BSDnewsletter.com

Borne from an argument and with the goals of proactive security, correct programming, and truly free open source code, OpenBSD has became the standard which most other operating systems try to emulate.

Back in 1995, former NetBSD developer, Theo de Raadt, started the project basing it on the NetBSD operating system and a variety of fixes and improvements he considered important. Security reviews for almost all userland software and libraries were done. And the first release of OpenBSD included numerous security fixes, better licensed software, and various performance improvements.

So what is OpenBSD?

OpenBSD is a complete operating system.

"I personally use OpenBSD as my desktop OS at work and at home, along with a number of installed packages compiled from the ports tree", said Todd Fries, an OpenBSD user and developer. "At both places, I have also deployed it as a DNS server, a web server, firewall, and NAT gateway."

In contrast with Linux, where Linux is only a kernel -- and mostly unusable without additional software, OpenBSD includes the OpenBSD kernel, a C library, various other libraries, a complete suite of Unix tools, various networking services and related software. OpenBSD also provides the XFree86 server, the FVWM window manager and various X11 clients. From a default installation, OpenBSD is ready-to-use as a DNS server, Apache web server, and mail server.

Ian Darwin, who has used UNIX full-time since 1984, starting with V7 UNIX on a PDP-11 and has experience with SunOS 4 and Solaris 2, uses OpenBSD "because it feels like real UNIX."

In addition to software included by default, the OpenBSD project maintains a ports and packages collection. The ports are categorized directories of instructions and patches for easily building and installing third-party software, such as KDE or Abiword, under OpenBSD. When building from the ports, required dependencies are automatically handled.

The packages are the ready-to-use third-party software (as built from the ports collection).

Louis Bertrand, a web application developer and educator, uses OpenBSD to run PHP and the PostgreSQL database engine to support his intro to web development classes.

"As a Web development platform, OpenBSD gave me a responsive desktop to edit code and preview contents, regardless of the choice of language: PHP, Python, and Java servlets mostly," said Bertrand. "Since my workstation was also able to run all the server-side code, I could preview everything locally without the need for a dedicated offline server -- very handy while working at client sites."

The default install also doesn't run a variety of non-essential services, which helps keep with its stance of proactive security.

OpenBSD is a free operating system.

It's based on the old Berkeley Software Distributions which began in the late 1970's and became a complete replacement for commercial Unix in the early 1990's. This software (and documentation) is primarily licensed with the open source BSD license. The main requirements of the BSD license are preservation of copyright, permission to reuse, and a standard disclaimer of liability. Due to its minimal license, BSD software can be freely modified and used in proprietary or commercial software.

The main difference between BSD and the popular GPL licensing is that the GPL license requires distributed changes to made public and given back to the copyright owner (or original developer). The BSD license doesn't have this viral limitation, so BSD licensing is often used for software projects where the developers want wide-spread -- even commercial -- use.

The OpenBSD project has actively audited its code looking for unclear or conflicting licensing; and in most cases, the software has been replaced, rewritten, or removed.

"I had decided long before bumping into OpenBSD that I would run only free operating systems," said Fries. "It fits that bill very nicely as well."

OpenBSD is an open operating system.

In addition to having liberal licensing, the complete code for OpenBSD is easily accessible for review and reuse. The changes with comments of the operating system software are tracked using CVS revision control software. The source code can be retrieved via FTP, CVSup, Anonymous CVS, CTM (source by email), and via a website which has an interface to the CVS. This website can be used to review histrical changes to the operating system's source code and documentation.

In addition, many of the development discussions are done via public mailing lists and archived on the internet.

OpenBSD means security.

"As a new teacher scrambling to line up lectures, labs and assignments, I can easily tell you that the 'secure by default' stance is truly the part-time sysadmin's best friend and ally," said Bertrand. "I don't need to scrub down the server after

installing the OS, or stay up nights worrying that I forgot something. The server just works, and I can focus on getting my real job done: looking after students."

OpenBSD has a goal of being number one in the security industry. OpenBSD was one of the first operating systems to be distributed with integrated cryptography. It includes SSL and TLS (which are commonly used for encrypted internet transactions), IKE key management, IP Security Protocol (IPsec), Kerberos authentication, and one-time passwords using S/Key.

OpenBSD also includes a variety of cryptographic hardware support for random number generators, cryptographic algorithms acceleration, and more.

In fact, the OpenBSD project develops and maintains the popular OpenSSH software which is included with various other operating systems; this software is useful for secure logins, secure file transfers and secure port forwarding (like a VPN).

Also, OpenBSD provides a full-featured packet filter which can be used as a firewall, for controlling bandwidth, address translation (NAT), port forwarding, and a lot more.

Through its various software audits, OpenBSD has fixed thousands of improperly used functions and has added various security improvements; for example, most of the network services can run without superuser privileges. The project focuses on correct programming which often results in removing numerous unknown security issues.

Darwin, who is an educator and freelance consultant, said OpenBSD's security and encryption is a plus for him: "I can maintain my web site from anywhere on the planet without fear of intrusion."

For several years, the OpenBSD website proudly boasted that it had not had any local or remote holes for years. Today, it still can braggingly say: "Only one remote hole in the default install, in more than 7 years!"

OpenBSD is well documented.

OpenBSD is known for its simple but detailed documentation. It provides numerous manual pages (included by default) covering common system administration tasks and using programming functions, in addition to the standard documentation for the Unix tools. For example, this documentation includes step-by-step directions for setting up STARTTLS for securing email transactions, setting up virtual private networks, configuring firewalls, and more. The OpenBSD website also includes useful instructions on installing, using and maintaining OpenBSD via its FAQ.

"The security, ease of development, and simple administrivia originally enticed me to start running OpenBSD," said Fries. "And remain major reasons why I use it today."

Discussion

BSD Links