OpenBSD is a UNIX-like operating system, forked from NetBSD in 1995 by Theo de Raadt. Designed to be secure by default, OpenBSD includes notable security features such as unveil and pledge, which help enforce application security policies and restrict system resource access.
Get an overview of OpenBSD, starting with version 7.5:
ISO: https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/install75.iso (603 MB)
Installer: bsd.rd (install.sub), a RAM disk kernel, source available at http://cvsweb.openbsd.org/src/distrib/miniroot
Installation is really simple.
Hostname: openbsd.local
Network Interface: hvn0, configured via DHCP (autoconf)
Root: password set
SSH: Enabled
Disk Layout: sd0, using the auto-layout option
It is recommended to install all the sets.
Type:halt -p
Apply the new name (obsd.lab.local) editing the file /etc/myname :obsd.lab.local
Apply now:hostname -s obsd.lab.local
Set the static IP address modifying the file /etc/hostname.hvn0 :inet 192.168.1.26 255.255.255.0
Set the gateway IP address modifying the file /etc/mygate :192.168.1.1
Resolving DNS, change the file /etc/resolv.conf:nameserver 8.8.8.8
nameserver 8.8.4.4
lookup file bind
Restart the network stack to apply the changes:sh /etc/netstart hvn0
Let's change the file /etc/hostname.hvn0 :inet autoconf
Then, remove the old IP address:ifconfig hvn0 delete 192.168.1.26
rm /etc/mygate
route flush
Get the new IP address:dhcpleasectl hvn0
Don't forget to change your /etc/hosts file.
Finally, check the result with: ifconfig hvn0
You can also check your Internet connection with: ping yahoo.fr
You can interactively use the command:
adduser
The hard way:
To add a user named admin:useradd -m admin
Allow admin to use su for administration:usermod -G wheel admin
Assign a password to admin:passwd admin
Check the results with: id admin
You can now use ssh to administrate the box remotely:ssh admin@IP_ADDRESS
OpenBSD does not include sudo by default. However, you can install it using:pkg_add sudo
OpenBSD comes with doas as an alternative. To use doassomething, configure the file /etc/doas.conf by referring to the man pages for doas.conf(5) and doas(1), or use the example at /etc/examples/doas.conf.
While OpenBSD includes httpd by default, this tutorial will focus on installing Nginx to demonstrate how to install a package in OpenBSD.
Let's install nginx:pkg_add nginx
You can read the documentation at: /usr/local/share/doc/pkg-readmes/nginx
The configuration file is here: /etc/nginx/nginx.conf
No need to tune it. It is enough for our test.
By default nginx is chrooted in /var/www, and the default root web directory is /var/www/htdocs.
Enable nginx at startup:rcctl enable nginx
Start nginx: rcctl start nginx
cd /var/www/htdocs
echo '<h1>It works!</h1>' > index.html
You can now browse the test page from another computer by navigating to http://<IP_ADDRESS>.
OpenBSD uses Packet Filter (PF) for firewalling.
It is enabled by default.
Change the file /etc/pf.conf (allow only ping/ssh/www from anywhere):set skip on lo
block log all
pass in on egress inet proto icmp all icmp-type echoreq
pass in on egress inet proto tcp from any to any port {ssh, www}
pass out
Let's load the new PF rules!pfctl -f /etc/pf.conf
Action | Command |
---|---|
Check the rules syntax | pfctl -nf /etc/pf.conf |
Apply new rules | pfctl -f /etc/pf.conf |
View active rules | pfctl -s rules |
Flush current rules | pfctl -F rules |
Disable PF | pfctl -d |
Enable PF | pfctl -e |
Check logs | tcpdump -nettti pflog0 |
Use simply syspatch to update the userland/kernel and pkg_add -u to update binary packages.
You can see the patches at https://www.openbsd.org/errata.html.
To upgrade from version 7.5 to 7.6:
Read: https://www.openbsd.org/faq/upgrade76.html
Run sysupgrade, the program will download all the install sets, verify their signatures, and reboot to perform the upgrade automatically. In some cases, configuration files cannot be modified automatically, you need to run sysmerge to check and perform these configuration changes.
Finish up by upgrading the packages using pkg_add -u.
Oh, don't forget to update the userland/kernel for this version (7.4):syspatch
You can check your version, using: uname -a
Type: df -h
The results:Filesystem Size Used Avail Capacity Mounted on
/dev/sd0a 902M 123M 735M 15% /
/dev/sd0e 826M 20.0K 785M 1% /home
/dev/sd0d 2.9G 1.8G 1017M 64% /usr
The kernel: /bsd
Hypervisor: vmm(4)
Default MTA: OpenSMTPD
Pros
Cons
You can read more on OpenBSD, 👉 https://www.openbsdjumpstart.org
Last update: 2024/08/03
Click to top.