Pro-active security – it sounds pretty buzzwordish, but that’s what the OpenBSD team strives for. The small group of developers, led by the outspoken and often controversial Theo de Raadt, has a lofty goal: being “number one in the industry for security”. Given that OpenBSD has only suffered two remote exploits in its default install, in almost a decade, they’re clearly doing a good job. And many of the technologies that originated in OpenBSD, such as OpenSSH, are supplied as standard in Linux distros today. OpenBSD has always been the most conservative of the BSDs, not running on 57 platforms like its father NetBSD, or aiming to be a powerful x86 server and workstation OS like FreeBSD. Instead, the OpenBSD hackers focus on producing a small but highly audited codebase, suited for running on low-end servers, firewalls and routers. Some people run OpenBSD on the desktop, but its x86 hardware support and performance lags behind Linux by some way.
Installation-wise, OpenBSD 5 doesn’t differ from its predecessors: you’re asked a bunch of questions at a text prompt, and that’s it. You certainly need prior Unix/Linux knowledge to get through it, but the prompts are sufficiently detailed and once you’ve done a few OpenBSD installations over the years, it’s blissfully quick and simple – you can just hit Enter most of the time.
What’s in the box?
What you’re left with after installation is an extremely tight, compact system with few services enabled, and optionally the X Window System (if you selected it during the installation phase). OpenBSD assumes that you know exactly what you’re doing, and doesn’t try to second guess you. So you have a minimal shell and a basic set of command-line utilities, accompanied by absolutely brilliant manual pages. The OpenBSD team puts great emphasis on documentation, with all tools and configuration files explained extremely well, and there are general guides as well (eg: manual pages for “afterboot” and “security”, explaining what to do after installation).
Being a POSIX-ish OS with X, OpenBSD runs just about everything you can find on Linux – at least, from the open source world. So you can install Apache, MySQL, GCC, KDE, Gnome and plenty of other apps. The biggest changes in 5.0 are new hardware drivers, Wake-on-LAN support for various network chips, faster kernel randomization (used for network security), SCSI improvements and enhancements to the pf packet filter.
So it’s a careful, evolutionary release, but that’s exactly what OpenBSD users want. And in the end, OpenBSD is ideally suited to quiet, no-frills jobs – chugging away as a firewall, router or server, making you feel pretty confident that it’s not going to fall over or get hacked at any moment. It doesn’t try to be anything more than it is, and we admire it for that.