Originally Published: Monday, 8 November 1999 Author: Matt Michie
Published to: featured_articles/Featured Articles Page: 1/1 - [Printable]

Buddying up to BSD: Part Two - OpenBSD

Last week I set out to "grok" the essence of BSD. I wanted to see how it was different from Linux and what I could learn. Most sane people would probably start their BSD experience with FreeBSD. I started by doing a FTP install of OpenBSD 2.5....


   Page 1 of 1  

Last week I set out to "grok" the essence of BSD. I wanted to see how it was different from Linux and what I could learn. Most sane people would probably start their BSD experience with FreeBSD. I started by doing a FTP install of OpenBSD 2.5.

OpenBSD is described by its creators as:

"The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts place emphasis on portability, standardization, correctness, security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX."

Since I have an interest in computer security and encryption, this seemed like the perfect place for me to start. So I loaded up Netscape and surfed through the OpenBSD Project's web site. I really wanted to download an ISO image of the CD-ROM so I could retain a copy to install at home (FTP installs on 56K modems are mildly painful). Unfortunately, I couldn't find an ISO anywhere on the net. The helpful folks in #openbsd informed me that I should really buy a copy of the official CD-ROM set or do a FTP install.

I wish I could support these excellent free software programmers by ordering the official CD-ROM for $30.00. However, being a dirt poor student has its disadvantages (namely being poor). I began to prepare for a FTP install. Belatedly, I realized that Cheap Bytes did have a $4.99 copy of OpenBSD 2.5.

Interestingly they note:

"In our humble opinion, this distribution is not for the timid. In particular the installation. Notes are provided to assist in the installation. Once the distribution is installed, you will be rewarded with a powerful and versatile system."

Perfect lead in for my next section. Installation nightmare.

I expected a degree of difficulty doing a FTP install of a BSD Unix. I was unprepared for exactly how difficult the installation proved to be.

I started by downloading the single boot disk for the i386 platform and raw writing it to a floppy. So far so good, it reminded me of my early Slackware days. I jammed the floppy into my generic Pentium 133 and away I went. The kernel booted, seemingly detecting most of my hardware, and most important to me my 3Com 900C NIC.

I was then prompted with the following:

Enter pathname of shell or RETURN for sh: _

erase ^?, werase ^W, kill ^U, intr ^C

(I)nstall, (U)pgrade or (S)hell?

I knew it was time to consult the documentation. Luckily, the install docs are fairly decent if you are reasonably familiar with UNIX installs. I stepped through the installation, getting caught up with the horrid partioning software. I spent about 45 minutes getting the install to accept the partitions I setup. The user interface is practically non-existent, and makes sense only after breaking the accursed thing for near an hour.

Finally, I made it to the network setup. I wanted to use DHCP to save some time, but after spending another frustrating 15 minutes playing with combinations of settings, I simply hand entered the appropriate information. Everything went well after I figured out I had to specify that I was running on a 10BaseT network. Donald Becker must be more of a saint than I realized. His Linux drivers always auto-detected this sort of thing for me. I'm puzzled as to the reasons OpenBSD can't do this.

I finally got onto the net and started the FTP download. Even though the files were reasonably sized, I had to leave my workstation downloading overnight. I came in the next morning feeling like a 12 year old on Christmas. Unfortunately, when I turned on the monitor, the box was completely locked up. In defense of OpenBSD, I have to say the hardware isn't the greatest and it may have been responsible for the lock up. I restarted the installation and a couple hours later everything went normally.

My new system booted perfectly and I was staring at the login: prompt! Now I ran into a new problem. The network was not working at all. I couldn't even ping out. I tried every combination I could think of. After some time, I realized the network card had not defaulted to 10BaseT, even though I had specified this at installation.

Luckily, the man pages are detailed and up to date. I simply typed in ifconfig xl0 media 10baseT. At this point, everything should have been working. I played with yet more combinations of settings until out of frustration I tried setting the media type to 10base2. For whatever reason, the blasted thing began to work perfectly at this point. I plan on reporting this behavior as a bug after I compile more information.

My install nightmares over, I began to explore the system. What I found impressed me. The distribution was quite minimalistic compared to a distro such as Red Hat Linux. It was a nice feeling to know what every binary on my box was used for. I had the impression that every file and every directory had been placed with a distinct purpose. The layout seemed carefully contemplated. Unfortunately, I still don't know what many of the binaries on my Linux box are for, and they are often scattered around almost randomly. Instead of careful design, I feel like my distribution was simply trying to fit the most free software possible onto my hard-drive. I don't mind this behavior on my workstation, but I definitely don't enjoy cleaning up cruft from my servers! OpenBSD handily beats Linux here.

I actually decided against installing X on this box. I almost felt that it would contaminate my nice clean system. I did however begin to play with the famed BSD ports tree. This is a great system for installing software! The only thing that comes close in Linux is Debian's apt-get. Instead of hunting down RPMs or tarballs and trying to get them install on your system, one simply changes to the nicely categorized directories and types make install. BSD FTPs the necessary files, uncompresses them, patches them if needed, and finally compiles and installs the binaries. Seeing this in action is impressive. I went through various categories installing some of my favorite programs and getting things setup just the way I like.

I was however annoyed that I needed to hit ctrl-alt-FX to switch virtual terminals, rather than alt-FX like in Linux. I also was frustrated that there was no color ls available. The console was also unable to properly display the high-ASCII characters like those used in BitchX. Score several points for Linux here.

The configuration files in BSD's /etc weren't too different from a standard Linux setup, and I was able to adapt pretty easily. I was somewhat surprised that by default, telnet, FTP, and finger were enabled. I had expected OpenBSD to be a bit tighter as far as security went here. Of course, the docs were quite clear on how to tighten this up and the afterboot man page was a plethora of information about getting the box setup properly.

I simply LOVE the way that OpenBSD sends root a daily listing of all the file permissions changed and actual diffs of the configuration files in /etc. This is a great sysadmin tool for not only keeping track of possible security holes, but for keeping a nice log of the users added and configurations changed. One way or another I need to have this functionality on my Linux servers. If I can't find the equivalent, I'll port over the OpenBSD scripts myself. It makes administration so much nicer.

Installation troubles aside, I am thoroughly impressed by what the OpenBSD team has put together. They have not only the most secure free UNIX out there (if not the most secure UNIX period), but the system is fun to hack (not crack) around in. I found myself bragging to friends that I had an OpenBSD box sitting in my office. I'll definitely be keeping it around to play with. I would not recommend OpenBSD as a workstation, but in my casual testing it has proven to be a good candidate for a server. It seems particularly well suited for being a firewall/gateway/intrusion detection platform.

Final Verdict: if you are an experienced Linux or Unix sysadmin looking to broaden your horizons order the official CD-ROMS and give it a try.

Tune in next week for my FreeBSD review and some torture testing of OpenBSD, FreeBSD and Linux. Who will come out on top?

Matt Michie is a Linux Guru wannabe and student living in New Mexico. He loves to get e-mail at mmichie@linux.com and maintains a web site at http://web.nmsu.edu/~mmichie.





   Page 1 of 1