DOCSLIB.ORG

Openbsd Frequently Asked Questions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Openbsd Frequently Asked Questions OpenBSD Frequently Asked Questions Language: en [teams] de fr nl pl pt Documentation and Frequently Asked Questions Other Documents Upgrade Guide Commonly Encountered Issues Recent updates Following -current Following -stable Port Testing Guide Using AnonCVS This FAQ is supplemental documentation to the man pages, available both in the installed Using CVSup system and online. The FAQ covers the active release of OpenBSD, currently v4.1. There are Manual pages likely features and changes to features in the development version (-current) of OpenBSD that Bug Reporting are not covered in this FAQ. Mailing lists PF User's Guide The FAQ in PDF and plain text form is available in the pub/OpenBSD/doc directory from OpenSSH FAQ the FTP mirrors, along with other documents. PDF files OpenBSD FAQ PF User's Guide 1 - Introduction to OpenBSD Text files ● 1.1 - What is OpenBSD? OpenBSD FAQ ● 1.2 - On what systems does OpenBSD run? PF User's Guide ● 1.3 - Is OpenBSD really free? ● 1.4 - Why might I want to use OpenBSD? ● 1.5 - How can I help support OpenBSD? Back to OpenBSD ● 1.6 - Who maintains OpenBSD? ● 1.7 - When is the next release of OpenBSD? ● 1.8 - What is included with OpenBSD? ● 1.9 - What is new in OpenBSD 4.1? ● 1.10 - Can I use OpenBSD as a desktop system? ● 1.11 - Why is/isn't ProductX included? 2 - Other OpenBSD Information Resources ● 2.1 - Web Pages ● 2.2 - Mailing Lists ● 2.3 - Manual Pages ● 2.4 - Reporting Bugs 3 - Obtaining OpenBSD ● 3.1 - Buying an OpenBSD CD set ● 3.2 - Buying OpenBSD T-Shirts ● 3.3 - Does OpenBSD provide an ISO image for download? ● 3.4 - Downloading via FTP, HTTP or AFS http://www.openbsd.org/faq/ (1 of 7)11/18/2007 1:38:57 PM OpenBSD Frequently Asked Questions ● 3.5 - Obtaining Current Source Code 4 - OpenBSD 4.1 Installation Guide ● 4.1 - Overview of the OpenBSD installation procedure. ● 4.2 - Pre-installation checklist ● 4.3 - Creating bootable OpenBSD install media ● 4.4 - Booting OpenBSD install media ● 4.5 - Performing an install ● 4.6 - What files are needed for Installation? ● 4.7 - How much space do I need for an OpenBSD installation? ● 4.8 - Multibooting OpenBSD ● 4.9 - Sending your dmesg to [email protected] after the install ● 4.10 - Adding a file set after install ● 4.11 - What is 'bsd.rd'? ● 4.12 - Common installation problems ● 4.13 - Customizing the install process ● 4.14 - How can I install a number of similar systems? ● 4.15 - How can I get a dmesg(8) to report an install problem? 5 - Building the System from Source ● 5.1 - OpenBSD's Flavors ● 5.2 - Why should I build my system from source? ● 5.3 - Building OpenBSD from source ● 5.4 - Building a release ● 5.5 - Building X ● 5.6 - Why do I need a custom kernel? ● 5.7 - Building a custom kernel ● 5.8 - Boot-time configuration ● 5.9 - Using config(8) to change your kernel ● 5.10 - Getting more verbose output during boot ● 5.11 - Common Problems when Compiling and Building 6 - Networking ● 6.1 - Before we go any further ● 6.2 - Initial network setup ● 6.3 - How do I filter and firewall with OpenBSD? ● 6.4 - Dynamic Host Configuration Protocol (DHCP) ● 6.5 - Point to Point Protocol ● 6.6 - Tuning networking parameters ● 6.7 - Using NFS ● 6.9 - Setting up a bridge with OpenBSD ● 6.10 - How do I boot using PXE? ● 6.11 - The Common Address Redundancy Protocol (CARP) ● 6.12 - Using OpenNTPD ● 6.13 - What are my wireless networking options? ● 6.14 - How can I do equal-cost multipath routing? http://www.openbsd.org/faq/ (2 of 7)11/18/2007 1:38:57 PM OpenBSD Frequently Asked Questions 7 - Keyboard and Display Controls ● 7.1 - How do I remap the keyboard? (wscons) ● 7.2 - Is there console mouse support in OpenBSD? ● 7.3 - How do I clear the console each time a user logs out? ● 7.4 - Accessing the console scrollback buffer. (amd64, i386, some Alpha) ● 7.5 - How do I switch consoles? (amd64, i386, Zaurus, some Alpha) ● 7.6 - How can I use a console resolution of 80x50? (amd64, i386, some Alpha) ● 7.7 - How do I use a serial console? ● 7.8 - How do I blank my console? (wscons) ● 7.9 - EVERYTHING I TYPE AT THE LOGIN PROMPT IS IN CAPS! 8 - General Questions ● 8.1 - I forgot my root password... What do I do! ● 8.2 - X won't start, I get lots of error messages ● 8.3 - Can I use programming language "L" on OpenBSD? ● 8.8 - Is there any way to use my floppy drive if it's not attached during boot? ● 8.9 - OpenBSD Bootloader (i386 amd64 specific) ● 8.10 - Using S/Key on your OpenBSD system ● 8.12 - Does OpenBSD support SMP? ● 8.13 - I sometimes get Input/output error when trying to use my tty devices ● 8.14 - What web browsers are available for OpenBSD? ● 8.15 - How do I use the mg editor? ● 8.16 - Ksh does not appear to read my .profile! ● 8.17 - Why does my /etc/motd file get written over when I modified it? ● 8.18 - Why does www.openbsd.org run on Solaris? ● 8.20 - Antialiased and TrueType fonts in X ● 8.21 - Does OpenBSD support any journaling filesystems? ● 8.22 - Reverse DNS or Why is it taking so long for me to log in? ● 8.23 - Why do the OpenBSD web pages not conform to HTML4/XHTML? ● 8.24 - Why is my clock off by twenty-some seconds? ● 8.25 - Why is my clock off by several hours? 9 - Migrating to OpenBSD ● 9.1 - Tips for users of other Unix-like Operating Systems ● 9.2 - Dual boot of Linux and OpenBSD ● 9.3 - Converting your Linux (or other Sixth Edition-style) password file to BSD- style. ● 9.4 - Running Linux binaries on OpenBSD ● 9.5 - Accessing your Linux files from OpenBSD 10 - System Management ● 10.1 - When I try to su to root it says that I'm in the wrong group ● 10.2 - How do I duplicate a filesystem? ● 10.3 - How do I start daemons with the system? (Overview of rc(8)) http://www.openbsd.org/faq/ (3 of 7)11/18/2007 1:38:57 PM OpenBSD Frequently Asked Questions ● 10.4 - Why do users get relaying access denied when they are remotely sending mail through my OpenBSD system? ● 10.5 - I've set up POP, but I get errors when accessing my mail through POP. What can I do? ● 10.6 - Why does Sendmail ignore /etc/hosts file? ● 10.7 - Setting up a Secure HTTP Server using SSL(8) ● 10.8 - I made changes to /etc/passwd with vi(1), but the changes didn't seem to take place. Why? ● 10.9 - How do I add a user? or delete a user? ● 10.10 - How do I create a ftp-only account? ● 10.11 - Setting up user disk quotas ● 10.12 - Setting up KerberosV Clients and Servers ● 10.13 - Setting up an Anonymous FTP Server ● 10.14 - Confining users to their home directories in ftpd(8). ● 10.15 - Applying patches in OpenBSD. ● 10.16 - Tell me about chroot(2) Apache? ● 10.17 - Can I change the root shell? ● 10.18 - What else can I do with ksh? 11 - The X Window System ● 11.1 - Introduction to X ● 11.2 - Configuring X ● 11.3 - Configuring X on amd64 and i386 ● 11.4 - Starting X 12 - Platform-Specific Questions ● 12.1 - General hardware notes ● 12.2 - DEC Alpha ● 12.3 - AMD 64 ● 12.4 - ARM-based appliances ● 12.5 - HP 9000 series 300, 400 ● 12.6 - HP Precision Architecture (PA-RISC) ● 12.7 - i386 ● 12.8 - Landisk ● 12.9 - Luna88k ● 12.10 - Mac68k ● 12.11 - MacPPC ● 12.12 - MVME68k ● 12.13 - MVME88k ● 12.14 - SGI ● 12.15 - SPARC ● 12.16 - UltraSPARC ● 12.17 - DEC VAX ● 12.18 - Sharp Zaurus 13 - Multimedia http://www.openbsd.org/faq/ (4 of 7)11/18/2007 1:38:57 PM OpenBSD Frequently Asked Questions ● 13.1 - How do I configure my audio device? ● 13.2 - Playing different kinds of audio ● 13.3 - How can I play audio CDs in OpenBSD? ● 13.4 - Can I use OpenBSD to record audio samples? ● 13.5 - Tell me about Ogg Vorbis and MP3 encoding? ● 13.6 - How can I playback video DVDs in OpenBSD? ● 13.7 - How do I burn CDs and DVDs? ● 13.8 - But I want my media files in format FOO. ● 13.9 - Is it possible to play streaming media under OpenBSD? ● 13.10 - Can I have a Java plugin in my web browser? (i386 only) ● 13.11 - Can I have a Flash plugin in my web browser? (i386 only) 14 - Disk Setup ● 14.1 - Using OpenBSD's disklabel(8) ● 14.2 - Using OpenBSD's fdisk(8) ● 14.3 - Adding extra disks in OpenBSD ● 14.4 - How to swap to a file ● 14.5 - Soft Updates ● 14.6 - How does OpenBSD/i386 boot? ● 14.7 - What are the issues regarding large drives with OpenBSD? ● 14.8 - Installing Bootblocks - i386 specific ● 14.9 - Preparing for disaster: Backing up and Restoring from tape. ● 14.10 - Mounting disk images in OpenBSD ● 14.11 - Help! I'm getting errors with IDE DMA! ● 14.13 - RAID options with OpenBSD ● 14.14 - Why does df(1) tell me I have over 100% of my disk used? ● 14.15 - Recovering partitions after deleting the disklabel ● 14.16 - Can I access data on filesystems other than FFS? ● 14.17 - Can I use a flash memory device with OpenBSD? ● 14.18 - Optimizing disk performance ● 14.19 - Why aren't we using async mounts? 15 - The OpenBSD packages and ports system ● 15.1 - Introduction ● 15.2 - Package management ● 15.3 - Working with ports ● 15.4 - FAQ ● 15.5 - Reporting problems ● 15.6 - Helping us PF User's Guide ● Basic Configuration ❍ Getting Started ❍ Lists and Macros ❍ Tables ❍ Packet Filtering http://www.openbsd.org/faq/ (5 of 7)11/18/2007 1:38:57 PM OpenBSD Frequently Asked Questions ❍ Network Address Translation ❍ Traffic Redirection (Port Forwarding) ❍ Shortcuts For Creating Rulesets ● Advanced Configuration ❍ Runtime Options ❍ Scrub (Packet Normalization) ❍ Anchors ❍ Packet Queueing and Prioritization ❍ Address Pools and Load Balancing ❍ Packet Tagging (Policy Filtering) ● Additional Topics ❍ Logging ❍ Performance ❍ Issues with FTP ❍ Authpf: User Shell for Authenticating Gateways ❍ Firewall Redundancy with CARP and pfsync ● Example Rulesets ❍ Firewall for Home or Small Office Commonly Encountered Issues ● Common Installation Problems ● How do I upgrade my system? ● Packet Filter ● Should I use Ports or Packages? ● How do I set up a multi-boot system? ● Hard disk DMA errors ● Wireless networking options Recent Updates ● FAQ updated for OpenBSD 4.1 ● Upgrade Guide - new ● The X Window System - new ● PF Example - revised ● FAQ 8 - Can I use programming language "L" on OpenBSD? - new ● FAQ 15 - Packages and Ports - new ● FAQ 13 - using Java and Flash - new The FAQ maintainers are Nick Holland, Joel Knight, and Steven Mestdagh.
Load more

Recommended publications
  • BSD UNIX Toolbox 1000+ Commands for Freebsd, Openbsd
    76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page i BSD UNIX® TOOLBOX 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iv BSD UNIX® Toolbox: 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD® Power Users Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-37603-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data is available from the publisher. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permis- sion should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • OPENBSD HARDWARE SENSORS FRAMEWORK a Unified and Ready-To-Use System for Hassle-Ee Hardware Monitoring
    OPENBSD HARDWARE SENSORS FRAMEWORK A unified and ready-to-use system for hassle-ee hardware monitoring. Constantine A. Murenin and Raouf Boutaba University of Waterloo AsiaBSDCon 2009 — 12–15 March 2009 — Tokyo, Japan Abstract In this paper, we will discuss the origin, history, design guidelines, API and the device drivers of the hardware sensors framework available in OpenBSD. The framework spans multiple utilities in the base system and the ports tree, is utilised by over 70 drivers, and is considered to be a distinctive and ready-to-use feature that sets OpenBSD apart from many other operating systems, and in its root is inseparable from the OpenBSD experience. 1. Introduction Another trend that has been particularly common in the recent years is the availability of defined inter- We will start by investigating into the matter of what faces for software-based temperature readout from hardware monitoring sensors represent, how common individual components of personal computers, such as is it for them to appear in the general-purpose com- the CPU, or the add-on cards, such as those imple- puter hardware that has been available on the market menting the 802.11 wireless functionality or 10 Giga- in the last decade or so, and what benefits can we gain bit Ethernet. Popular examples include recent Intel by having a unified, simple and straightforward inter- Xeon and Core series of processors (as well as budget face for getting the data out of these sensors. models that are marketed under different brands) Although it may come as a surprise to some users, the [admtemp.4] [cpu.4]; all AMD64 processors from majority of personal computers that have been avail- AMD (Families 0Fh, 10h, 11h) [kate.4] [km.4]; Intel able on the market in the last decade have an inte- WiFi Link 4965/5100/5300 wireless network devices grated hardware monitoring circuitry whose main [iwn.4].
    [Show full text]
  • Free, Functional, and Secure
    Free, Functional, and Secure Dante Catalfamo What is OpenBSD? Not Linux? ● Unix-like ● Similar layout ● Similar tools ● POSIX ● NOT the same History ● Originated at AT&T, who were unable to compete in the industry (1970s) ● Given to Universities for educational purposes ● Universities improved the code under the BSD license The License The license: ● Retain the copyright notice ● No warranty ● Don’t use the author's name to promote the product History Cont’d ● After 15 years, the partnership ended ● Almost the entire OS had been rewritten ● The university released the (now mostly BSD licensed) code for free History Cont’d ● AT&T launching Unix System Labories (USL) ● Sued UC Berkeley ● Berkeley fought back, claiming the code didn’t belong to AT&T ● 2 year lawsuit ● AT&T lost, and was found guilty of violating the BSD license History Cont’d ● BSD4.4-Lite released ● The only operating system ever released incomplete ● This became the base of FreeBSD and NetBSD, and eventually OpenBSD and MacOS History Cont’d ● Theo DeRaadt ○ Originally a NetBSD developer ○ Forked NetBSD into OpenBSD after disagreement the direction of the project *fork* Innovations W^X ● Pioneered by the OpenBSD project in 3.3 in 2002, strictly enforced in 6.0 ● Memory can either be write or execute, but but both (XOR) ● Similar to PaX Linux kernel extension (developed later) AnonCVS ● First project with a public source tree featuring version control (1995) ● Now an extremely popular model of software development anonymous anonymous anonymous anonymous anonymous IPSec ● First free operating system to implement an IPSec VPN stack Privilege Separation ● First implemented in 3.2 ● Split a program into processes performing different sub-functions ● Now used in almost all privileged programs in OpenBSD like httpd, bgpd, dhcpd, syslog, sndio, etc.
    [Show full text]
  • Bsdcan 2004 by Bill Moran Bsdcan Conference Roundup This Is a Description of My Trip to Bsdcan 2004 in Ottawa, by Chris Coleman Canada
    Daemon News: May 2004 http://ezine.daemonnews.org/200405/ Mirrors Issues April 2004 May 2004 Get BSD Contact Us Search BSD FAQ New to BSD? DN Print Magazine BSD News BSD Mall BSD Support Join Us 1 of 4 26.05.2004 08:14 Daemon News: May 2004 http://ezine.daemonnews.org/200405/ T H I S M O N T H ' S F E A T U R E S From the Editor BSDCan 2004 by Bill Moran BSDCan Conference Roundup This is a description of my trip to BSDCan 2004 in Ottawa, by Chris Coleman Canada. If you're interested in BSD or computers in general and Didn't make it to BSDCan? did not go to BSDCan, then you made a huge mistake. The Here are all the things you conference was tremendiously educational, and the trip was a missed so you can start great opportunity to meet a number of great people, and visit a feeling guilty. beatiful city. The conference was also very affordable, and there were more than a few who attended on a shoestring budget (I tried to do this, but ended up drinking far too much beer). A Get BSD Stuff number of people also visited from tremendious distances ... attendees arrived from all over the world, so anyone who didn't make it really has no excuse. Read More Bosko's Adventures at BSDCan 2004 by Bosko Milekic It's Sunday, May 16, 2004. 5:30PM. BSDCan has come to a formal close late last night at around 2:00AM, when George, other NYCBUGers, myself, and a friend decided to finally give the poor waitresses tending on us a break, and leave the pub once and for all.
    [Show full text]
  • Clé USB Bootable Openbsd Clé USB Bootable Openbsd
    2018/05/25 10:12 1/11 Clé USB bootable OpenBSD Clé USB bootable OpenBSD Je vais indiquer ici comment créer une clé USB bootable avec OpenBSD. Intérêt ? Quel est l'intérêt de la chose ? Et bien il est multiple : Avoir un UNIX sous la main, c'est le bien Avoir un système de secours sur clé USB, c'est le pied Booter sur un système super-sécurisé, ça le fé ! C'est fun C'est la frime Les différents usages : obtenir un dmesg super détaillé pour identifier du matériel récupérer un système endommagé Avoir un anti-virus non compromis installer OpenBSD sur une nouvelle machine (oui, en plus d'être bootable, l'installation est possible !) faire de la maintenance Bref, ça le fait bien. Installation C'est l'enfance de l'art : booter sur un CD OpenBSD (i386 pour une plus grande compatibilité, mais ça marche pareil avec un amd64…), une clé USB déjà préparée, une disquette, en réseau… et lancez l'installation ! Repérez bien le device qui correspond à votre clé USB (sd0 ou sd1 probablement) et installez le système dessus. Le plus simple ? Une seule partition 'a', pas de swap, créer un utilisateur autre que root, n'installez pas compXX.tgz, ni gameXX.tgz (pour gagner quelques Mo…). Et surtout, utilisez les DUID pour identifier les disques au montage ! Exemple <mavie> J'ai reçu une clé USB Duracell de 4Go avec le programme de fidélité Orange Davantage Internet. Cool. Je m'en va installer le bousin là-dessus. Bon, le formatage prend des plombes, l'installation complète met deux heures pour aboutir, le Chez moi..
    [Show full text]
  • The Book of PF Covers the Most • Stay in Control of Your Traffic with Monitoring and Up-To-Date Developments in PF, Including New Content PETER N.M
    EDITION3RD BUILD A Covers OpenBSD 5.6, MORE SECURE FreeBSD 10.x, and NETWORK EDITION NETWORK 3RD NetBSD 6.x WITH PF THETHE BOOKBOOK THE BOOK OF PF OF THE BOOK THE BOOK OF PF OF THE BOOK OFOF PFPF OpenBSD’s stateful packet filter, PF, is the heart of • Build adaptive firewalls to proactively defend against A GUIDE TO THE the OpenBSD firewall. With more and more services attackers and spammers NO-NONSENSE placing high demands on bandwidth and an increas- OPENBSD FIREWALL • Harness OpenBSD’s latest traffic-shaping system ingly hostile Internet environment, no sysadmin can to keep your network responsive, and convert your afford to be without PF expertise. existing ALTQ configurations to the new system The third edition of The Book of PF covers the most • Stay in control of your traffic with monitoring and up-to-date developments in PF, including new content PETER N.M. HANSTEEN visualization tools (including NetFlow) on IPv6, dual stack configurations, the “queues and priorities” traffic-shaping system, NAT and redirection, The Book of PF is the essential guide to building a secure wireless networking, spam fighting, failover provision- network with PF. With a little effort and this book, you’ll ing, logging, and more. be well prepared to unlock PF’s full potential. You’ll also learn how to: ABOUT THE AUTHOR • Create rule sets for all kinds of network traffic, whether Peter N.M. Hansteen is a consultant, writer, and crossing a simple LAN, hiding behind NAT, traversing sysadmin based in Bergen, Norway. A longtime DMZs, or spanning bridges or wider networks Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional • Set up wireless networks with access points, and contributor to BSD Magazine, and the author of an lock them down using authpf and special access often-slashdotted blog (http://bsdly.blogspot.com/ ).
    [Show full text]
  • Openbsd Spamd
    OpenBSD Spamd Nicolas Greneche MAPMO Projet SDS Mathrice Rouen 2008 Sommaire 1 Introduction 2 Architecture et Algorithmes 3 Composants 4 Lancement et Param`etres 5 Exploitation 2 / 15 ... mais aussi OpenSSH, OpenNTPD, OpenCVS, OpenBGPD et Packet Filter ! Introduction - OpenBSD Syst`emed'exploitation Orient´es´ecurit´e S´eparation syst`eme de base / ports Support des mod`elesMAC et DAC Audit strict de s´ecurit´edu syst`emede base OpenBSD c'est Spamd ... 3 / 15 Introduction - OpenBSD Syst`emed'exploitation Orient´es´ecurit´e S´eparation syst`eme de base / ports Support des mod`elesMAC et DAC Audit strict de s´ecurit´edu syst`emede base OpenBSD c'est Spamd ... ... mais aussi OpenSSH, OpenNTPD, OpenCVS, OpenBGPD et Packet Filter ! 3 / 15 Introduction - Packet Filter Macros de remplacement (attribut unique ou liste) Redirections (NAT / RDR / BiNAT) R`egles Tables (rapidit´edes lookups / dynamiques) Ancres (r`eglesdynamiques) QoS authpf CARP & PFSync Port \expiretable" 4 / 15 ! Rien `afaire, c'est dans le syst`emede base Configuration de spamd Dans /etc/pf.conf : table <spamd-white> persist no rdr inet proto tcp from <spamd-white> to any port smtp rdr pass inet proto tcp from any to any port smtp ! 127.0.0.1 port spamd Dans /etc/rc.conf.local : spamd flags=““ Merci de votre attention, des questions ? Introduction - (et fin ?) Installation de spamd 5 / 15 Dans /etc/pf.conf : table <spamd-white> persist no rdr inet proto tcp from <spamd-white> to any port smtp rdr pass inet proto tcp from any to any port smtp ! 127.0.0.1 port spamd Dans /etc/rc.conf.local
    [Show full text]
  • Writing Exploit-Resistant Code with Openbsd Lawrence Teo Lteo Openbsd.Org @Lteo
    Writing Exploit-Resistant Code with OpenBSD Lawrence Teo lteo openbsd.org @lteo Slides and references at: https://lteo.net/carolinacon15 CarolinaCon 15 - Charlotte, NC - April 27, 2019 A question Innovation’s Black Hole Security vulnerabilities Image Credit: EHT Collaboration https://www.eso.org/public/images/eso1907a/ What is OpenBSD? • Free, multi-platform UNIX-liKe operating system • Founded by Theo de Raadt in 1995 • Secure by default • A research operating system • Two releases per year • You’re very liKely using OpenBSD code everyday • OpenSSH • LibreSSL • tmux • More: openbsd.org/innovations.html • Coolest mascot ever whoami • OpenBSD developer since 2012 • Primarily areas related to networking • PF, networK stacK, libpcap, tcpdump, etc. • Userland stuff, ports, man pages, etc • Co-founder, Calyptix Security • Shipping thousands of OpenBSD-based firewalls from Charlotte since 2006! • Ph.D. from UNC Charlotte (2006) • Research area: Info sharing for intrusion detection Auditing Software vulnerabilities How OpenBSD attacks the software vulnerability problem (my view) Auditing Exploit Software Mitigation vulnerabilities Techniques How OpenBSD attacks the software vulnerability problem (my view) Auditing Exploit Software Mitigation vulnerabilities Techniques Rigorous Development Process How OpenBSD attacks the software vulnerability problem (my view) Licensing Auditing Exploit Software Mitigation vulnerabilities Techniques Rigorous Development Process How OpenBSD attacks the software vulnerability problem (my view) Licensing Education
    [Show full text]
  • Opensmtpd: We Deliver
    OpenSMTPD: we deliver Giovanni Bechis <[email protected]> LinuxCon Europe 2015 About Me I sys admin and developer @SNB I OpenBSD developer I Open Source developer in several other projects OpenSMTPD story I first import in late 2008 I default smtp server in OpenBSD since March 2014 I current version is 5.7.3 released October 5, 2015 I portable version is available for *BSD, Linux and MacOSX why OpenSMTPD ? I in OpenBSD we needed a new smtp server to replace sendmail(8) I Postfix has not a "good" licence (from an OpenBSD pov) I OpenSMTPD is designed with security in mind I pf.conf(5) like configuration file OpenSMTPD: security in mind I multiple processes I privilege revocation I chroot I strlcpy(3), reallocarray(3), arc4random(3), imsg, ... I no auth on unsecure connections I crypt(3) as password hashing function OpenSMTPD: features I smtp protocol as defined in RFC 5321 I backup mx support I mbox and maildir support I authentication inbound and outbound with multiple backends I masquerade support I mailwrapper(8) for sendmail(8) I filters I compressed or crypted mail queue OpenSMTPD: extras I in base src code lives the main smtp server implementation I in extra src code lives all extra features: I table(5) support for different databases I different queue backends I different schedulers I filters OpenSMTPD: basic configuration listen on lo0 table aliases db:/etc/mail/aliases.db # accept from any for domain "example.org" alias <aliases> deliver to mbox accept for local alias <aliases> deliver to mbox accept from local for any relay OpenSMTPD:
    [Show full text]
  • Firewalling with Openbsd's PF Packet Filter
    Firewalling with OpenBSD’s PF packet filter Peter N. M. Hansteen [email protected] Copyright © 2005 - 2012 Peter N. M. Hansteen This document is © Copyright 2005 - 2012, Peter N. M. Hansteen. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The document is a ’work in progress’, based on a manuscript prepared for a lecture at the BLUG (see http://www.blug.linux.no/) meeting of January 27th, 2005. Along the way it has spawned several conference tutorials as well as The Book of PF (http://nostarch.com/pf2.htm) (second edition, No Starch Press November 2010), which expands on all topics mentioned in this document presents several topics that are only hinted at here.
    [Show full text]
  • The Book of PF Is the PETER N.M
    With a foreword by BUILDBUILD THETHE BOB BECK, NETWORKNETWORK YOUYOU Director of NEEDNEED WITHWITH PFPF the OpenBSD Foundation THETHE BOOKBOOK THE BOOK OF PF OF THE BOOK THE BOOK OF PF OF THE BOOK OpenBSD’s stateful packet filter, PF, offers an amazing • Use PF to create a wireless access point, and lock it OFOF PFPF feature set and support across the major BSD platforms. down tight with authpf and special access restrictions A NO-NONSENSE GUIDE TO THE Like most firewall software though, unlocking PF’s full • Maximize availability by using redirection rules for potential takes a good teacher. OPENBSD FIREWALL load balancing and CARP for failover Peter N.M. Hansteen’s PF website and conference • Use tables for proactive defense against would-be tutorials have helped thousands of users build the attackers and spammers networks they need using PF. The Book of PF is the PETER N.M. HANSTEEN product of Hansteen’s knowledge and experience, • Set up queues and traffic shaping with ALTQ, so your teaching good practices as well as bare facts and network stays responsive software options. Throughout the book, Hansteen • Master your logs with monitoring and visualization, emphasizes the importance of staying in control by because you can never be too paranoid having a written network specification, using macros to make rule sets more readable, and performing rigid The Book of PF is written for BSD enthusiasts and network testing when loading in new rules. admins at any level of expertise. With more and more services placing high demands on bandwidth and Today’s system administrators face increasing challenges increasing hostility coming from the Internet at large, you in the quest for network quality, and The Book of PF can can never be too skilled with PF.
    [Show full text]
  • Zettabyte File System
    ZFS Zettabyte File System Powered by: www.netbsd.ir www.usenix.ir ZFS Futures – Zpool – Snapshot – Zil – Compression – Deduplication – Copy-On-Write – L2ARC – Adaptive Replacement Cache (ARC) – Transaction Group (TXG) – vdev Types – Dataset – Clone – Checksum – Dataset Quota – RAID-Z ZFS Limits Max. volume size : 256 zebibytes (2^78 bytes) Max. file size : 16 exbibytes (2^64 bytes) Max. number of files : Per directory: 2^48 Per file system : unlimited ZFS Zpool ZFS Zil ZFS Compression ● LZ4 ● LZJB ● GZIP ● ZLE ZFS Copy-On-Write ZFS Deduplication ZFS ARC/L2ARC ZFS Dataset ZFS Clone ZFS RAID ZFS Checksum ZFS FreeNAS/NAS4Free Powered by : www.netbsd.ir www.usenix.ir OpenBSD Theo de Raadt October 1995 OpenBSD Pay attention to security problems and fix them before anyone else does (Try to be the #1 most secure operating system.) Provide the best development platform possible Integrate good code from any source with acceptable licenses Greater integration of cryptographic software. Track and implement standards (ANSI, POSIX, parts of X/Open, etc.) Work towards a very machine independent source tree Be as politics-free as possible; solutions should be decided on the basis of technical merit. Focus on being developer-oriented in all senses, including holding developer-only events called hackathons Do not let serious problems sit unsolved. Make a CDROM-based release approximately every six months. OpenBSD "Secure by Default" To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled.
    [Show full text]