Becoming more and more security-aware, I was a bit shocked at how lax the default firewall setup in Debian is. Granted, in FreeBSD one has to toggle PF manually and write the first ruleset by hand. Both UFW and PF can of course be configured during install time already and the rules made strict. That’s beside the point though, because there exists an operating system that focuses on security much more – OpenBSD.
I used to read about OpenBSD here and there (mostly good things). Thanks to it we have OpenSSH and the LibreSSL cryptographic protocol. However, last time I booted the liveCD, it was quite daunting. I embraced the command line long ago, though OpenBSD still proved to be more challenging than I had anticipated. It was really a new and alien environment. Nevertheless, I decided to roll out an install on one of my legacy i386 computers – Dell Latitude E5500, sporting the 2.00 GHz Intel M processor. Not the fastest steed in the stable, though a perfect machine to test OpenBSD on!
The installation was quite uneventful, except for perhaps the weird CLI to fdisk and the overall dated looks. “Vanilla” OpenBSD runs FVWM on top of Xenocara (hardened X11 without 3D acceleration), which can be installed as one of the initial software sets to get a graphical user interface quickly. The XDM display manager was a welcomed addition, too. Surprisingly, OpenBSD is one of the very few operating systems that include a graphical user interface by default. It looks old in 2016, though I still remember the fun I had with Windows 3.11. Alas, there is no rose without thorns as they say…
…I plugged in my USB mouse and it didn’t work out-of-the-box. Quite the surprise, since the trackpad worked without hustle. Even FreeBSD provided me with a functional cursor already in the console. It seems that OpenBSD is a different beast altogether and requires some tinkering. Another surprise came later. OpenBSD has a very limited package management system. There is pkg_add to install software packages and a set of other pkg_* tools to get around the repositories. However, querying seems to be missing. Of course, one could pull in the Ports Tree and do everything there. Eventually, I’ll get to that. Still, the official documentation mentions that “regular” users better use binary packages.
More on the topic of the Ports Tree, forget everything you’ve learned from Gentoo or FreeBSD. OpenBSD’s system is more akin to CRUX Linux. To get wanted features no magical ncurses menu will help you. Embrace the Makefile. You’d better! Similarly, there is no official “apt dist-upgrade” or “freebsd-update” system update tool. Patches have to be downloaded, extracted and applied manually. Extremely daunting, no? Thankfully, some kind souls from M:Tier provided alternative means of upgrading OpenBSD systems with “openup” (more on it here) In general, there is a noticeable lack of automation many people might take for granted. For me that’s not really a problem, because I am willing to learn and read. Still, the learning curve is very steep indeed!
All in all, OpenBSD is an interesting operating system. It’s extremely minimal so that even very dated hardware can be used effectively. Also, the manual pages are absolutely unmatched. I learned a lot about windowing and display management just from reading the xdm manpage. On the other hand, OpenBSD is in dire need of extra manpower to make the project more noticeable.