installed system.
  • Online Help Resources Descriptions of the "man," GNU Info, and "perldoc" facilities for online help.
  • X Window System Information regarding the XWindow system on an OpenBSD host.
  • User Administration Addition and deletion of users and management of the space that these users will work in.
  • Networking Setting up basic networking, advanced networking topics, and bridging.
  • inetd Function and configuration of services that are run from inetd.
  • Other Installed Services Additional information about services that are installed on a default system, but not enabled on start-up.
  • Precompiled Third-Party Software: Packages Use of the precompiled packages that are available for OpenBSD.
  • The Ports Tree: Third-Party Software from Source Use of the ports tree and compiling applications from source.
  • Disks and Filesystems The creation and care of filesystems and disk devices.
  • Backup Utilities Tools and techniques for system backup.
  • Housekeeping Regular system housekeeping chores.
  • Mail Server Operations SMTP services in OpenBSD.
  • The Domain Name Services The domain name system setup and use.
  • Web Servers with Apache Web services with the Apache and mod ssl servers.
  • OpenSSH The OpenBSD secure shell daemon and client.
  • The OpenBSD Development Environment Languages and software development tools.
  • Packet Filtering and NAT Using OpenBSD as a firewall and setting up systems to do NAT (Network Address Translation).
  • NFS: The Network Filesystem Setting up and using an OpenBSD NFS server and client.
  • NIS and YP Services Configuration of an NIS server and clients.
  • Kerberos Configuration and operation of OpenBSD as a Kerberos V client and server.
  • Authentication Methods The numerous login methods for OpenBSD, including S/Key.
  • IPsec: Security at the IP Layer Configuring an OpenBSD client and gateway for secure IP networking.
  • IP Version 6 (IPv6) Overview of how OpenBSD is able to use IPv6 and basic usage in normal activities.
  • Systrace A system call policy mechanism, which can safely limit the actions of any application on an OpenBSD system.
  • Network Intrusion Detection While not a standard part of OpenBSD, use of tools in the ports tree to allow OpenBSD to be used as a network security monitor.
  • Upgrading Upgrading an OpenBSD system.
  • Kernel Compilation The GENERIC kernel, the few reasons to compile a new kernel, and tweaks to the kernel without compilation.
  • Bug Reports with OpenBSD Checking for and reporting system bugs.
  • CVS Basics Use of CVS on OpenBSD to access the kernel source and for system deployment.
  • Applying Source Code Patches Ways to apply system and application patches.
  • Tuning the Kernel with sysctl Tunable kernel parameters.
  • A dmesg Walkthrough Information available from dmesg and how it applies to system use.
  • Core File Evaluation Evaluation of core files from system and application crashes.
  • Other OpenBSD Tools and Resources Documentation reference for OpenBSD and other sources of information.
  • IPsec m4 m4 processing scripts for the IPv6 chapter.

During the preparation of this book, a friend who was reviewing the table of contents asked me, "Where is the chapter on security?" Just as in OpenBSD, security is everywhere. We sprinkle it in almost every chapter, because this is how security is best done. A chapter or two at the end of a book simply cannot demonstrate how OpenBSD has integrated security into almost every facet of the system.

1.2 Whom Is This Book For?

This book targets both the user who is new to OpenBSD and the user who has been using the system for a while. It is not intended to be a beginner's guide; it presumes that the user knows UNIX and is moving to OpenBSD or looking to expand his or her knowledge base. In addition, given that networking is a core function of any OpenBSD system, having a basic understanding of networking is important. This book will not cover the specifics of editors like vi or emacs; the user is expected to be able to edit his or her own files. Finally, this book concentrates on the use of server-end tools; it will not cover the clients being used to access these services, except in terms of how that might change decisions during server configuration.

The first section of the book can probably be skimmed by experienced and savvy UNIX administrators, but many will want to read these chapters in depth. These chapters include the basics of the layout of the OpenBSD system and its installation.

Read More Show Less

Introduction

The OpenBSD operating system is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OS is well designed for both workstation and server use. OpenBSD supports many main stream applications and also offers great hardware support. Since OpenBSD doesn't have many of the business pressures of increasing sales and trendy gimmicks that Linux and other BSD systems have, it is able to be designed on technical merit. This means that while the system works very well, it isn't targeted at the user who wants to be able to "point and click" and not read the documentation. This book is written to help new users understand the features of the OpenBSD system and to give more seasoned users the education to fully exploit all that OpenBSD has to offer.

OpenBSD came into existence on October 18th, 1995 at 08:37 when Theo de Raadt committed the first branch into the CVS server from the NetBSD tree. The first release, OpenBSD 2.0 was roughly Autumn of 1996 and release dates have been every six months after that date, with the most recent being 3.4, released on November 1st, 2003.

There are no firm numbers on a user base for OpenBSD. Even though CD sales could give an estimate, CDs are used to install many systems and a huge number of installations are done over the internet. The userbase is, however, "pretty incredible," says Theo.

1.1 What Will This Book Cover?

This book will cover the hardware that most users will be faced with, and some notes about other hardware they may not. The i386 architecture is used for most of the examples since that is where most users first encounter it; however OpenBSD works almost the sameon all architectures.

The book is broken down into the following sections:

  • Introduction - This chapter.
  • Overview of OpenBSD - A quick overview of what OpenBSD is and some of its main features.
  • Installation - A walk through of an installation detailing what various options mean, reasons to make decisions and what's really happening in the background. This is up to date for the OpenBSD 3.4 installation, but it also applies for most other versions.
  • Basic Use - Basic system usage and some of the major usage di(R)erences between OpenBSD and other UNIX systems.
  • Basic Default Services - Usage and management of services that run by default on a freshly installed system.
  • Online Help Resources - Descriptions of the 'man', GNU Info, and 'perldoc' facilities for online help.
  • X Window System - Information regarding the X Window system on an OpenBSD host.
  • User Administration - Addition and deletion of users along with managing the space that these users will work in.
  • Networking - Setting up basic networking, advanced networking topics and bridging.
  • inetd - Function and configuration of services that are run from inetd.
  • Other Installed Services - Additional information about services that are installed on a default system, but not enabled on startup.
  • Precompiled Third-Party Software: Packages - How to use precompiled packages that are available for OpenBSD.
  • The Ports Tree: Third-party Software from Source - Use of the ports tree and compiling application from source.
  • Disks and Filesystems - Cov disk devices.
  • Backup Utilities - Tools and techniques for system backup.
  • Housekeeping - Regular system housekeeping chores.
  • Mail Server Operations - SMTP services in OpenBSD.
  • The Domain Name Services - The domain name system setup and use.
  • Web Servers with Apache - Web services with the Apache and mod ssl servers.
  • OpenSSH - The OpenBSD secure shell daemon and client.
  • The OpenBSD Development Environment - Languages and software development tools.
  • Packet Filtering and NAT - Using OpenBSD as a firewall and setting up systems to do NAT (Network Address Translation).
  • NFS - The Network Filesystem - Setting up and using an OpenBSD NFS server and client. NIS and YP Services - Configuration of an NIS server and clients.
  • Kerberos - Configuration and operation of OpenBSD as a Kerberos V client and server. Authentication Methods - The numerous login methods for OpenBSD are discussed, including RADIUS and S/Key.
  • IPsec: Security at the IP Layer - Configuring an OpenBSD client and gateway for secure IP networking.
  • IP Version 6, IPv6 - Overview of how OpenBSD is able to use IPv6 and basic usage in normal activities.
  • Systrace - A system call policy mechanism, which can safely limit the actions of any application on an OpenBSD system.
  • Network Intrusion Detection - While not a standard part of OpenBSD, by using tools in the ports tree, OpenBSD can be used as a network security monitor.
  • Upgrading - Upgrading an OpenBSD system.
  • Kernel Compilation - The GENERIC kernel, the few re compilation.
  • Bug Reports with OpenBSD - How to check for and report system bugs.
  • CVS Basics - How to use CVS on OpenBSD for access to kernel source and system deployment.
  • Applying Source Code Patches - How to apply system and application patches.
  • Tuning the Kernel with sysctl - Tunable kernal parameters.
  • A dmesg Walk-Through - Usage of information from dmesg and how it applies to system use.
  • Core File Evaluation - Evaluation of core files from system and application crashes.
  • Other OpenBSD Tools and Resources - Documentation reference for OpenBSD and other sources of information.
  • IPsec m4 - m4 processing scripts for the IPv6 chapter.

During the preparation of this book, a friend who was reviewing the table of contents asked me, "Where is the chapter on security?" Just like in OpenBSD it's everywhere. We sprinkle it in almost every chapter, because this is how security is best done. A chapter or two at the end of a book simply cannot demonstrate how OpenBSD has integrated security into almost every facet of the system.

1.2 Who Is This Book For?

This book targets both the user who is new to OpenBSD , and the user who has been using the system for a while. This is not intended to be a beginner's guide; it presumes that the user knows UNIX and is moving to OpenBSD, or looking to expand their knowledge. In addition, since networking is a core function of any OpenBSD system, having a basic understanding of networking is important. This book will not cover the specifics of editors like vi or emacs; the user is expected to be able to edit their own files. Fi will be concentrating on the use of server-end tools; it will not cover the clients being used to access these services, save in how that might change decisions in server configuration.

The first section of the book can probably be skimmed by experienced and savvy UNIX administrators, but many will want to read these chapters in depth. These chapters include the basics of the layout of the OpenBSD system and its installation.



Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)