784 words, 4 minutes
Last week-end, I was invited to the UNIX Social Camp in Dijon, France to talk about the reasons I still use OpenBSD these days and why should others do so; or at least, have a look at OpenBSD .
This post is an English transcription of the original French slides that are available here .
What is OpenBSD ?
OpenBSD is a free UNIX©-like operating system.
It has been forked from NetBSD in 1995.
The development process concentrates on portability and security.
There are about 10+ supported hardware architecture.
Some of the software (OpenSSH, LibreSSL, pf…) developed for OpenBSD are widely used in other free and proprietary software.
The official OpenBSD website is https://www.openbsd.org .
Why using OpenBSD? Because you can!
The code is open and the sources freely available: OpenBSD CVSweb .
The installation media can be freely downloaded from OpenBSD CDN .
The system works on various hardware platforms: OpenBSD supported platform list .
The system is compatible with most virtualisation platforms: Qemu, KVM, Virtualbox, VMware, bhyve, vmd…
Why using OpenBSD? Because it is featurefull!
It is developed and maintained with security in mind
.
It ships with loads of security innovations
:
privilege separation and revocation, stack protector, randomization,
pledge(2)
, unveil(2)
,
etc…
Here are a few server-based options:
- Build a firewall with pf(4) .
- Build a router with bgpd(8) .
- Build a bastion with sshd(8) .
- Build a DHCP and/or DNS server with dhcpd(8) , nsd(8) , unbound(8) .
- Build a user directory with ldapd(8) .
- Build a Web server with httpd(8)
.
Build a reverse-proxy with relayd(8) . - Build a mail server with smtpd(8) and/or spamd(8) .
- Obtain and update TLS certificates from Let’s Encrypt using acme-client(1) .
It can also be used as a workstation thanks to integrated software like:
- The xenodm(1) connection manager.
- The Xorg(1) graphical server.
- One of those window managers: fvwm(1) , cwm(1) , twm(1) .
- The xterm(1) terminal emulator.
- The tmux(1) terminal multiplexer.
- One of the classical UNIX editors and shells: ed(1) , vi(1) , mg(1) , ksh(1) , csh(1) .
And many more…
Why using OpenBSD? Because it provides binary packages!
A whole set of Free and OpenSource Software is available as binary packages for every supported architecture.
- amd64: ~12000
- arm64: ~12000
- powerpc: ~8000
- risc64: ~10000
- sparc64: ~9000
- etc …
Server-oriented highlighted software for OpenBSD 7.7 include Apache, Asterisk, Go, OpenJDK, MariaDB, Node.js, OpenLDAP, PHP, Postfix, PostgreSQL, Ruby, Rust, …
Workstation-oriented highlighted software for OpenBSD 7.7 include Chromium, ffmpeg, Gnome, KDE, Krita, LibreOffice, Mozilla Firefox, Mozilla Thunderbird, (Neo)Mutt, Python, Shotcut, TeX, (neo)vim, Xfce, …
Why using OpenBSD? Because it is simple!
The text-mode installation wizard works the same way on the various
architecture and connection type (COM0, VGA, HDMI, KVM-IP…).
The documentation man(1)
is complete
and a welcome message pointing to
afterboot(8)
helps you start with
using OpenBSD. The overall filesystem organisation is described in
hier(7)
.
Service management configuration is locate in /etc/rc.conf.local.
Service management is available using a single
rcctl(8)
command.
The OS material is installed throughout /.
Third-party material is installed under /usr/local.
The system configuration examples are located inside /etc/examples/.
All software configuration defaults to /etc/.
The dedicated fw_update(8)
command manages non-free firmwares.
Binary packages management includes dealing with dependencies and
options
.
Three main commands deal with package management:
pkg_info(1)
,
pkg_add(1)
,
pkg_delete(1)
.
Security patches are managed using the
syspatch(8)
command.
System upgrades are driven by the
sysupgrade(8)
commands.
Why using OpenBSD? Because …
Strength lies in differences, not in similarities.
– Stephen Covey
Pointers to continue the journey
RTFM! As in “do your homework before asking”.
- The OpenBSD Frequently Asked Questions and Manual Pages are filled with updated information and examples.
- The @misc Mailing list ARChives may already contain answer elements to your problems or questions.
Self-advertising, if you liked this content:
- All OpenBSD content from this blog is available here .
- This Peertube video will give you an example of steps to set up an OpenBSD Workstation People .
- This Peertube video will drive you though purchasing and managing a VPS at OpenBSD Amsterdam .
Here are a couple of bookmarks I gathered:
- The OpenBSD Amsterdam VPS provider.
- The @BSDTV Peertube channel.
- Joshua Stein’s OpenBSD laptops .
- The OpenBSD Journal .
- The OpenBSD Webzine .
- Peter Hansteen’s pf tutorial .
- Roman Zolotarev’s blog .
- Solene’s blog .
Note that those content may not have been updated recently. That said, the content is probably still pretty accurate.
One more thing
Thanks again to the UCS for inviting me.
And if you wonder how the slideware was produced, I used the remark slideshow generator, the Atkinson Hyperlegible Next Medium and the Comic Code Ligatures Medium fonts. Because not everything is Google Docs and Arial! 😈