Absolute OpenBSD

Absolute OpenBSD

by Michael W. Lucas
Released April 2013
Publisher(s): No Starch Press
ISBN: 9781593274764

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on ebooks.com
Start your free trial

Book description

The definitive guide to OpenBSDForeword by Henning Brauer, OpenBSD PF Developer

OpenBSD, the elegant, highly secure Unix-like operating system, is widely used as the basis for critical DNS servers, routers, firewalls, and more. This long-awaited second edition of Absolute OpenBSD maintains author Michael Lucas's trademark straightforward and practical approach that readers have enjoyed for years. You'll learn the intricacies of the platform, the technical details behind certain design decisions, and best practices, with bits of humor sprinkled throughout. This edition has been completely updated for OpenBSD 5.3, including new coverage of OpenBSD's boot system, security features like W^X and ProPolice, and advanced networking techniques.

You'll learn how to:

  • Manage network traffic with VLANs, trunks, IPv6, and the PF packet filter
  • Make software management quick and effective using the ports and packages system
  • Give users only the access they need with groups, sudo, and chroots
  • Configure OpenBSD's secure implementations of SNMP, DHCP, NTP, hardware sensors, and more
  • Customize the installation and upgrade processes for your network and hardware, or build a custom OpenBSD release

Whether you're a new user looking for a complete introduction to OpenBSD or an experienced sysadmin looking for a refresher, Absolute OpenBSD, 2nd Edition will give you everything you need to master the intricacies of the world's most secure operating system.

"The definitive book on OpenBSD gets a long-overdue refresh." -Theo de Raadt, OpenBSD Founder

Publisher resources

View/Submit Errata

Table of contents

  1. Advance Praise for Absolute OpenBSD, 2nd Edition
  2. Dedication
  3. About the Author
  4. About the Technical Reviewer
  5. Foreword
  6. Acknowledgments
  7. Introduction
    1. What Is Security?
    2. What Is BSD?
      1. The BSD License
      2. AT&T vs. the World
    3. The Birth of OpenBSD
    4. The OpenBSD Community
      1. OpenBSD Users
      2. OpenBSD Contributors
      3. OpenBSD Committers
      4. OpenBSD Coordinator
    5. OpenBSD’s Strengths
      1. Portability
      2. Power
      3. Documentation
      4. Free
      5. Correctness
      6. Security
    6. OpenBSD and Your Security
    7. OpenBSD’s Uses
      1. Desktop
      2. Server
      3. Network Management
    8. About This Book
    9. Contents Overview
  8. 1. Getting Additional Help
    1. OpenBSD’s Support Model
    2. The Code Is Fine. What’s Wrong with You?
    3. Sources of Information
      1. Man Pages
        1. Manual Sections
        2. Viewing Man Pages
        3. Finding Man Pages
        4. Overlapping Man Page Names
        5. Man Page Contents
        6. Man Pages on the Web
      2. The OpenBSD Website
        1. Mirrors
        2. The OpenBSD FAQ
        3. Non-Project Websites
      3. OpenBSD Mailing Lists
        1. Unofficial Mailing Lists
        2. Read-Only Mailing Lists
    4. Using OpenBSD Problem-Solving Resources
      1. Using the OpenBSD Website
      2. Using Man Pages
      3. Using Internet Searches
      4. Using Mailing Lists
        1. Creating a Good Help Request
        2. How to Be Ignored
        3. Sending Your Email
        4. Responding to Email
  9. 2. Installation Preparations
    1. OpenBSD Hardware
      1. Supported Hardware
      2. Proprietary Hardware, Blobs, and Firmware
      3. Processors
      4. Memory (RAM)
      5. Hard Drives
      6. Virtualization
      7. Multiple Operating Systems
    2. Getting OpenBSD
      1. Official CDs
      2. Internet Downloads
      3. Mirror Site Layout
      4. Release Directories
      5. Boot Media
      6. Choosing Install Media
      7. Local Installation Servers
    3. File Sets
    4. Partitioning
      1. Standard OpenBSD Partitions
        1. Root Partition
        2. Swap Space
        3. /tmp Directory
        4. /var Partition
        5. /usr Partition
        6. /usr/X11R6 Partition
        7. /usr/local Partition
        8. /usr/src Partition
        9. /usr/obj Partition
        10. /home Partition
      2. Creating Other Partitions
    5. Partition Filesystems
    6. Multiple Hard Drives
    7. Understanding Partitions
      1. MBR Partitions
      2. Disklabel Partitions
    8. Understanding Disklabels
      1. Sectors and Lies
      2. Sectors and Disklabels
    9. Other Information
  10. 3. Installation Walk-Through
    1. Hardware Setup
    2. BIOS Configuration
    3. Making Boot Media
      1. Making Boot Floppies
        1. Creating Floppies on Unix-like Systems
        2. Creating Floppies on Microsoft Systems
      2. Making Boot CDs
    4. Installing OpenBSD
      1. Running the Installation Program
      2. Multiple Network Cards
      3. Setting Up Services and the First User
      4. Setting the Time Zone
      5. Setting Up the Disk
      6. Choosing File Sets
      7. Finishing the Installation
    5. Custom Disk Layout
      1. Viewing Disklabels
      2. Deleting Partitions
      3. Erasing Existing Disklabels
      4. Creating Disklabel Partitions
      5. Writing the New Disklabel
      6. Adding More Disks
    6. Advanced Disklabel Commands
      1. Changing Basic Drive Parameters
      2. Modifying Existing Partitions
      3. Entering Expert Mode
      4. Getting More Help
  11. 4. Post-Install Setup
    1. First Steps
      1. Checking the System Errata
      2. Setting the Root Password
    2. Software Configuration
    3. Time and Date
      1. Setting the Time Zone
      2. Setting the Date and Time
        1. Setting the Time with ntpd(8)
        2. Setting the Date Manually
    4. Hostname
    5. Networking
      1. Configuring Ethernet Interfaces
        1. Static IP Addresses
        2. Dynamic Configuration
      2. Setting a Default Gateway
      3. Setting Name Service Servers
    6. Mail Aliases and Status Mail
    7. Keyboard Mapping
    8. Installing Ports and Source Code
    9. Booting to a Graphic Console
    10. Onward!
  12. 5. The Boot Process
    1. Power-On and the Boot Loader
    2. Booting in Single-User Mode
      1. Mounting Disks in Single-User Mode
      2. Starting the Network in Single-User Mode
    3. Booting an Alternate Kernel
      1. Booting a Different Kernel File
      2. Booting from an Alternate Hard Disk
        1. Finding the Disk
        2. Finding the Partition
        3. Booting the Kernel
    4. Making Boot Loader Settings Permanent
    5. Serial Consoles
      1. Other Platform Serial Consoles
      2. Serial Console Physical Setup
      3. Serial Console Configuration
        1. Configuring the Serial Console Client
        2. Setting Up the Serial Console
        3. Testing the Serial Configuration
      4. Changing the Serial Console Speed
      5. Changing the Client Serial Port
      6. Serial Logins
    6. Multiuser Startup
      1. Startup System Scripts
        1. The /etc/rc Script
        2. The /etc/rc.conf Script
        3. The /etc/rc.conf.local Script
        4. The /etc/netstart Script
        5. The /etc/rc.securelevel Script
        6. The /etc/rc.local Script
        7. The /etc/rc.shutdown Script
        8. The /etc/rc.firsttime Script
        9. The /etc/fastboot Script
        10. The /etc/rc.d Directory
      2. Software Startup Scripts
      3. Third-Party rc.d Scripts
      4. Force-Starting Software
  13. 6. User Management
    1. The Root Account
    2. Adding Users
      1. Adding Users Interactively
        1. Configuring adduser
        2. Creating User Accounts
      2. Adding Users Noninteractively
        1. Groups in Batch Mode
        2. Passwords and Batch Mode
        3. Other Batch Mode Options
      3. User Account Restrictions
    3. Removing User Accounts
    4. Editing User Accounts
    5. Login Classes
      1. Login Class Definitions
      2. Changing login.conf
      3. Legal Values for login.conf Variables
      4. Setting Resource Limits
      5. Modifying the Shell Environment
      6. Password and Login Options
      7. Changing Authentication Methods
      8. Using Login Classes for RADIUS Authentication
    6. Unprivileged User Accounts
      1. The nobody Account
      2. _username
      3. Creating Unprivileged Users
  14. 7. Root, and How to Avoid It
    1. The Root Password
    2. Using Groups
      1. The /etc/group File
      2. Creating Groups
      3. Groups, Unprivileged Users, and Group Permissions
    3. Hiding Root with sudo
      1. Why Use sudo?
      2. sudo Disadvantages
      3. An Overview of the sudo Software
      4. The visudo(8) Command
      5. The /etc/sudoers File
        1. Multiple Entries in a sudoers Field
        2. Running Commands As Non-root Users
        3. Long Lines
      6. /etc/sudoers Aliases
        1. User Aliases
        2. Run as Aliases
        3. Host Aliases
        4. Command Aliases
        5. Using Aliases in /etc/sudoers
        6. Nesting Aliases
        7. Alias Naming Conventions
      7. Changing sudo’s Default Behavior
        1. Overriding Defaults per Host
        2. Overriding Defaults per User
        3. Overriding Defaults per Command
        4. Overriding Defaults per Run As
      8. sudo and the Environment
    4. Using sudo
      1. sudo Password Caching
      2. Running Commands Under sudo
      3. Running Commands as Other Users
    5. sudoedit
    6. The Biggest sudo Mistake: Exclusions
    7. sudo Logs
  15. 8. Disks and Filesystems
    1. Device Nodes
      1. Raw and Block Devices
        1. Block Devices
        2. Raw Devices
        3. Choosing Your Mode
      2. Device Attachment vs. Device Name
    2. DUIDs and /etc/fstab
    3. MBR Partitions and fdisk(8)
      1. Viewing MBR Partitions
      2. Adding and Removing Partitions
      3. Making a Partition Bootable
      4. Exiting fdisk
    4. Labeling Disks
      1. Viewing Labels
      2. Creating Disklabel Partitions
      3. Backing Up and Restoring Disklabels
    5. The Fast File System
      1. FFS Versions
      2. Blocks, Fragments, and Inodes
        1. Blocks
        2. Inodes
        3. Superblocks
      3. Creating FFS Filesystems
      4. FFS Mount Options
        1. Mount Options and /etc/fstab
        2. Read-Only Mounts
        3. Read-Write Mounts
        4. Synchronous Mounts
        5. Asynchronous Mounts
        6. Soft Update Mounts
        7. “Don’t Track Access Time” Mounts
        8. No Device Nodes Permitted Mount
        9. Execution Forbidden Mounts
        10. setuid Forbidden
        11. Do Not Automatically Mount This Filesystem
      5. Filesystem Integrity
        1. Running fsck
        2. Blindly Trusting fsck
    6. What’s Currently Mounted?
    7. Mounting and Unmounting Partitions
      1. Mounting Standard Filesystems
      2. Mounting at Nonstandard Locations
      3. Unmounting Partitions
      4. Mounting with Options
    8. How Full Is That Partition?
      1. What’s All That Stuff?
      2. Setting $BLOCKSIZE
    9. Adding New Hard Disks
      1. Creating an MBR Partition
      2. Creating a Disklabel
      3. Moving Partitions
      4. Adding New Filesystems
      5. Stackable Mounts
  16. 9. More Filesystems
    1. Backing Up to the /altroot Partition
    2. Memory Filesystems
      1. Creating MFS Partitions
      2. Mounting an MFS at Boot
    3. Foreign Filesystems
      1. Inodes vs. Vnodes
      2. Common Foreign Filesystems
        1. MS-DOS
        2. NTFS
        3. ext2fs
        4. CD
      3. Foreign Filesystem Ownership
    4. Removable Media
    5. Mounting Filesystem Images
      1. Attaching Vnode Devices to Disk Images
      2. Detaching Vnode Devices from Images
    6. Basic NFS Setup
    7. The OpenBSD NFS Server
      1. Exporting Filesystems
      2. Read-Only Mounts
      3. NFS and Users
      4. Permitted Clients
      5. Multiple Exports for One Partition
    8. NFS Clients
    9. Software RAID
      1. RAID Types
      2. Preparing Disks for softraid
      3. Creating softraid Devices
      4. softraid Status
      5. Identifying Failed softraid Volumes
      6. Rebuilding Failed softraid Volumes
      7. Deleting softraid Devices
      8. Reusing softraid Disks
      9. Booting from a softraid Device
    10. Encrypted Disk Partitions
      1. Creating Encrypted Partitions
      2. Using Encrypted Partitions
      3. Automatic Decryption
  17. 10. Securing Your System
    1. Who Is the Enemy?
      1. Script Kiddies
      2. Botnets
      3. Disaffected Users
      4. Skilled Attackers
    2. OpenBSD Security Announcements
    3. OpenBSD Memory Protection
      1. W^X
      2. .rodata Segments
      3. Guard Pages
      4. Address Space Layout Randomization
      5. ProPolice
      6. And More!
    4. File Flags
      1. File Flag Types
      2. Setting, Viewing, and Removing File Flags
    5. Securelevels
      1. Setting the System Securelevel
      2. Securelevel Definitions
        1. Securelevel -1
        2. Securelevel 0
        3. Securelevel 1
        4. Securelevel 2
      3. What Securelevel Do You Need?
      4. Securelevel Weaknesses
    6. Keeping Secure
  18. 11. Overview of TCP/IP
    1. Network Layers
      1. The Physical Layer
      2. The Datalink Layer
      3. The Network Layer
      4. The Transport Layer
      5. Applications
    2. The Life and Times of a Network Request
    3. Network Stacks
    4. IPv4 Addresses and Subnets
      1. Calculating a Decimal IPv4 Netmask
      2. Viewing IPv4 Addresses
      3. Unusable IPv4 Addresses
      4. Special IPv4 Addresses
        1. Localhost
        2. Private Networks
      5. IPv4 Addressing Pitfalls
    5. IPv6 Addresses and Subnets
      1. IPv6 Basics
      2. Understanding IPv6 Addresses
      3. Viewing IPv6 Addresses
      4. IPv6 Subnets
      5. Special IPv6 Addresses
        1. localhost
        2. Link Local Addresses
      6. Assigning IPv6 Addresses
    6. Remedial TCP/IP
      1. ICMP
      2. UDP
      3. TCP
      4. How Protocols Fit Together
      5. Transport Protocol Ports
      6. Reserved Ports
      7. Which Ports Are Open?
        1. Using netstat
        2. Using fstat
    7. IP Routing
      1. IPv4 Routed Network Example
      2. Managing Routing with route(8)
        1. Viewing Routes
        2. Route Flags
        3. Adding Routes
        4. Deleting Routes
  19. 12. Connecting to the Network
    1. DNS Resolution
      1. The /etc/resolv.conf File
        1. Default Search Domains
        2. Using Domain and Search
        3. Name Servers
        4. Lookup Order
        5. Preferred IP Protocol
      2. The /etc/hosts File
      3. Resolver vs. Dynamic Configuration
    2. Ethernet
      1. Protocol and Hardware
        1. IPv4 and ARP
        2. IPv6 and Neighbor Discovery
        3. Speed and Duplex
    3. Configuring Ethernet
      1. Using ifconfig(8)
        1. Adding an IP Address
        2. Removing IP Addresses
        3. Multiple IP Addresses on One Ethernet Card
      2. Configuring Default Routes
      3. Using Dynamic Configuration
      4. Configuring the Network at Boot
    4. Trunking
      1. Link Aggregation Protocols
      2. Trunk Configuration
      3. Trunks at Boot
    5. VLANs
      1. Configuring Switches
      2. Configuring VLAN Devices
      3. Configuring VLANs at Boot
    6. IPv6 Over Tunnels
  20. 13. Software Management
    1. Making Software
    2. Source Code and Software
    3. The Ports and Packages System
    4. Using Packages
      1. Package Files and $PKG_PATH
      2. Finding Packages
        1. Finding Packages on the Command Line
        2. Finding Packages on the Web
      3. Installing Packages
        1. Which Files Are Installed?
        2. Verbose Installation
        3. Ambiguous Packages
      4. Identifying Where Files Originate
      5. Uninstalling Packages
      6. Package Limitations
    5. Using Ports
      1. The Ports Tree
      2. Secondary Ports
      3. Read-Only Ports Tree
      4. Finding Software
        1. The Ports Index
        2. Finding by Keyword
        3. Finding via SQL
    6. Building Ports
      1. What a Port Installation Does
      2. Port Build Stages
        1. The make fetch Stage
        2. The make checksum Stage
        3. The make prepare Stage
        4. The make extract Stage
        5. The make patch Stage
        6. The make configure Stage
        7. The make build Stage
        8. The make fake Stage
        9. The make package Stage
        10. The make install Stage
        11. The make clean Stage
    7. Customizing Ports
      1. Local Distfile Mirrors
        1. Preferred Collection Mirrors
        2. Fallback Mirrors
        3. Primary Mirror
      2. Flavors
        1. Building a Flavored Port
        2. Flavors and Dependencies
        3. Building Multiple Flavors
        4. Uninstalling and Reinstalling Flavored Ports
    8. Subpackages
    9. Packages and rc.d Scripts
  21. 14. Everything /etc
    1. /etc Across Unix Variants
    2. The /etc Files
      1. /etc/adduser.conf
      2. /etc/amd
      3. /etc/authpf
      4. /etc/bgpd.conf
      5. /etc/boot.conf
      6. /etc/changelist
      7. /etc/chio.conf
      8. /etc/csh.*
      9. /etc/daily and /etc/daily.local
      10. /etc/dhclient.conf
      11. /etc/dhcpd.conf
      12. /etc/disklabels/
      13. /etc/disktab
      14. /etc/dumpdates
      15. /etc/dvmrpd.conf
      16. /etc/exports
      17. /etc/fbtab
      18. /etc/firmware
      19. /etc/fonts/
      20. /etc/fstab
      21. /etc/ftpchroot
      22. /etc/ftpusers
      23. /etc/gettytab
      24. /etc/group
      25. /etc/hostapd.conf
      26. /etc/hostname.*
      27. /etc/hosts
      28. /etc/hosts.equiv
      29. /etc/hosts.lpd
      30. /etc/hotplug/
      31. /etc/ifstated.conf
      32. /etc/iked/, /etc/iked.conf, /etc/ipsec.conf, and /etc/isakmpd
      33. /etc/inetd.conf
      34. /etc/kbdtype
      35. /etc/kerberosV/
      36. /etc/ksh.kshrc
      37. /etc/ldap/ and /etc/ldapd.conf
      38. /etc/localtime
      39. /etc/locate.rc
      40. /etc/login.conf
      41. /etc/lynx.cfg
      42. /etc/magic
      43. /etc/mail/
      44. /etc/mail.rc
      45. /etc/mailer.conf
      46. /etc/man.conf
        1. Adding to the Search Index
        2. Adding to Man Page Directories
        3. Displaying Man Pages
        4. Defining Man Sections
      47. /etc/master.passwd, /etc/passwd, /etc/spwd.db, and /etc/pwd.db
        1. Editing /etc/master.passwd
        2. Controlling Account Information Access
        3. /etc/master.passwd Fields
      48. /etc/mixerctl.conf
      49. /etc/mk.conf
      50. /etc/moduli
      51. /etc/monthly and /etc/monthly.local
      52. /etc/motd
      53. /etc/mrouted.conf
      54. /etc/mtree/
      55. /etc/mygate
      56. /etc/myname
      57. /etc/netstart
      58. /etc/networks
      59. /etc/newsyslog.conf
      60. /etc/nginx/
      61. /etc/nsd.conf
      62. /etc/ntpd.conf
      63. /etc/ospf6d.conf and /etc/ospfd.conf
      64. /etc/pf.conf and /etc/pf.os
      65. /etc/ppp/
      66. /etc/printcap
      67. /etc/protocols
      68. /etc/rbootd.conf
      69. /etc/rc.*
      70. /etc/relayd.conf
      71. /etc/remote
      72. /etc/resolv.conf and /etc/resolv.conf.tail
      73. /etc/ripd.conf
      74. /etc/rmt
      75. /etc/rpc
      76. /etc/sasyncd.conf
      77. /etc/sensorsd.conf
      78. /etc/services
      79. /etc/shells
      80. /etc/skel/
      81. /etc/sliphome/
      82. /etc/snmpd.conf
      83. /etc/ssh/
      84. /etc/ssl/
      85. /etc/sudoers
      86. /etc/sysctl.conf
      87. /etc/syslog.conf
      88. /etc/systrace/
      89. /etc/termcap
      90. /etc/ttys
        1. Terminal Types
        2. Configuring Terminals
        3. Making /etc/ttys Changes Take Effect
      91. /etc/weekly and /etc/weekly.local
      92. /etc/wsconsctl.conf
      93. /etc/X11
      94. /etc/ypldap.conf
  22. 15. System Maintenance
    1. Scheduled Tasks
      1. Daily Maintenance
        1. Security Checks
        2. Vital File Backup and Testing
        3. Adding Vital Files
        4. Filesystem Integrity Checks
        5. Copying Files with rdist
        6. Silencing /etc/daily
      2. Weekly Maintenance
      3. Monthly Maintenance
      4. Custom Maintenance Scripts
    2. System Logs
      1. Facilities
      2. Priority
      3. Sorting Messages via syslogd(8)
        1. Wildcards
        2. Excluding Information
        3. Combining Facilities
        4. Marking Time
        5. Local Facilities
        6. Selecting by Program Name
      4. Log Actions
        1. Logging to Files
        2. Logging to a Program
        3. Notifying Users
        4. Logging to a Remote Host
      5. Customizing syslogd
        1. Adding Extra Log Sockets
        2. Listening to the Network
      6. Syslog and Embedded Systems
    3. Log File Maintenance
      1. newsyslog.conf Fields
        1. Log File
        2. Owner
        3. Permissions
        4. Count
        5. Size
        6. Time
        7. Flags
      2. Monitoring Logs
      3. Adding a PID File
      4. Signal Name
      5. Command to Execute
    4. System Time
      1. Configuring ntpd(8)
        1. Time Redundancy
        2. Time Sources
        3. Serving Time
      2. Using ntpd(8)
    5. Hardware Sensors
      1. Device Drivers
      2. Sensor Configuration
        1. Sensor Types
        2. Settings in sensorsd.conf
        3. Sensors Triggering Action
  23. 16. Network Servers
    1. The inetd Small-Server Handler
      1. Configuring inetd
      2. Restricting Incoming Connections
    2. The lpd Printing Daemon
    3. The DHCP Server dhcpd
      1. How DHCP Works
      2. Configuring dhcpd(8)
      3. Static IP Address Assignments
      4. Enabling dhcpd
      5. dhcpd and Firewalls
    4. The TFTP Daemon tftpd
      1. Specifying a tftpd Directory
      2. tftpd and Files
      3. tftpd Logging
      4. Testing the TFTP Server
    5. The SNMP Agent snmpd
      1. SNMP MIBs
        1. MIB References
        2. MIB Definitions
      2. SNMP Security
      3. Configuring snmpd
      4. Debugging snmpd
      5. Getting snmpd Information
        1. The PF SNMP MIB
        2. Sensors
        3. Interface Memory
        4. CARP
        5. Other MIBs
    6. The SSH Server sshd
      1. Disabling sshd
      2. SSH Host Keys
      3. sshd Network Options
      4. chrooting Users
        1. Choosing the Directory
        2. Populating the chroot
        3. chrooting Specific Users
  24. 17. Desktop OpenBSD
    1. Configuring Your Console with wscons
      1. Screen Blanking
      2. Setting wscons Variables at Boot
    2. Running Virtual Terminals with tmux
      1. The tmux Status Bar and Window Names
      2. tmux Commands and Window Management
        1. Changing the Current Window
        2. Renaming Windows
        3. Terminating Windows
      3. Getting Online Help
      4. Disconnecting, Reconnecting, and Managing Sessions
      5. Using tmux Commands
      6. Setting tmux Options
      7. Configuring tmux
    3. Setting Up X
      1. Configuring X
      2. Starting X Manually
      3. Booting into X
      4. Emulating a Three-Button Mouse
    4. Using the cwm Window Manager
      1. Configuring cwm
        1. Modifier Keys
        2. Choosing a New Window Manager
        3. Binding a Key Sequence to a Command
      2. Creating cwm Windows
      3. Managing Windows
      4. Locking the Screen
      5. Connecting to Other Machines with SSH
      6. Creating an Application Menu
      7. Using Keyboard Navigation
      8. Decorating cwm
      9. Unmapping and Remapping Keys
  25. 18. Kernel Configuration
    1. What Is the Kernel?
      1. Kernel Messages
      2. Startup Messages
      3. Device Attachments
      4. Connections and Numbering
      5. Using dmassage to View Installed Devices
    2. Viewing and Adjusting Sysctls
      1. Sysctl MIBs
      2. Viewing Sysctls
      3. Changing Sysctl Values
      4. Types of Sysctl Values
        1. Numerical Sysctls
        2. Word Sysctls
        3. Table Sysctls
      5. Setting Sysctls at Boot
    3. Altering the Kernel with config(8)
      1. Making a Backup of the Default Kernel
      2. Device Drivers and the Kernel
      3. Enabling Drivers
      4. Editing the Kernel with config
        1. Using the help and list Commands
        2. Finding and Enabling Devices
        3. Changing Kernel Constants
        4. Completing Configuration
        5. Installing Your Edited Kernel
    4. Boot-Time Kernel Configuration
  26. 19. Building Custom Kernels
    1. Kernel Cautions
      1. Don’t Build Custom Kernels
      2. Why Build Custom Kernels?
      3. Problems Building Custom Kernels
      4. Problems Running Custom Kernels
    2. Preparing for Kernel Customization
    3. Kernel Configuration
      1. Configuration Entries
        1. Options
        2. Device Drivers
        3. Pseudo-Devices
        4. Keywords
      2. Configuring GENERIC
        1. Machine-Independent Configuration
        2. Machine-Dependent Configuration
      3. Your Kernel Configuration
        1. Minor Changes
        2. Removing Options
        3. Removing Devices
        4. Wholesale Butchery
        5. Stripping Down the Kernel
        6. Gutting the Kernel
      4. Testing Your Kernel Configuration with config(8)
        1. Orphaned Devices
        2. Bogus Hardware
    4. Building a Kernel
      1. Kernel Build Errors
    5. Installing Your Kernel
    6. Identifying the Running Kernel
  27. 20. Upgrading
    1. Why Upgrade?
    2. OpenBSD Versions
      1. OpenBSD-current
      2. OpenBSD Snapshots
      3. OpenBSD Releases
      4. OpenBSD-stable
      5. Which Version Should You Use?
    3. The OpenBSD Upgrade Process
      1. Following the Upgrade Guide
        1. Install Programs
        2. Remove Programs and Files
        3. Prepare Package Upgrades
        4. System Configuration
      2. Customizing Upgrades
    4. Upgrading from Official Media
      1. Upgrading Over the Network
      2. Choosing File Sets
    5. Updating /etc
      1. Mounting Filesystems
      2. Using sysmerge(8) to Compare /etc Files
        1. Easy sysmerge Updates
        2. sysmerge and Edited Files
        3. Finishing sysmerge
    6. Updating Installed Packages
      1. Updating the Package Repository
      2. Using the Upgrade Command
        1. Package Options
        2. Package Messages
    7. Why Build Your Own OpenBSD?
    8. Preparations for Building Your Own OpenBSD
      1. Preparing the Base Operating System
      2. Getting Source Code
      3. Updating Source Code
        1. Source Code Repositories and Tags
        2. CVS Mirrors
        3. Updating to -stable
        4. Updating to -current
    9. Building OpenBSD-stable
      1. Upgrading the Kernel
      2. Building the Userland
      3. Building Xenocara
      4. Building a Release
        1. Bundling the Base System
        2. Bundling Xenocara
        3. Indexing the Release
      5. Using the Release
    10. Building OpenBSD-current
      1. Following -current
      2. Merging /etc
    11. Upgrading Ports
  28. 21. Packet Filtering
    1. Firewalls
    2. Enabling and Configuring PF
    3. Packet-Filtering Basics
      1. Packet-Filtering Concepts
        1. Stateful Inspection
        2. Packet Reassembly
        3. Default Accept vs. Default Deny
      2. “My Network Can Do No Wrong”
      3. What Packet Filtering Doesn’t Do
    4. PF Components
      1. Packet Filter Control and Configuration
      2. Interface Groups
      3. PF Configuration
    5. Filtering Rules
      1. Default Permit or Default Deny
      2. Packet Pattern Matching
        1. Direction
        2. Interface Matching
        3. Address Families
        4. Network Protocol
        5. Source and Destination Address
        6. Source and Destination Variants
        7. Interface Main Address
        8. Source and Destination Port
      3. A Complete Ruleset
      4. Activating Rules
      5. Viewing Active Rules
    6. Filtering Rules and the State Table
      1. TCP States
      2. UDP States
      3. ICMP States
    7. Packet Filtering with Lists and Macros
      1. Using Lists
      2. Using Macros
      3. A Common Error: List Exclusions and Negations
    8. Sanitizing Traffic
      1. Illegal Packets
      2. Packet Reassembly
      3. Packet Modification
      4. Blocking Spoofed Packets
    9. PF Options
      1. The set block-policy Option
      2. The set limit Option
        1. frags Limit
        2. The src-nodes Limit
        3. The states Limit
        4. The tables and table-entries Limits
        5. Setting Limits
      3. The set optimization Option
      4. The set skip Option
  29. 22. Advanced PF
    1. Packet Filtering with Tables
      1. Defining Tables
      2. Using Tables
      3. Viewing Tables
      4. Searching Tables
      5. Changing Tables
      6. Tables and Automation
    2. Using NAT
      1. Private NAT Addresses
      2. Configuring NAT
      3. How NAT Works
      4. Multiple or Specific Public Addresses
      5. Bidirectional NAT
        1. Bidirectional NAT and Security
        2. Packet Filtering, Bidirectional NAT, and Rule Order
      6. Redirection
      7. Multiple Addresses and Interface Groups
      8. Port Manipulation and Ranges
      9. Transparent Interception
    3. Anchors
      1. Adding Rules to Anchors
        1. Anchor Rules from Files
        2. Anchor Rules in pf.conf
        3. Anchor Rules via pfctl
      2. Viewing and Flushing Anchors
      3. Conditional Filtering
      4. Nested Anchors: /*
    4. FTP and PF
      1. Configuring ftp-proxy(8)
      2. PF Configuration and the FTP Proxy
    5. Bandwidth Management
      1. Queues for Bandwidth Management
      2. Parent Queue Definitions
      3. Child Queue Definitions
      4. Queue Options
        1. Default
        2. Random Early Detection
        3. Explicit Congestion Notification
        4. borrow
      5. A CBQ Ruleset
      6. Assigning Traffic to Queues
      7. Using the match Keyword
      8. Viewing Queues
    6. PF Edges
      1. Using Include Files
      2. Skipping Matches with quick
    7. Logging PF
      1. Reading PF Logs
      2. Real-Time Log Access
      3. Filtering tcpdump
      4. Ruleset Tracing
  30. 23. Customizing OpenBSD
    1. Virtualizing OpenBSD
    2. Diskless Installation
      1. Diskless Hardware
      2. DHCP Server Setup
        1. Per-Host or Per-Network Configuration
        2. Per-Network Configuration
        3. Per-Machine Configuration
      3. TFTP Server Setup
      4. Completing Diskless Installation
    3. Running Diskless
      1. Using rarpd(8) for Reverse ARP
      2. Running bootparamd(8)
      3. Setting Up the NFS Root Directory
        1. Exporting the Root Directory
        2. Populating the Diskless Userland
      4. Power On!
    4. USB Installation Media
      1. Using a Virtual Machine
      2. Running a Diskless Installation
      3. Converting ISO Images
    5. Customizing OpenBSD Installations
      1. Custom File Sets
      2. Post-Install Shell Scripts
    6. Customizing Upgrades
  31. A. Afterword
  32. Index
  33. About the Author
  34. Copyright

Product information

  • Title: Absolute OpenBSD
  • Author(s): Michael W. Lucas
  • Release date: April 2013
  • Publisher(s): No Starch Press
  • ISBN: 9781593274764