Absolute OpenBSD
Unix for the Practical Paranoid
Michael W. Lucas
Published by No Starch Press
Advance Praise for Absolute OpenBSD, 2nd Edition
Michael W. Lucass books are good enough to raise national productivity statistics. Every copy of OpenBSD should be bundled with this book.
RICHARD BEJTLICH, CSO OF MANDIANT, TAOSECURITY BLOGGER, AND AUTHOR OF THE PRACTICE OF NETWORK SECURITY MONITORING
After 13 years of using OpenBSD, I learned something new and useful!
PETER HESSLER, OPENBSD JOURNAL (UNDEADLY.ORG)
The OpenBSD world, myself included, has been waiting for an update to Absolute OpenBSD for years. Michael W. Lucas tackles OpenBSD topics in ways that are bound to inspire the learner and warm the hearts of Unix greybeards.
PETER N.M. HANSTEEN, AUTHOR OF THE BOOK OF PF
Michael W. Lucas is a laypersons tutor, sitting next to you in front of an OpenBSD box and working through the same issues the average sysadmin does.
GEORGE ROSAMOND, FOUNDING MEMBER OF THE NYC*BSD USER GROUP
Whether you are an experienced OpenBSD user seeking a functional desk reference or a new OpenBSD user seeking to gain the knowledge necessary to become an expert, then Absolute OpenBSD is the book you have to have.
CHRIS SANDERS, AUTHOR OF PRACTICAL PACKET ANALYSIS
The second edition of Absolute OpenBSD delivers an updated tour of OpenBSD with great attention to detail and zero hand-waving. Mr. Lucas and No Starch Press have once again demonstrated exemplary respect and loyalty to OpenBSD and the BSD community.
MICHAEL DEXTER, CALLFORTESTING.ORG
For Liz
About the Author
Michael W. Lucas is a network/security engineer who keeps getting stuck with the problems nobody else wants to touch. Hes been using BSD since the days it came from Berkeley, and today uses OpenBSD for mission-critical infrastructure. You can find Lucas roaming around Detroit, Michigan, or teaching tutorials at tech conferences. Hes the author of the critically acclaimed Absolute FreeBSD , Network Flow Analysis , Cisco Routers for the Desperate , and PGP & GPG , all from No Starch Press.
Find his website and blog at http://www.michaelwlucas.com/ , or follow @mwlauthor on Twitter.
About the Technical Reviewer
Peter N.M. Hansteen is a consultant, sysadmin, and writer from Bergen, Norway. During recent years he has been a frequent lecturer and tutor with emphasis on OpenBSD and FreeBSD, as well as the author of several articles and The Book of PF (No Starch Press, 2010). He writes about OpenBSD and rants about other IT topics at http://bsdly.blogspot.com/ .
Foreword
I got my OpenBSD account as a developer in 2002, more than 10 years ago. Over this time, quite a number of OpenBSD-related books have been published. Some were actually good, but many were not and were full of factual errors. I kept asking myself (and others) why these authors never approached us for fact-checking before publishing.
I have known Michael for a long time as wellmany, many years. Both of us frequently visit BSD-related conferences, and we often end up having a beer together, which is always fun. I did read the first edition of Absolute OpenBSD when it was published, a long time ago, and quite frankly, I dont remember anything from it. Thats a good thing in this case, because I would have remembered if it had been bad. I have recommended it as an introduction to OpenBSD a couple of times.
So when Michael approached me asking whether I would be willing to fact-check the second edition of Absolute OpenBSD and provide feedback, I happily agreed.
I have done the reading on airplanes almost exclusively, and one day when I had to fly to Helsinki, I had no chapters left to read. That ended quite badly, with a WWII bomb leading to Frankfurt Airport being closed for a while, the aircraft I was supposed to fly in being identified as defective, and, of course, bad weather causing massive delays. While that was coincidence, of course, the rumor was out that I couldnt fly without a chapter from Michael.
Now that I am long done with reviewing, I have survived many flights without chapters to read over, but Absolute OpenBSD made long hours up in the sky much more enjoyable for me. Michael has a writing style that I really likesnatchy, funny, and still precise and to the point. Dont skip the footnotes!
In the end, I contributed only a tiny share to this book, but I enjoyed doing so a lot. I hope you enjoy reading it as much.
Henning Brauer
OpenBSD PF developer
Acknowledgments
The world has changed in the 10 years since the first edition of Absolute OpenBSD came out. I used to have hair, for one thing. In 2003 OpenBSD was somewhere on the edge of open source software, known mainly for an uncompromising, fanatical view of computing security and correctness. So uncompromising that other open source projects didnt want to work with it. But a funny thing happened in the following decade: The uncompromising fanatics turned out to be right. More than once Ive heard Thats fixed in the latest Linux, and in OpenBSD 3.2. OpenBSD code trickled into other BSDs, Linux, and even some commercial operating systems. Apple and BlackBerry products include the OpenBSD packet filter. Lots of BSDs support the OpenBSD wireless utilities. And everyone runs OpenSSH. So, the first people I have to thank are those who wrote all this code. Its one thing to give a gift to the world, but when everybody and their pet orangutan has posted their code online, its another thing when your code is picked up and used dang near everywhere. Well done, guys.
I specifically want to thank Peter Hansteen and Henning Brauer. Henning read the early drafts of this book and pointed out innumerable errors and opportunities for improvement. Peter, the official tech reviewer, had the job of double-checking all the facts and finding what Id broken when trying to incorporate Hennings suggestions. While all the OpenBSD folks were friendly and open, these two sank deep into this book and didnt come up for air until it was done. When you see either of them, please buy them a beer. Theyve earned it.
As always, No Starch Press does a great job producing books. Their indefatigable quest for making everything both correct and pleasing has made this book more than I thought it would beas usual. Someday Ill consider that excellence routine and, as a result, will be much less impressed when they retain their high standards. But the day their quest for perfection bores me has not yet come.
iXsystems provided me with hardware for testing this book. The way to really test an operating system is to push it to its limits. The only way to really find those limits is to exceed them. Preferably as greatly as possible. I used and abused that poor server, folded and spindled and mutilated it, and the blasted thing still ran. (The machine did finally fail, mind you, when I ripped out the hard drives as it was running. Thats probably considered cheating, but I had to test the software RAID chapter.) I greatly appreciate iXs support. When iXsystems says their hardware runs BSD, they mean that theyve actually used it. In production. For real work. Not just my puny little website and blog.
My blog readers and Twitter followers made researching this book much easier than it could have been. When I throw out a question, someone knows the answer. I try to reward them by throwing out facts, tutorials, observations, and random ranting as well as questions. Check http://www.michaelwlucas.com/ for links to these and more.