Linux fans love to tout their system’s security, but for one group of BSD developers, it doesn’t go far enough. One version of BSD, OpenBSD, claims to be one of the most secure operating systems around. Does it live up to the hype? Let’s find out.
What Is OpenBSD?
OpenBSD is an open-source operating system based on the “Berkeley Unix” strand first developed in the 1970s. It’s a lot like Linux, but there are some important differences. While Linux distributions ship with the kernel and various other utilities, OpenBSD is developed as a complete system. As of this writing, the current version is 7.0.
OpenBSD is well-known for its emphasis on security. The project’s website touts that only two remote holes have been found “in a heck of a long time.”
The OpenBSD project attempts to create the most secure operating system by extensive code auditing, combing through their code line-by-line, looking for bugs. They claim on their web page that they’ve found entire new categories of security bugs auditing their code this way. They have also implemented a lot of techniques to attempt to thwart exploits, with their homepage detailing all the technical gory details.
The most distinctive element to outsiders is OpenBSD’s theming of its releases. Their releases have included designs and even songs based on pop culture, including “Ghostbusters” and “The Hitchhiker’s Guide to the Galaxy.” All of this artwork includes the company’s mascot, Puffy the pufferfish.
Despite OpenBSD’s commitment to security, the project doesn’t appear afraid to show its playful side. The project’s emphasis on security has made it popular for applications that depend on security, such as routers. OpenBSD’s approach to security seems to be, “If you want it done right, do it yourself.”
They’ve written their own C library, their own firewall, PF, and even their own HTTP server. They even have their own sudo alternative called doas. OpenBSD’s programs are even widely used outside of OpenBSD itself. The most visible projects in other Unix/Linux distributions include OpenSSH and tmux.
History of OpenBSD
OpenBSD was founded by former NetBSD developer Theo de Raadt after disagreements with the development team culminated in de Raadt being asked to resign. So in the great tradition of open source software, he created a fork of the project. The project has grown over the years to over 50 versions, released about every six months.
Based in Canada (where de Raadt lives), OpenBSD is exempt from the export controls on cryptography that an organization based in the US would have to adhere to. According to a map of OpenBSD’s developers’ locations, most of them are still based in North America and Western Europe.
OpenBSD may date from the ’90s, but its lineage dates all the way back to the late ’70s as the Berkeley Software Distribution from UC Berkeley.
You install OpenBSD in much the same way you would install any other Linux distribution: by downloading the installation media and booting your machine with it.
Immediately, you’re faced with the installation process. It seems to embody some of the aspects of OpenBSD itself: it’s terse, text-based, and doesn’t seem to hold your hand very much. It, like the system, is geared toward experienced Unix users and admins. It still works through many of the same processes and any other Unix or Linux system: you partition your hard drive and install packages.
If it’s your first time, the best method is to just install everything. This makes sure you won’t miss anything, and disk space is cheap these days anyway. Afterward, you’ll install the bootloader and boot into your new OpenBSD system.
Package Management in OpenBSD
Using OpenBSD is very similar on the surface to using a Linux system. Unlike Linux, the default shell is pdksh, a variant of the Korn Shell, which has features quite similar to Bash.
By default, OpenBSD boots to a console interface. This is just fine if you’re planning to use it as a server, as you can run “headless” this way and connect to it over the network, but you can run it as a desktop if you really want to.
For installing outside packages, OpenBSD has its own package manager. The pkg_add command adds packages, while pkg_delete removes them. The /etc/installurl file controls which mirror OpenBSD will look for to find packages.
For example, to install a package, as root, type:
OpenBSD as a Desktop?
While OpenBSD is popular in server applications, you can run it as a desktop as you would with a Linux system. You can install an X Window server with the FVWM desktop by default.
As with the other choices in NetBSD, this appears very old-school and Unixy, the way the developers want it. You can install other window managers and desktops that you may prefer using the package manager.
The system comes with the xenodm display manager, which is what the documentation recommends you use to start X. The installation program will also helpfully offer to start it automatically. You could start X without a display manager using the “startx” command, but this appears to only work using the root account. This might be another one of OpenBSD’s “secure by default” design decisions.
You’re Using OpenBSD, Even if You’re Not Using OpenBSD
As mentioned earlier, the influence of OpenBSD extends far outside the people who actually use it, through a number of open-source projects.
The most visible of these is the OpenSSH, which provides SSH connectivity for most open source operation system distributions. Because of its BSD-licensed code, it’s also used in a lot of commercial products because it doesn’t require you to disclose the changes to the source.
The homepage also notes that a lot of companies don’t contribute funding (the lack of funding of which was blamed for the Heartbleed bug), and perhaps out of an attempt at subtle shaming, helpfully indicate that funding can be directed to the OpenBSD Project.
Another widely used project is the terminal multiplexer tmux.
Should You Use OpenBSD?
You may be wondering if OpenBSD is for you. If you prefer a simple, “Unixy” approach to system administration, you may enjoy OpenBSD, particularly if you’re comfortable using the command line. If you’re concerned about security, you’ll also like OpenBSD, because the developer community is so obsessive about it.
The main issue will be hardware support, especially if you intend to run it on a desktop. While OpenBSD runs on a number of architectures, you may find your choice of drivers limited, which is something that the other BSDs and even Linux distributions share. Hardware support, at least for Wi-Fi and graphics adapters, seems to be more available on Linux.
OpenBSD Is One of the Most Secure OSes Available
With its focus on security, OpenBSD is worth checking out for any serious Unix/Linux fan. Even if you don’t use it every day, every project can learn something from its design.
If you’re interested in other BSD systems, you should consider NetBSD, which is well-known for its portability to different machines.
When it comes to a portable and reliable operating system, nothing beats NetBSD.
About The Author