Synopses & Reviews
The definitive guide to OpenBSD
Foreword by Henning Brauer, OpenBSD PF Developer
OpenBSD, the elegant, highly secure Unix-like operating system, is widely used as the basis for critical DNS servers, routers, firewalls, and more. This long-awaited second edition of Absolute OpenBSD maintains author Michael Lucas's trademark straightforward and practical approach that readers have enjoyed for years. You'll learn the intricacies of the platform, the technical details behind certain design decisions, and best practices, with bits of humor sprinkled throughout. This edition has been completely updated for OpenBSD 5.3, including new coverage of OpenBSD's boot system, security features like W^X and ProPolice, and advanced networking techniques.
You'll learn how to:
- Manage network traffic with VLANs, trunks, IPv6, and the PF packet filter
- Make software management quick and effective using the ports and packages system
- Give users only the access they need with groups, sudo, and chroots
- Configure OpenBSD's secure implementations of SNMP, DHCP, NTP, hardware sensors, and more
- Customize the installation and upgrade processes for your network and hardware, or build a custom OpenBSD release
Whether you're a new user looking for a complete introduction to OpenBSD or an experienced sysadmin looking for a refresher, Absolute OpenBSD, 2nd Edition will give you everything you need to master the intricacies of the world's most secure operating system.
"The definitive book on OpenBSD gets a long-overdue refresh."
-Theo de Raadt, OpenBSD Founder
Synopsis
OpenBSD, the elegant, highly secure Unix-like operating system, is widely used as the basis for critical DNS servers, routers, firewalls, and more. This long-awaited second edition of
Absolute OpenBSD maintains author Michael Lucas's trademark straightforward and practical approach that readers have enjoyed for years. You'll learn the intricacies of the platform, the technical details behind certain design decisions, and best practices, with bits of humor sprinkled throughout. This edition has been completely updated for OpenBSD 5.3, including new coverage of OpenBSD's boot system, security features like W X and ProPolice, and advanced networking techniques.
You'll learn how to:
-Manage network traffic with VLANs, trunks, IPv6, and the PF packet filter
-Make software management quick and effective using the ports and packages system
-Give users only the access they need with groups, sudo, and chroots
-Configure OpenBSD's secure implementations of SNMP, DHCP, NTP, hardware sensors, and more
-Customize the installation and upgrade processes for your network and hardware, or build a custom OpenBSD release
Whether you're a new user looking for a complete introduction to OpenBSD or an experienced sysadmin looking for a refresher, Absolute OpenBSD, 2nd Edition will give you everything you need to master the intricacies of the world's most secure operating system.
Synopsis
OpenBSD, the elegant, highly secure Unix-like operating system, is widely used as the basis for critical DNS servers, routers, firewalls, and more. But it can be even trickier to use than either Unix or Linux, and even harder to master.
From Michael W. Lucas, author of Absolute FreeBSD, Network Flow Analysis, Cisco Routers for the Desperate, and PGP & GPG, comes the long-awaited revision of the classic guide to OpenBSD. This straightforward and practical guide is for the experienced UNIX user who wants to add OpenBSD to his or her repertoire. Lucas takes you through the intricacies of the platform, offering thorough explanations, technical background, best practices, and copious humor throughout. Absolute OpenBSD, 2nd Edition is completely updated to cover OpenBSD 5.3 and includes new coverage of OpenBSD's boot system, security features like W^X and ProPolice, and advanced networking techniques.
Whether you're a new user looking for a complete introduction to OpenBSD, or an experienced sysadmin looking for a refresher, Absolute OpenBSD, 2nd Edition will give you everything you need to master the world's most secure operating system.
About the Author
Michael W. Lucas is a network/security engineer who keeps getting stuck with network problems nobody else wants to touch. He is the author of the critically acclaimed Absolute FreeBSD, Absolute OpenBSD, Network Flow Analysis, Cisco Routers for the Desperate, and PGP & GPG, all from No Starch Press.
Table of Contents
Advance Praise for Absolute OpenBSD, 2nd Edition; About the Author; About the Technical Reviewer; Foreword; Acknowledgments; Introduction; What Is Security?; What Is BSD?; The Birth of OpenBSD; The OpenBSD Community; OpenBSD's Strengths; OpenBSD and Your Security; OpenBSD's Uses; About This Book; Contents Overview; Chapter 1: Getting Additional Help; 1.1 OpenBSD's Support Model; 1.2 The Code Is Fine. What's Wrong with You?; 1.3 Sources of Information; 1.4 Using OpenBSD Problem-Solving Resources; Chapter 2: Installation Preparations; 2.1 OpenBSD Hardware; 2.2 Getting OpenBSD; 2.3 File Sets; 2.4 Partitioning; 2.5 Partition Filesystems; 2.6 Multiple Hard Drives; 2.7 Understanding Partitions; 2.8 Understanding Disklabels; 2.9 Other Information; Chapter 3: Installation Walk-Through; 3.1 Hardware Setup; 3.2 BIOS Configuration; 3.3 Making Boot Media; 3.4 Installing OpenBSD; 3.5 Custom Disk Layout; 3.6 Advanced Disklabel Commands; Chapter 4: Post-Install Setup; 4.1 First Steps; 4.2 Software Configuration; 4.3 Time and Date; 4.4 Hostname; 4.5 Networking; 4.6 Mail Aliases and Status Mail; 4.7 Keyboard Mapping; 4.8 Installing Ports and Source Code; 4.9 Booting to a Graphic Console; 4.10 Onward!; Chapter 5: The Boot Process; 5.1 Power-On and the Boot Loader; 5.2 Booting in Single-User Mode; 5.3 Booting an Alternate Kernel; 5.4 Making Boot Loader Settings Permanent; 5.5 Serial Consoles; 5.6 Multiuser Startup; Chapter 6: User Management; 6.1 The Root Account; 6.2 Adding Users; 6.3 Removing User Accounts; 6.4 Editing User Accounts; 6.5 Login Classes; 6.6 Unprivileged User Accounts; Chapter 7: Root, and How to Avoid It; 7.1 The Root Password; 7.2 Using Groups; 7.3 Hiding Root with sudo; 7.4 Using sudo; 7.5 sudoedit; 7.6 The Biggest sudo Mistake: Exclusions; 7.7 sudo Logs; Chapter 8: Disks and Filesystems; 8.1 Device Nodes; 8.2 DUIDs and /etc/fstab; 8.3 MBR Partitions and fdisk(8); 8.4 Labeling Disks; 8.5 The Fast File System; 8.6 What's Currently Mounted?; 8.7 Mounting and Unmounting Partitions; 8.8 How Full Is That Partition?; 8.9 Adding New Hard Disks; Chapter 9: More Filesystems; 9.1 Backing Up to the /altroot Partition; 9.2 Memory Filesystems; 9.3 Foreign Filesystems; 9.4 Removable Media; 9.5 Mounting Filesystem Images; 9.6 Basic NFS Setup; 9.7 The OpenBSD NFS Server; 9.8 NFS Clients; 9.9 Software RAID; 9.10 Encrypted Disk Partitions; Chapter 10: Securing Your System; 10.1 Who Is the Enemy?; 10.2 OpenBSD Security Announcements; 10.3 OpenBSD Memory Protection; 10.4 File Flags; 10.5 Securelevels; 10.6 Keeping Secure; Chapter 11: Overview of TCP/IP; 11.1 Network Layers; 11.2 The Life and Times of a Network Request; 11.3 Network Stacks; 11.4 IPv4 Addresses and Subnets; 11.5 IPv6 Addresses and Subnets; 11.6 Remedial TCP/IP; 11.7 IP Routing; Chapter 12: Connecting to the Network; 12.1 DNS Resolution; 12.2 Ethernet; 12.3 Configuring Ethernet; 12.4 Trunking; 12.5 VLANs; 12.6 IPv6 Over Tunnels; Chapter 13: Software Management; 13.1 Making Software; 13.2 Source Code and Software; 13.3 The Ports and Packages System; 13.4 Using Packages; 13.5 Using Ports; 13.6 Building Ports; 13.7 Customizing Ports; 13.8 Subpackages; 13.9 Packages and rc.d Scripts; Chapter 14: Everything /etc; 14.1 /etc Across Unix Variants; 14.2 The /etc Files; Chapter 15: System Maintenance; 15.1 Scheduled Tasks; 15.2 System Logs; 15.3 Log File Maintenance; 15.4 System Time; 15.5 Hardware Sensors; Chapter 16: Network Servers; 16.1 The inetd Small-Server Handler; 16.2 The lpd Printing Daemon; 16.3 The DHCP Server dhcpd; 16.4 The TFTP Daemon tftpd; 16.5 The SNMP Agent snmpd; 16.6 The SSH Server sshd; Chapter 17: Desktop OpenBSD; 17.1 Configuring Your Console with wscons; 17.2 Running Virtual Terminals with tmux; 17.3 Setting Up X; 17.4 Using the cwm Window Manager; Chapter 18: Kernel Configuration; 18.1 What Is the Kernel?; 18.2 Viewing and Adjusting Sysctls; 18.3 Altering the Kernel with config(8); 18.4 Boot-Time Kernel Configuration; Chapter 19: Building Custom Kernels; 19.1 Kernel Cautions; 19.2 Preparing for Kernel Customization; 19.3 Kernel Configuration; 19.4 Building a Kernel; 19.5 Installing Your Kernel; 19.6 Identifying the Running Kernel; Chapter 20: Upgrading; 20.1 Why Upgrade?; 20.2 OpenBSD Versions; 20.3 The OpenBSD Upgrade Process; 20.4 Upgrading from Official Media; 20.5 Updating /etc; 20.6 Updating Installed Packages; 20.7 Why Build Your Own OpenBSD?; 20.8 Preparations for Building Your Own OpenBSD; 20.9 Building OpenBSD-stable; 20.10 Building OpenBSD-current; 20.11 Upgrading Ports; Chapter 21: Packet Filtering; 21.1 Firewalls; 21.2 Enabling and Configuring PF; 21.3 Packet-Filtering Basics; 21.4 PF Components; 21.5 Filtering Rules; 21.6 Filtering Rules and the State Table; 21.7 Packet Filtering with Lists and Macros; 21.8 Sanitizing Traffic; 21.9 PF Options; Chapter 22: Advanced PF; 22.1 Packet Filtering with Tables; 22.2 Using NAT; 22.3 Anchors; 22.4 FTP and PF; 22.5 Bandwidth Management; 22.6 PF Edges; 22.7 Logging PF; Chapter 23: Customizing OpenBSD; 23.1 Virtualizing OpenBSD; 23.2 Diskless Installation; 23.3 Running Diskless; 23.4 USB Installation Media; 23.5 Customizing OpenBSD Installations; 23.6 Customizing Upgrades; Afterword;