Guide to Unix/BSD/OpenBSD: Difference between revisions
| [checked revision] | [pending revision] |
| (2 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
'''OpenBSD''' calls itself the "multi-platform, ultra-secure operating system". The OpenBSD team believes in strong security and code correctness. The OpenBSD team has between six and twelve developers working on finding bugs and security holes in the system. OpenBSD also strives to be secure by default, meaning that the user does not have to be a security expert to secure the system. The OpenBSD project normally makes a new version every six months. |
'''OpenBSD''' calls itself the "multi-platform, ultra-secure operating system". The OpenBSD team believes in strong security and code correctness. The OpenBSD team has between six and twelve developers working on finding bugs and security holes in the system. OpenBSD also strives to be secure by default, meaning that the user does not have to be a security expert to secure the system. The OpenBSD project normally makes a new version every six months. |
||
OpenBSD is known for having strict rules regarding bugs |
OpenBSD is known for having strict rules regarding bugs as an application not having a manual is considered a bug and therefore the application will not be included in the port (or package) tree. These rules are also included in the operating system. Should an application pose a security risk OpenBSD will kill the process on the spot. If there is a bug, and it is announced on the mailing list, then the OpenBSD team will come out with a patch in a matter of days. OpenBSD has only had two remotely exploitable bugs (both were in and soon ), after a default install (with no additional services turned on) in over 10 years. |
||
===Notable Security Features=== |
===Notable Security Features=== |
||
| Line 24: | Line 24: | ||
==Installation== |
==Installation== |
||
{{main|Guide to Unix/BSD/OpenBSD/OpenBSD Installation}} |
{{main|Guide to Unix/BSD/OpenBSD/OpenBSD Installation}} |
||
OpenBSD has |
OpenBSD has easy although non-graphical installer. |
||
===Customization=== |
===Customization=== |
||
{{main|Guide to Unix/BSD/OpenBSD/Customize Installation}} |
{{main|Guide to Unix/BSD/OpenBSD/Customize Installation}} |
||
You can change the default configuration files and install additional packages, by creating your own custom |
You can change the default configuration files and install additional packages, by creating your own custom file. |
||
==As a firewall== |
==As a firewall== |
||
{{main|Guide to Unix/BSD/OpenBSD/As a Firewall}} |
{{main|Guide to Unix/BSD/OpenBSD/As a Firewall}} |
||
OpenBSD uses '''pf''' ("packet filter") as a firewall. |
OpenBSD uses '''pf''' ("packet filter") as a firewall. the authors originally contributed pf to OpenBSD because it is free, other operating systems are including pf. |
||
==As a webserver== |
==As a webserver== |
||
Latest revision as of 12:57, 25 March 2024
This module contains information that is specific to OpenBSD.
Background
[edit | edit source]OpenBSD calls itself the "multi-platform, ultra-secure operating system". The OpenBSD team believes in strong security and code correctness. The OpenBSD team has between six and twelve developers working on finding bugs and security holes in the system. OpenBSD also strives to be secure by default, meaning that the user does not have to be a security expert to secure the system. The OpenBSD project normally makes a new version every six months.
OpenBSD is known for having strict rules regarding bugs, such as an application not having a manual is considered a bug and therefore the application will not be included in the port (or package) tree. These rules are also included in the operating system. Should an application pose a security risk, OpenBSD will kill the process on the spot. If there is a bug, and it is announced on the mailing list, then the OpenBSD team will come out with a patch in a matter of days. OpenBSD has only had two remotely exploitable bugs (both were in SSH and patched soon thereafter), after a default install (with no additional services turned on) in over 10 years.
Notable Security Features
[edit | edit source]- strlcpy() and strlcat()
- Memory protection purify
- W^X
- .rodata segment
- Guard pages
- Randomized malloc()
- Randomized mmap()
- atexit() and stdio protection
- Privilege separation
- Privilege revocation
- Chroot jailing
- New uids
- ProPolice
Installation
[edit | edit source]OpenBSD has an easy, although non-graphical, installer.
Customization
[edit | edit source]You can change the default configuration files and install additional packages, by creating your own custom ISO file.
As a firewall
[edit | edit source]OpenBSD uses pf ("packet filter") as a firewall. Although the authors originally contributed pf to OpenBSD because it is free, other operating systems are including pf as well.
As a webserver
[edit | edit source]As of OpenBSD 5.6, OpenBSD ships with its own webserver, httpd(8). A hardened fork of Apache 1.3 (was in base prior to 5.6), upstream Apache 2.2, nginx (in base prior to upcoming 5.7) and other webservers are available from ports.
As a desktop
[edit | edit source]Despite its reputation for being only for servers OpenBSD can also serve as a great workstation/desktop. OpenBSD uses pkg_add as their binary package management system. The pkg_add automatically resolves dependencies. If you get the packages from ftp, pkg_add is able to resolve all of the dependencies for you. Some of the desktop related packages in the binary package system include: KDE (3.5), Xfce, Gnome, fluxbox, blackbox, and e16. Many other packages are available through the port system which also resolves and compiles the dependencies for you.
References
[edit | edit source]- "OpenBSD Security." 31 Oct. 2008. OpenBSD. 31 Oct. 2008 <http://www.openbsd.org/security.html>.