Learn to tame OpenBSD quickly.

July 26, 2018, proudly hosted by ARP Networks.

History

Forked from NetBSD. Theo de Raadt is the founder and leader of the OpenBSD project. The first OpenBSD release 1.1/CVS appear on October 18, 1995.

Why use OpenBSD

UNIX-like
Get the latest version of OpenSSH, OpenSMTPD, OpenNTPD, OpenIKED, OpenBGPD, LibreSSL, mandoc
Get the latest PF (Packet Filter) features
Get carp(4), httpd(8), relayd(8), vmd(1)
Security focused Operating System
Thorough documentation
Cryptography

OpenBSD innovations

Software and ideas developed or maintained by the OpenBSD project: http://www.openbsd.org/innovations.html

OpenBSD manual pages (web)

http://man.openbsd.org

OpenBSD Version numbers

Biannual release cycle
New release is incremented by 0.1

OpenBSD's Flavors

-release, shipped every six months
-stable, release, plus patches (support for 6.2 & 6.3)
-current, development branch

Installation

Really simple, ready in 5 minutes (KISS).
A response file is emailed to the root user on next boot.

Get more information: http://www.openbsd.org/faq/faq4.html

Auto-install

Use autoinstall(8) or you can try upobsd package for a full unattended install/upgrade process.

Networking (Files)

/etc/myname	Default hostname
/etc/mygate	Default gateway
/etc/hosts	Known hosts on the network
/etc/resolv.conf	Resolver (DNS)
/etc/hostname.if	Configuration for each network interface, for example: /etc/hostname.bge0

Read the manual: myname(5), hostname.if(5), resolv.conf(5), hosts(5)

Networking


# Display the current configuration of network interfaces:
/sbin/ifconfig

# Set DHCP for 're0' interface, on the fly:
/sbin/dhclient re0

# Perform network (re)initialisation:
/bin/sh /etc/netstart

Networking (Routing)


# Show the routing table (ipv4):
/sbin/route -n show -inet

# Show the routing table (ipv6):
/sbin/route -n show -inet6

# Delete all gateway entries from the routing table:
/sbin/route -n flush

Networking (set at startup)

Example 1: configure static IP address for re0


## file: /etc/hostname.re0
inet 192.168.0.58 255.255.255.0

Read the manual: hostname.if(5)

Don't forget to run sh /etc/netstart re0 to apply changes to running system.

Networking (set at startup)

Example 2: configure DHCP for bge0


## file: /etc/hostname.bge0
dhcp

Read the manual: hostname.if(5)

Don't forget to run sh /etc/netstart bge0 to apply changes to running system.

Networking (set at startup)

Example 3: configure wireless


# First, see a list of available wireless networks: 
/sbin/ifconfig iwn0 scan
					
## Configure 'iwn0' using the file: /etc/hostname.iwn0
nwid ACCESS_POINT_NAME
wpakey THE_SECRET_KEY
dhcp

Read the manual: hostname.if(5)

Don't forget to run sh /etc/netstart iwn0 to apply changes to running system.

PF (Packet Filter)

Ruleset: /etc/pf.conf

Useful commands


# Disable PF:
/sbin/pfctl -d

# Enable PF and load the rules:
/sbin/pfctl -ef /etc/pf.conf

# Just load the rules (apply changes):
/sbin/pfctl -f /etc/pf.conf

# View the loaded rules:
/sbin/pfctl -s rules

Read the manual: pfctl(8)

PF ruleset sample


## file: /etc/pf.conf
# Protect a laptop (allow only ping/ssh from anywhere)
set skip on lo
set fingerprints "/dev/null"
block log all
pass in on egress inet proto icmp all icmp-type echoreq
pass in on egress inet proto tcp from any to any port ssh
pass out

Read the manual: pf.conf(5)

Debug PF with tcpdump


/usr/sbin/tcpdump -nettti pflog0

Read the manual: tcpdump(8)

PF User's Guide

http://www.openbsd.org/faq/pf

Manage users


# Manually
/usr/sbin/user [add|del|info|mod] foobar

# Add users interactively
/usr/sbin/adduser

# Remove users interactively
/usr/sbin/rmuser

Read the manual: adduser(8)

Manage Groups

File: /etc/group


/usr/sbin/group [add|del|info|mod] foobar

Members in wheel group can use su(1) to become root.

Read the manual: group(8), group(5)

sudo replaced with doas(1)


## file: /etc/doas.conf
# Permit the user 'Marc' to reboot the box
permit nopass marc as root cmd /sbin/reboot

# Marc can now reboot the box:
$ /usr/bin/doas reboot

Read the manual: doas(1), doas.conf(5)

Try doas mastery website

Install Packages


# Method 1: using the PKG_PATH environment variable
export PKG_PATH=http://fastly.cdn.openbsd.org/pub/OpenBSD/%c/packages/%a

## Method 2: use the file /etc/installurl with the following contain:
https://fastly.cdn.openbsd.org/pub/OpenBSD

# For example, you can add Package Manager:
/usr/sbin/pkg_add pkg_mgr

Some packages provide configuration and other information in the directory /usr/local/share/doc/pkg-readmes. Read the manual: pkg_add(1), installurl(5)

Packages


# List packages installed:
/usr/sbin/pkg_info

# Show the files within each package
/usr/sbin/pkg_info -L foobar

# View install-message for a specific package:
/usr/sbin/pkg_info -M foobar

Read the manual: pkg_info(1), packages(7)

Packages (continued)


# Delete a Package:
/usr/sbin/pkg_delete foobar

# Delete unused dependencies:
/usr/sbin/pkg_delete -a

# Delete all except 'nginx':
/usr/sbin/pkg_delete -X nginx

Read the manual: pkg_delete(1), packages(7)

Install non-free firmware packages


/usr/sbin/fw_update

Firmware is downloaded from release-specific directories at: http://firmware.openbsd.org/firmware/

Read the manual: fw_update(1)

Manage daemons, services

File: /etc/rc.conf.local


/usr/sbin/rcctl [enable|disable|start|stop|reload|restart] foobar


# For example, to start the apmd(8) daemon for CPU scaling, you might do:
/usr/sbin/rcctl enable apmd
/usr/sbin/rcctl set apmd flags -A
/usr/sbin/rcctl start apmd

# For example, tune ntpd(8) to try to set the time immediately at startup:
/usr/sbin/rcctl enable ntpd
/usr/sbin/rcctl set ntpd flags -s
/usr/sbin/rcctl restart ntpd

Read the manual: rcctl(8)

Run a script at startup

File: /etc/rc.local

Read the manual: rc.local(8)

Update OpenBSD (-stable)

Any security or reliability fixes can be found at:
http://www.openbsd.org/errata.html

Errata patches are generated for the 2 last releases (6.2, 6.3).

Update OpenBSD (-stable), the tools

Use syspatch(8) to update your kernel and userland, available for the last 2 release.

You can also use the openup tool from M:tier to update packages and the base system.

Upgrade OpenBSD

To upgrade 6.1 to 6.3, you need to follow instructions:

http://www.openbsd.org/faq/upgrade62.html
&
http://www.openbsd.org/faq/upgrade63.html

OpenBSD Filesystem

The most important

/	Root directory
/home	User home directories
/root	Default home directory for the superuser
/mnt	A temporary mount point

OpenBSD Filesystem (continued)

/etc	System configuration files and scripts
/etc/examples	Example configuration files for base system daemons
/etc/skel	(dot) files for new accounts
/etc/signify	Key files used for signify(1)

OpenBSD Filesystem (continued)

/tmp	Cleaned after a reboot
/var/tmp	Symbolic link to the system /tmp
/var/log	Log files
/var/run	pid, socket files, utmp, dmesg.boot

OpenBSD Filesystem (continued)

/var/db	Database files
/var/www	Configuration files for httpd(8)
/var/www/htdocs	Web repository for httpd(8)
/usr/local	Used for third packages installed
/usr/src	BSD and/or local source files

Read the manual: hier(7)

OpenBSD Kernels

/bsd
Pure kernel executable (the operating system loaded into memory at boot-time).

OpenBSD Kernels (continued)

/bsd.booted
Pure kernel executable, a resume from hibernation (handled by the bootloader).

OpenBSD Kernels

/obsd
Old kernel, next boot it will use the new kernel /bsd (kernel relinking).

OpenBSD Kernels (continued)

/bsd.sp
Pure kernel executable for single processor.

OpenBSD Kernels (continued)

/bsd.mp
Pure kernel executable for multiprocessor machines.

OpenBSD Kernels (continued)

/bsd.rd
Installation kernel. The built-in RAM disk contains utilities which can be run without an external file system, so this kernel is useful for limited system maintenance too.

Tune the system

sysctl(8) get or set kernel state
config(8) modify a kernel

Setting laptop hibernation (sysctl)

machdep.lidaction=0 # do nothing
machdep.lidaction=1 # suspend
machdep.lidaction=2 # hibernate

Maintenance

`pkg_check -F`	Check the filesystem for random objects
`dmesg -s`	Review rc(8) system startup messages
`ldd foobar`	List dynamic object dependencies
`df -h`	See disk usage
`top -s .1`	Check load (cpu/mem)

Read the manual: pkg_check(8), dmesg(8), ldd(1), ldd.so(1), df(1), top(1)

Some useful packages

screenfetch	Display system information in the terminal
w3m	Text-based web browser
pstree	List processes as a tree
tmate	Share your terminal on the web without open any ports
testdisk	Scan and repair disk partitions

Presentations & Papers

http://www.openbsd.org/events.html

Need more help

FAQ: http://www.openbsd.org/faq/
Manual page: afterboot(8)
IRC Channel: #openbsd
Mailing list: misc@

Supporting OpenBSD

Donations

OpenBSD Foundation

OpenBSD Store

** Bonus

Join us on Telegram!

** Gift!

Let's build a full OpenBSD mailserver together!

Learn to tame OpenBSD quickly.

History

Why use OpenBSD

OpenBSD innovations

OpenBSD manual pages (web)

OpenBSD Version numbers

OpenBSD's Flavors

Installation

Auto-install

Networking (Files)

Networking

Networking (Routing)

Networking (set at startup)

Networking (set at startup)

Networking (set at startup)

PF (Packet Filter)

PF ruleset sample

Debug PF with tcpdump

PF User's Guide

Manage users

Manage Groups

sudo replaced with doas(1)

Install Packages

Packages

Packages (continued)

Install non-free firmware packages

Manage daemons, services

Run a script at startup

Update OpenBSD (-stable)

Update OpenBSD (-stable), the tools

Upgrade OpenBSD

OpenBSD Filesystem

OpenBSD Filesystem (continued)

OpenBSD Filesystem (continued)

OpenBSD Filesystem (continued)

OpenBSD Kernels

OpenBSD Kernels (continued)

OpenBSD Kernels

OpenBSD Kernels (continued)

OpenBSD Kernels (continued)

OpenBSD Kernels (continued)

Tune the system

Setting laptop hibernation (sysctl)

Maintenance

Some useful packages

Presentations & Papers

Need more help

Supporting OpenBSD

** Bonus

** Gift!

Thank you.

Feedback: contact@