OpenBSD Journal

OpenBSD books, what would you like to see?

Contributed by jose on from the publish-or-perish dept.

Anonymous (but easy to guess ...) writes:
"If you walked into a bookstore and saw a book with OpenBSD in its title, what would you expect to see in it? This is a serious question, as I have been asked to write a proposal for such a book, and if it is accepted by the editors, it should see the light of day in a few months. Now is your time to speak up and make it your book."
I know of at least two books being written on OpenBSD, and when the time comes the announcement for the second will be posted. However, whenever I talk about books with people some really good ideas come out of the woodwork. Anyone care to suggest a few topics?
Update An anonymous reader has pointed us to this Slashdot story which mirrors this one. More ideas listed there.

(Comments are closed)

  1. By Peter Hessler () on

    Books that deal with security, how and why (and why not). Graphic, gory details. Firewalling, how and why. Network stability, etc, etc. Proper techniques for damn near everything. How to be paranoid, and not deserve to be locked in a padded room.

    1. By Anonymous Cowherd () on

      I agree wholeheartedly. What I find interesting is that OpenBSD has been, for myself and many others (and perhaps despite, rather than because of Theo's intentions), an excellent "newbie" system for those just migrating to *NIX. There are plenty of "For Dummies" guides out there (Firewalls with Linux & OpenBSD comes to mind), but nothing equivalent to, say, the old Tandy manuals that got me (and plenty of others) to speed with MS-DOS back when. [Thinking the "Big Gray Books," here.]

      Topics I'd like to see covered in a "smart newbie's guide" include-

      *Logging - Proper/sane configuration.

      *Standard cron jobs/security checks - How to use them to your advantage (and avoid freakouts of the change-detection system on upgrade ;))

      *Basic mail and appropriate policies - How to put the local mail services to use, and ensure send-pr produces a sane origin, etc.

      *Cutting down the system - people often say, "Why would you keep a compiler on your webserver?," but knowing how to strip down an installation - while still keeping it manageable and patchable - is an art that takes a while to learn, and even worse are the tutorials that get it wrong...

      *SSH key management/alternative authentication techniques, with "real world" examples. (Demonstrate authentication techniques for an internal LAN - Kerberos?, external users - SSH, web authentication, etc, and VPN clients?)

      A lot of the networking stuff has been well-covered, kernel-hacking is another bag of worms... but the middle ground to get one making intelligent administration decisions is a bit lacking.

  2. By Hugo () on

    I guess I ll state some obvious stuff + a few things that may or may not be on your list.

    0.5 History...

    1. Something about the "architectural" philosophy... the deisgn choices and headings.

    on the pratical side:

    2. Security practices.

    3. Install options (network installs/"cloning"... and other interesting intall issues and methods)

    4. Good Obsd Admin practices (use of basic system services)

    and this is is the thing I would like to see in an openbsd book:

    5.Ports and packages... insights on porting applications maintaning ports and using them... Atleast a quick look at how to "custimize" a port build... Another at the basics of planning a port/package...

    Good luck with the book... You can be sure I ll have one sitting beside my server-racks when it comes out!

  3. By Jim () on

    I would like some solid details on how to contribute for one thing. That is, how to create/maintain ports/pkgs or submit documentation. I would also like to see information of tracking stable/current, how, when, why. Maybe information on using oBSD as a desktop OS (I run it on four machines this way). Some good info on RAIDFrame setup/usage would be great. Obviously some coverage of the latest pf with altq would be good. I would skip the basics and instead point to the man pages. But I guess "basic" is relative... ;-)

  4. By submicron () on

    Since the largest complaint I see from OpenBSD newbies revolves around how difficult it is to use. Now, I'm not going to argue this point, but it would be interesting to have a book (or even a decent website) containing the ideas and methodology behind setting up various systems under OpenBSD. I realize that some of these resources already exist in some form or another, however many of them are incomplete and/or drastically out of date. Specifically, sections of the book should cover:

    1 - The best methodology for setting up a firewall/NAT gateway using OpenBSD. This would cover the installation of OpenBSD, which packages are necessary, which aren't. System hardening specifically for use as a firewall. Pf overview, including intelligent rule-set creation.

    2 - The best methodology for setting up a general purpose network server using OpenBSD. Since many people are looking for alternatives to Microsoft, this is a chance to put OpenBSD on the map. Again, installation procedures and intelligent system hardening techniques and configuration should be discussed. Then the installation and maintenance of network servers and services. These should include: DHCP, Apache (covering the fact that Apache is now chrooted and how to deal with this fact), Postfix/Sendmail, Samba (even if you hate it, its still widely used), NFS, NIS, NTP etc.

    3 - Setting up a NIDS using OpenBSD. Since security is the big selling point here, why not go into detail about how to intelligently set up security infrastructure using OpenBSD. How to configure systems to serve as NIDS monitors or central log hosts. Tools like Snort, Samhain, Tripwire or Shadow could be discussed even sample configurations could be used as examples.

    4 - Setting up VPN Gateways using OpenBSD. This probably ties in with the firewall/NAT gateway section, but doesn't necessarily have to. There are lots of questions on the mailing lists revolving around the best way to set up a VPN using OpenBSD. The process isn't difficult, but it would be helpful, especially for newbies to have a detailed discussion of how to set up a VPN Gateway under OpenBSD.

    5 - Intelligent maintenance of OpenBSD machines. Installation of patches (believe me, this can be very daunting for a newbie the first couple of times), log file review, and resources for learning more about OpenBSD should be covered here.

    I'm sure there are other sections that could fit in here, but these are all the ones that immediately come to mind. The goal here would be twofold - to lighten the load of questions to the mail lists and to ease the path of OpenBSD adoption by Windows and Linux users. A book containing this information would be extremely valuable to anyone running OpenBSD.

    1. By consultant () on

      This comment pretty much touches on everything I would want in a book, so I am going to cop out with a "mee too!" post.

      VPN would be on top of the list. Lots of people want to know how to do this right (at the gateway, preferrably).

      Samba is next, as it relates to OpenBSD (ie, security). These are things that are explained elsewhere, but not necessarilly with the semi-paranoid bent that makes OpenBSD so valuable.

    2. By consultant () on

      To add to my previous post, one major sticking point is the maintenance.

      What are best practices for the day to day operation (in a perfect world, this is short, but in this world its not).

      How do you make sure your system stays up-to-date without being in a situation while you are always trying to fix problems caused by your last problems. eg, I set up a firewall gateway with Open, no problem. I set up a FreeBSD gateway to try something new, and it worked. Then I did a make buildworld, and ipfw no longer worked. At that point, I did some extensive googling, couldn't find the solution, so I wiped it and went with Open again. Only took an hour, which is significantly less than the time I would have spent fixing my FreeBSD.

      So I want to keep on top of things, be proactive and follow best practices, but its not worth it if that causes the system not to function correctly.

    3. By Anonymous Coward () on

      seems like everything thats come after this one has been a repeat of this post. heh

    4. By Yves () on

      Please add to this excellent list a chapter on helping a newbie to set up OpenBSD/KDE as a desktop PC. I'm currently attempting to do this and struggling to get going. By comparison, it was very easy to get running on Red Hat 8.0 and I am writing this message on the Red Hat system.

      1. By Tommy () on

        Oh, how I agree! I bought the 3 CDs from 3.0, printed out tons of various manpages and websites' help tips, consulted several (oldish) *nix books, and followed the "typical" install procedure from the CD insert twice; I still can't get KDE. An easy install procedure with some GUI default (with all requisite warnings on security compromises) might go along way towards familiarizing newbie MS & Mac converts.

      2. By joema () on


        Installing OpenBSD needs a little patience, can you give me on what step did you have any problem. Also note that it is very important that you have to configure your mouse driver before you can start configuring the KDE in OpenBSD.


  5. By I'll buy one () on

    The world needs a way out of the Microsoft domination, and with the execlent man pages, and stability of OpenBSD, it makes a great avenue. Depending on the target audience (users who want to move to a non MS world, but have no clue on the options), a howo to book would be great.

    On the other hand, Administering OpenBSD systems would be a worthwhile title as well. Talk about why telenet is insecure, show how ssh steps in and give examples of how to set up a sftp server in place of an anon ftp server. Make sense out of the VPN documentation, give examples of how to use pf in various situations. How to use apache in the chroot jail.

    I have all three editions of Nemeths Unix Administration books, what I would like is a version for the Unix I use, OpneBSD.

    1. By zil0g () on

      why would I want to use sftp in place of anon ftp, to burn more cpu cycles?
      to get rid of ftp(d) - and all the crazy firewalling that goes with it - I use a cgi program to upload files, works over plain http for anon uploads too

    2. By Anonymous Coward () on

      A major barrier to widespread use of OpenBSD by migrants from MS is that there is no comprehensive howto in a single convenient location.

      An official handbook (covering installation and configuration) would be very useful to newbies.

  6. By Dan () on

    Contrary to other OpenBSD newbies, I've found that OpenBSD tends to be relatively straightforward to set up and maintain compared to other BSDs and Linux distros. I credit the usually excellent man pages (afterboot!) and documentation on the OpenBSD website.

    I was able to pry my way into OpenBSD from an unlikely place: the Complete FreeBSD.

    Yes, the Complete FreeBSD may not map closely to OpenBSD, and (at least in my edition) some of the tools are out-of-date, but it was a good place to start, mostly because it gave me enough history so that I could put the entire system in context.

    So mostly, I would like to see a book that gave the reader some insight into the OpenBSD philosophy (beyond "Theo had a fight. Hence OpenBSD."), and explained the system architecture. Also, a bit about OpenBSD best practices might be good, because from what I can tell, the OpenBSD community tends to regard what other communities consider "best practices" not to be just bad, but plain idiotic.

    Oh, yes, and maybe a preface that says something to the effect of "think about your questions before you ask them. Like any system, OpenBSD can't compensate for a bad sysadmin. If you ask a stupid question, be prepared to be reminded of this fact. This can be hard for newbies, so sometimes you just need a thick skin."

    1. By Anonymous Coward () on

      I second the fact that OpenBSD is easy for newbies. At least the newbies that read the FAQ and docs first. I spent two days reading the FAQ and lots of other docs and examples until I understood it and all was (mostly) OK on my first install. Only problems I had were with getting pppd to work which meant a lot of swapping the modem on to my old wintel box until I got it working. I would have loved a physical book to hold and read that explained how to get that running.

      To save the irritation of experts and roasting of newbies who don't read, I'd like to see a chapter on common blunders and gotchas (I mean subtleties, quirks and pitfalls ;) that people learn after long enough but really aren't that obvious the first few times. Accidentally putting a hole in your firewall rules comes to mind (not that I did that the first time or anything....)

      1. By Alison () on

        Yeah i found it pretty easy too. Only problems i had were disklabel (where the documents/manpage really weren't clear on telling you it was working with blocks by default and not MB) and ppp also. I did the modem switcheroo thing until i just gave up and wrote a shell script that piped commands into ppp and suspended it manually... Left it running in the background of a login process because there was just no way i could get it to work with a config file. I can't even imagine what it'd be like to try install DSL or cable.

        I think the book would need two main sections - one for the home user who's using it in a network of five or less machines as a gateway/firewall or a desktop; and one for the business user who's using it as a firewall in a much larger network, someone who needs load balancing and is dealing with different subnets and so on. There is a very, very different approach, and a very different set of apps needed for each use.

  7. By Anonymous Coward () on

    I would like to see some background on who is doing a ll this great stuff. Then you could cover the "great controversies" - ipfilter, djb, elliptic curve and sun, and whatever else gets 50 or more responses on @misc. No shortage of opinions or flamage there.

    1. By DC () on

      No publisher would commit to a book of 1000 pages, and you would need insurance to cover hernia claims. But it would be fun.

      1. By Shane J Pearson () on

        No publisher would commit to a book of 1000 pages, and you would need insurance to cover hernia claims. But it would be fun.

        I have some books that are over 1000 pages. Mac OS X Unleashed is almost 1500.

    2. By Anonymous Coward () on

      what would it's title be?

      Fight Club: A day in the life of

  8. By CR () on

    Jerry Pournelle used to write a colum in Byte magazine on a users perspective. Just reading his experiences made you understand and laugh sometimes. A book on how someone learned the ropes, got started, got burned, did better.

    1. By Anonymous Coward () on

      Is that not kind of what you are reading now?

  9. By Anonymous Coward () on

    I would love a book on the source tree. Describing how to use, how to compile stuff, where to find stuff etc.

    Kernel definition, I have not been able to find too much information on the kernel internals and architecture. I would pay $100 today for such a book.

    1. By zil0g () on


    2. By Anonymous Coward () on

      the design and implementation of 4.4bsd operating system.

      this book is not 100% relevant anymore. some of it is still very relevant. the vm subsection is out of date cause we use uvm now, its still a pretty good description of how a vm works, so has value nonetheless. the stuff on filesystems is still very relevant. the only major difference is ffs softupdates (and maybe dirpref) but its easy enough to see where that has changed. im not too sure how relevant the networking stuff is but i dont think any major/fundamental changes have taken place (tcp/ip illustrated vol2 is good for network stack info too). for berevity the book largely does not document design decisions, it describes the implementation. if you're interested in the theory behind various choices made, each chapter has a copius reference list, which you can use with citeseer ( to get more info.

      dont forget too :)

  10. By Steve James () on

    1. VPN solutions w/ examples
    2. building custom kernels

    i've read the faqs on nearly everything and these two always give me trouble for some reason, esp. vpn's. all in all though, the main FAQ and man pages are awesome, anything else I have questions on, i can usually find on some generic *bsd site/faq.

  11. By Anonymous Coward () on

    OpenBSD is more than just an Operating System. The developers do a damn fine job of building an Operating System, but what they set out to do was just improve code quality and system usability. Based on that, I'd like to see a book that has at least 2 sections. 1 for developers and one for administrators. The developers section would cover a set of API's that will help program better and more securely. It will cover what API's not to use, since they lead to errors (somewhat covered already in the man pages, but I'm still partial to dead tree manuals). The Administrative portion will cover how to run a system based on OpenBSD. Everything from adding packages (and developing new ones) to configuring firewalls. Tell me how to implement some of the newer fancier features that have been implemented. I want to know more about extended attributes in the filesystem and how I can make use of them. Stuff like that.

  12. By Anonymous Coward () on

    In short, stuff that's not easily explained in the FAQ. (OpenBSD FAQ IMHO is the best!) but of course they can't explain everything.

    I'd like to see more on VPN, upgrading to -stable, IDS/NIDS, Monitoring, etc...

    1. By zil0g () on

      yeah, more, not in the faq.

      lots of comments about upgrading to stable an building custom kernels here, I think that should definately be in the book, and lots of it (it _really_ isn't difficult using 'cvs up' and manually diff out your dmesg from GENERIC).
      but I want to know more about tuning, how those (you know, *those*) values relate to eachother, what they actually ARE etc.
      And what to do when things go wrong, more info about the 'compiler toolchains' the Makefile structure, how to enterpret certain error messages... that is stuff that you simply don't know about the first few times you 'cvs up -d src && cd src/sys/arch/${ARCH}/config && config GENERIC && cd ../compile/GENERIC && make depend && make && cp /bsd /bsd.old && cp bsd /bsd && reboot && cd /usr/src && rm -r /usr/obj/* && make obj && make build && relax'

      Thank you for reading, I will by any book with 'OpenBSD' in the title.

      1. By Anonymous Coward () on

        I'll buy every and any book with OpenBSD in the title too.

        I've bought the 'Building Linux and OpenBSD Firewalls' book just because of the OpenBSD name in there.

        Hope to see more OpenBSD books!

  13. By Anonymous Coward () on

    Just about 99% of what I wanted to do with OpenBSD I was able to find a resource that showed me the way.

    I'd like to see a "OpenBSD as your DeskTop" section in the book.

    1. By Yves () on

      I agree. The book should cover:

      How to set up OpenBSD as a desktop including configuring X Server, installing KDE, Qt, etc. Once installed, how to add other programs. I can easily install Red Hat 8.0 on my laptop but I'm getting nowhere with OpenBSD/KDE.

      Also setting up an OpenBSD firewall/router using the Alcatel USB ADSL modem.

  14. By kremlyn () on

    I'd suggest a large percentage of both the current and potential OpenBSD user base, don't use the OS as a desktop. Sure, it *can* be done, and when you know what you are doing, it's great. However, I feel that OpenBSD use and administration as a network OS is of more importance.

    - Installation (network, cd.. doing "clone" installs to multiple boxes..
    - Kernel Configuration (Including ukc)
    - Firewall/ALTQ (ALTQ and PF is the *MOST* important, IMO)
    - Routing
    - ADSL/PPP
    - Ports/Packages (using/maintaining/creating)
    - NIDS
    - Apache
    - ftpd
    - Mail (sendmail AND postfix)
    - DNS (BIND AND djbdns - people *do* use and like djbdns)
    - VPN's
    - NTP
    - General adminsitration (rc init, rc.conf, rc.local, netstart)
    - CVS to stable
    - Upgrading

    Also, best practices..

    I don't know about anyone else, but, I want a BIBLE.

    1. By paulybumps () on

      I second the motion for a OpenBSD Bible !!!

    2. By Anonymous Coward () on

      Documentation for your list is avaiable from plenty of sources and trivial to achieve. However, if the book is going to merely reflect was had been said before, bookmark the site and leave as is without trying to remake the wheel.

      1. By kremlyn () on

        I understand that this documentation is available from numerous sources. I also believe the manual pages and faq are excellent.

        However, a book that discusses these functions (in much more detail) would be an excellent idea. Sometimes it's handy to have something in print. Also, a consistant, running example, for a complete network design/implementation for a corporate situation would be nice.

        I agree, the above things *are* trivial to achieve, I've been using them for a long time now. However, triviality is relative wouldn't you agree? More experienced people know how to use available resources.. maybe the audience to which this book is to be targeted need something to "set them on their way.. and teach them to research and think for themseves".



    3. By striderfive () on

      but the things I cannot understand are why people would bother including things like apache, sendmail/postfix, BIND, and NTP sections that go beyond "here is where you can pick up the sourceball for [insert software name here].

      there are already comprehensive books on apache, sendmail, and bind. running them on OpenBSD isnt different enough to warrant much mention.

      now, comprehensive sections on PF, routing with OpenBSD, network config, building OpenBSD kernels and software from CVS tree, upgrading/patching. install, and general administration all warrant comprehensive coverage in my mind (among other things)

      if you show people how OpenBSD is different from any other *nix, then all those other comprehensive texts will now be useable to them under OpenBSD

  15. By wsb () on

    books that talk about cultural & philosophical sides of openbsd/unix/...etc

  16. By Anonymous Coward () on

    There are two topics I'd like to see covered. Equal weight to each:
    0. From OpenBSD's perspective many things throughout the system have been changed with correctness and security in mind. But why? What makes it "correct" or "more secure"? There are some situations where it's obvious, but in others it's not (at least ot me). A book of specific things such as detailed explanations of actual diff's between an "audited" OpenBSD functions/calls and the originals would be great. Maybe it all goes without saying once you dig deep enough, but a collection some key examples from someone has has already done the digging could be quite interesting.

    1. Philipp Buhler and Henning Brauer's recent paper on performance monitoring and tuning was a great start, but I'd like to see something with greater depth and weight toward the tuning side.

    1. By Anonymous () on

      0. From OpenBSD's perspective many things throughout the system have been changed with correctness and security in mind. But why? What makes it "correct" or "more secure"?

      One of (many) short answers to this question is better integration and configuration of security components with the rest of the system. Things that are simpler to manage, are also more secure. All things being equal, of course.

      1. By Anonymous Coward () on

        One of (many) short answers to this question is better integration and configuration of security components with the rest of the system. Things that are simpler to manage, are also more secure. All things being equal, of course. It wasn't integration that I was specifically questioning, but I see the relevance of your point... I think, maybe, it's the many short answers to the question that have lead to the desire for something more complete.

    2. By Anonymous Coward () on

      Indeed. I myself would enjoy to read why OpenBSD is considered 'correct' in detail.

  17. By kremlyn () on

    I'd suggest a large percentage of both the current and potential OpenBSD user base, don't use the OS as a desktop. Sure, it *can* be done, and when you know what you are doing, it's great. However, I feel that OpenBSD use and administration as a network OS is of more importance.

    - Installation (network, cd.. doing "clone" installs to multiple boxes..
    - Kernel Configuration (Including ukc)
    - Firewall/ALTQ (ALTQ and PF is the *MOST* important, IMO)
    - Routing
    - ADSL/PPP
    - Ports/Packages (using/maintaining/creating)
    - NIDS
    - Apache
    - ftpd
    - Mail (sendmail AND postfix)
    - DNS (BIND AND djbdns - people *do* use and like djbdns)
    - VPN's
    - NTP
    - General adminsitration (rc init, rc.conf, rc.local, netstart)
    - CVS to stable
    - Upgrading

    Also, best practices..

    I don't know about anyone else, but, I want a BIBLE.

    1. By Anonymous Coward () on

      I agree on the ALTQ & PF!

      Examples along with it too.

      I hope it won't be a book like the ORA BIN 4 book where it's just a copy/paste of man pages.

  18. By Anonymous () on

    I love your comments and suggestions. What I have in mind is a book for, shall we say, "intermediate" users, who know UNIX and TCP/IP networking, but want to know how to apply that knowledge to OpenBSD, how to use OpenBSD in their networks (for security, serving, workstations, ...), how to administer OpenBSD, how to secure networks with OpenBSD, etc. I am also thinking of adding information about CVS, and programming, as some of you suggested.

    If my proposal is accepted, and I start writing this book, I will be asking more questions and will let you know about my progress. Thanks!

    1. By W () on

      This sounds great! :-)

      But who are you?

  19. By Anonymous Coward () on

    i would like to see information on using openbsd in large environments (say greater that 25/50 installs)

    - customising installations (ala solaris jumpstart).

    - patch management

    - different authentication methods (eg x9.9 tokens, skey, radius etc)

    1. By Matthew Emmett () on

      I'd love to see some stuff about account management and authentication issues too.

      NIS, LDAP?

      1. By zil0g () on

        NIS, LDAP,KERBEROS,IPSec + vpn - I would love to read all about them in paper, in the same paper even!

        thank you, and good night :)

  20. By Quark () on

    A book similar in context to the original daemon book would be nice.

    1. By Chris () on

      A book similar in context to the original daemon book would be nice.

      I second your suggestion. The Daemon book isn't the most scintillating read in the world, but I still read it from cover to cover several times because it's the only BSD Unix internals book I could find. I referred to both the Open and NetBSD sources as I read it (around the time of Net 1.4 and Open 2.6 IIRC), which was helpful, but the book is quite out of date with the current state of the art BSD kernels.


  21. By Matthias () on

    Besides all the comments made here, I'd appreciate something that goes into the details of performance management (monitoring and tuning) of an OpenBSD system! Especially under heavy load. Maybe something like the tuning-openbsd paper from Philipp Buhler and Henning Brauer.

    I sometimes have the feeling that there are things missing... or didn't I search good enough?

  22. By Adam Skutt () on

    And say an OpenBSD book is a bad idea.

    OpenBSD is still in its infancy, even moreso than Linux is. And I have zero Linux books in my bookcase for that very reason. Linux and OpenBSD are still evolving very rapidly, so fast in fact that any book is usually obsolete and useless before you get to read it. Otherwise, its just general Unix knowledge that is covered a million times over in many many books.

    I think where OpenBSD differs and is unique is well covered in its documentation (the man pages & FAQ). I've never had any trouble that I couldn't solve by reading the manpages or the FAQ. Maybe my techincal skillset lets me do that, I dunno. Either way, I think OpenBSD's documentation is a good thing and it doesn't really need to be supplemented.

    Either way, if you want to write a book, feel free and I'll even buy a copy for the good of the order, but I don't think I'll use it much, since hte system already provides top-notch documentation.

    1. By Anonymous Coward () on

      What do you mean in it's infancy? By saying that, you imply that someday it will be finished. That will never be so. Besides, aren't there enough people out there using OpenBSD, FreeBSD, NetBSD or Linux professionally? Making a buck now and then? The speed with which new releases are being made is inherent to OSS in my opinion.

    2. By Anonymous Coward () on

      OpenBSD does not jump from one trend to another it adheres to standards which do not change over night. Making the book not obsolete in a short time.

      1. By Anonymous Coward () on

        Yeah, right. I've been using OpenBSD as a firewall since 2.7. No changes there; I'm still using the exact same configuration files and utilities on my 3.2 box...

    3. By Hugo () on

      Doesn't know much.

      As far as standardization and change is concerned I feel that the BSD's/Linux OS's have pretty much stuck with the standard are are doing a good job of satisfying the professional market.

      I run labs with a number OS's (Windowes*, Solareess and some obsd and linux machines) and I have found that the BSD/LINUX os's tend to stick to stuff that s proven to work on the default installations while the other two tend to make drastic changes that require quite abit of work when migrating from version to version...

      Take these example: Moving from WindowzeNT to 2K/XP... and move yer SAM to ADS and come back and tell me everything ran smoothly on the first try.
      Look for AutoClient support in Solareess 8 ... I dont think you ll find it there...

      Here s my point: When new features appear in the BSD's or Linux they most proably appeared in commercially available OS's ... and work just as well on BSD/Linux than on the commercially available OS's.

      I'd rather see a OBSD book published where I ll find information that s 99.9% accurate after 2, 3 or even 4 OS version changes than have to pick up a windowze admin book version XX and have to trash it when the new OS version comes out.

    4. By Patrick Myers () on

      The only OpenBSD book that I know of is "Building Linux and OpenBSD Firewalls". I bought it when I was setting up OpenBSD for the first time with 2.7. The book was a godsend and completely relevant up until 3.0 when OpenBSD made the switch from ipf to pf. Even afterwards it was good to go through for basic stuff. That's a year and a half for me, but the book was written using 2.5, so tack another year on. I certainly don't use the Java books I bought 2.5 years ago. Point being: OpenBSD itself is pretty consistent. The only issue becomes when you move into the non-OpenBSD realm of the OpenBSD environment (ala Desktop). A section/book centered around GNOME or KDE or whatever could obsolete itself much sooner.


  23. By Marty () on

    Some topics that would be good in your book include:

    1. Why do people pay money for cuddly published manpages?

    2. How good would open source software be if the money spent on these books was instead spent on development?

    3. Why does everything need to be dumbed down so extremely?

    1. By Anonymous () on

      1. Why do people pay money for cuddly published manpages?

      Because you cannot read man pages when your system is not operating? Because man pages assume that people who read them have a certain amount of knowledge that beginners just don't have?

      2. How good would open source software be if the money spent on these books was instead spent on development?

      Books are needed, otherwise not many people would use open source. Also, some publishers donate money to open source projects, employ developers or pay them to write books. Visit the O'Reilly, Wiley, Addison-Wesley, Prentice-Hall, or New Riders on-line book catalogues and see the names of authors.

      3. Why does everything need to be dumbed down so extremely?

      There are books for everyone, and don't forget that today's dummies are tomorrow's gurus

      1. By tomorrow's guru () on


        1. I spend all day in front of screens doing work. At the end of the day, the last thing I want to do is sit in front of one and read manpages with 1000 hyperlinks to navigate through. I learn much better sitting back with a book in hand.

        2. I feel like chasing my tail

        3. Why do I need to pull out of the drive way at 60 mph?

    2. By Anonymous Coward () on

      Definitely the pitfall of the FreeBSD book- basically just a copy of the FAQ, followed by manpages, manpages, and more manpages...

      On the other hand, having a true "Bible" of the manpages (in binder format, for easy 'upgrade') would be a damn nice product in its own right- just don't fob it off as a newbie's or sysadmin's guide.

  24. By Anonymous Coward () on

    The single biggest problem I had with OpenBSD was figuring out how to keep the system current. Installation of patches is not at all obvious if you've never done it before, and even though other aspects of OpenBSD are well documented (especially the man pages), I could never get this working as efficiently as I thought it should.
    So, I suggest a very detailed chapter on this, where you assume the user has no experience with any of the concepts (e.g., getting source via cvs, diffs, etc). Include several step-by-step examples.
    With such a chapter, I'd buy the book in a second.

    1. By Anonymous Coward () on

      FAQ pages get your feet wet and provide enough information to get you going. Once you've used the the program/s in question the next step is to find more documentation on the program. what it is, why is it used, what is it used for...blah, blah, blah. All in all, you just have to satisfy your curiosity which requires A LOT of reading.

  25. By David A. Rogers () on

    Don't be yet another book on using Unix applications. There are way too many already.
    Don't put in stuff that is easily found in the manual pages.
    Don't give "magic incantations". The sort of instructions that tell you to do something, but not why you're doing it.

    Do give the big picture. What are the pieces of OpenBSD. How do they relate and how do they work together.
    Do give the reasons for the way things work. Explain why the reader should do whatever it is you just told them to do.

    1. By Anonymous Coward () on


    2. By Anonymous Coward () on

      The "Don't" is exactly what the FAQ pages have you do. Do this, do that, but without any knowledge of knowing why.

      The "Do" would be a nice read. ;) It's nice to know why you are getting milk at the store. :P

      1. By AC () on

        I want to know WHY, WHY, WHY, WHY, WHY! ;)

  26. By RC () on

    Man pages are all people need to read to setup something ONCE THEY KNOW WHAT THEY ARE LOOKING FOR. Having trained many new Unix users, I can safely say that the most difficult thing in Unix is discovering which programs/config files perform the operations you want.

    For instance... If someone wants to make sure noone can boot into single user mode ond get root without knowing the root password, they don't know where to start. Once you tell them to look at "/etc/ttys" they have no problems figuring out the information from the man pages, and the file itself.

    If they know they want a VPN, how do they know to look at IPSec?

    In addition, I'd say include all the important information, but otherwise, keep it as brief as possible.

    1. By Anonymous Coward () on

      man -k works wonders. Mailing list archives would be the next resource, and the digital version of god if all else fails, Google.

      Now, for the newbie to just stumble across OpenBSD is a matter for question. For if he knows he should use OpenBSD, he does have a certain degree of technical knowledge and should have the experience of finding information and not easily giving up at dead ends.

      1. By RC () on

        Different searches work only if they already know what they are looking for.

        I seriously doubt that a new user can figure out that awk/sed is what they want when they want to do text processing and replacement. How would a new user learn about systrace or chroot when looking for security? How would a user learn that SSH is a secure alternative to telnet (prominent placement helps, some)? How would someone learn about named pipes when they don't know that something like that exists? How would they learn that using a back-quote embeds the output of that command in that spot? How would a new user even figure out that lynx can be used to surf the web in text when they don't even know that it is possible?

        Sure, reading TONS of information will eventually give them their answer, but that is assuming they always know the right questions to ask (and that they know they've asked the right questions when they have, so they don't give up on a search that will eventually find something useful).

        We all take the workings of Unix for granted now. But most of us that weren't taught Unix just gradually picked up on these things from numerous sources over time. I'm only well informed of these sorts of problems from having helped beginners learn to use OpenBSD.

        Of course, maybe there is some book out there that guides users through these basic Unix concepts, but I didn't find it when I needed it, and have still not come across any such book.

  27. By Rob () on

    Agreed. I would consider myself an intermediate guy- not a newbie and not an expert. I would say:

    - forget the X window system stuff (it would waste to much valuable space for other topics and the dang desktop systems change so much)

    - it has been mentioned but for emphasis, a strong, day-to-day toolset explanation. things like the critical logs, important config files, system monitoring etc.

    - I hate to admit it but I still fear doing patches. anything that eases that process would be great.

    - Lastly, an index to the most widely used command line tricks and tips- the ones used every day or every week.

    Thanks and my credit card is ready to swipe

    1. By Anonymous Coward () on

      Patches (the lynx browser is your friend)?

      2. Click the patch link and save it in your /usr/src directory.
      3. follow the instructions in the patch which are for example:

      Apply by doing:
      cd /usr/src
      patch -p0 <005_named.patch

      And then rebuild and install named:
      cd usr.sbin/named
      make obj depend
      make && make install

      4. you are done, restart the service in question.

    2. By XFree86 User () on

      ...though it probably has one.

      Seriously, an O'Reilly "pamphlet" (on the order of their laughable PPP book, or less-laughable guides to awk/sed/etc) for XFree86, perhaps customized to "XFree86 on OpenBSD," would be another good project in its own right. Learning to secure it, use it effectively over the network, not load 500 modules you won't need anyway, etc- all good stuff.

  28. By Anonymous Coward () on

    when I first set my 2.5 box up was that lots of things didn't -quite- work the way Linux did, and when the find command doesn't work as you expect, you're in trouble.

    I tell people the first thing to do when they boot is to update the locate database, and the second thing to do is read man afterboot.

    If you put an appendix in the book that is a step-by-step to doing something useful - even if it's only a page long and says "you're assumed to know vi", it might save people some time.

    1. By Anonymous Coward () on

      Linux is dung. The developers will take the prettier path at the expense of correctness.

      The only OS which comes as close as possible to standards is --> OpenBSD. The OpenBSD community does not need to document the fact that most others break standards.

    2. By AC () on

      ...should have a VI reference card on the back panel, just as every MS-DOS book included an ASCII chart.

  29. By Funk () on

    One topic that is often overlooked in Unixy books is upgrading. This includes full-system upgrades, security/stability patches, and upgrading ports (especially when they have interdependencies).

    The ports upgrade issue is why I don't use OpenBSD on the desktop; explaining that one would be quite useful.

    1. By Anonymous Coward () on

      Exactly. Documentation that needs to be provided by someone who knows what is going on.

  30. By Anonymous Coward () on

    An overlooked area in the open source community is HOWTO transition from A to B. A real honest to god transition where the author takes a Win98(ohmygod) user or whatever through all the steps necessary to get a firewall/nat system up and running. I came to the openbsd world through a very circuitous route on a search for the best firewall/nat system for my house. And it was a total pain in the butt( I am a windows refuge of a few years). It went something like this. NT4, linux(suse), linux (redhatish don becker firewall) freebsd, openbsd. Once I got obsd running it was fantastic. All the other systems required entirely too much work, updating and such.
    Find out what people are doing with obsd; firewall, vpn, etc, and take them through the steps to get obsd up and running.
    A transition chapter acts like a foreign language dictionary. obsd > windows windows

    1. By Anonymous Coward () on

      Yes thats what I meant. Migrations. i will say it again. M i g r a t i o n s

  31. By MrChuck () on

    Is OpenBSD so radically different from Net or FreeBSD?
    Is there truly a market for an OS that we can guess is used by 50k people, most of whom won't pony up $40 for a CD?

    I like the nemeth system admin books.
    They cover the principles of running Unix.
    They have, in each section, a breakout where there are differences.

    Widen the audience. The FreeBSD Handbook applies, mostly, to the other BSDs.

    Free|Net|Open (and hell, MacOS/Darwin) all run apache, IPv6, IPSec, GNOME, KDE. They have a ports tree (netbsd's is available for MacOS X and Solaris).

    Variations include Racoon, ISAKMP and minor implementations of things like ifconfig and some user tools that are or aren't included.

    I regularly move from OpenBSD to FreeBSD and NetBSD through the day. I rarely think about it. I move to Solaris and I have to pause and recall to do certain things differently.

    Why deliberately narrow your audience?

    When you write a book, odds are pretty low that you will make minimum wage for that time you put it. Make it available to the other BSDs and you might make $3 for each hour you spend instead of $1.

  32. By James A. Peltier () on

    cover things already in the FAQ in great detail. My particular interest is in security. Things like designing a PKI network, VPN solutions using x.509 certificates for roaming users, setting up a root certificate authority. Installation and file system information such as suggested layouts for firewalls or web servers, filesystem options and the best use of them, etc etc

    1. By Anonymous Coward () on

      excellent idea!

  33. By Anonymous Coward () on

    Lack of a complete DeskTop How-To. OpenBSD is the perfect choice as a desktop, it's simple and secure. I can wander the Internet without fear of my system being taken advantage of or letting out a bit too much information. Being able to protect myself with 'pf' (the only packet filter worth using) not only at the edge, but having an extra layer with specific rule sets for that specific system is efficient.

  34. By clicket [Jason Brewer] () likeabeerbrewer ĄT on

    I would like to see mucho mucho documentation on practical Packet Filter and ALTQ.

    1. By Anonymous Coward () on

      totaly agreed!

    2. By kremlyn () on

      ALTQ and PF need some MAJORLY good documentation..

      It's such awesome software, that although the man pages are already top class, they need to be *better* for PF+ALTQ for 3.3-Release

  35. By Anonymous Coward () on

    What I would like to see is a series of books that takes the latest OpenBSD release and contains the commented and explained source code to the kernel, then libc, then major utilities. This would be an expansion on the book Stevens did for 4.4BSD, which is an excellent reference for BSD kernel programmers but now quite a bit dated.

  36. By Erik Seidel () on

    It should have something on migrating from Linux
    and a bit on the COMPAT_LINUX functionality and uses.

  37. By Wish I were Tim O () on

    From the simple fact that this has generated more response than I can remember on OBSDJ, I would say that this idea is one whose time has come. Add to that the fact that the majority of items on *cough* Slashdot/BSD are about OpenBSD.

    The beauty of the free market system is that someone who is enterprising and fills the need succeeds and the market (us users) succeeds.

    Bravo! bring the books on!

  38. By Anonymous Coward () on

    FYI, the story is in the BSD section of Slashdot. The author may find some useful comments there as well. The moderation does help a bit.

    I'll send the link to the OpenBSD Journal folks in case they don't see this comment as it may be worthy of posting an update to this story.

  39. By click46 () on

    dont add filler. no one cares how to get postfix installed on OpenBSD because its pretty much the same on every damn *nix out there. I second the notion of PKI, VPN's, altq - things pretty specific to openbsd. Basically, a book the ties together the entire FAQ with real world uses would be perfect.

  40. By Justin () on

    Since it looks like everyone is taking this question seriously I will post the much needed comic relief comment.

    I want to see pictures of the openbsd dev team in the nude all holding little bsd daemon stuffed animals above their heads singing the song on the openbsd 3.1 cd "...Vampire omellete, kitten cake..."

    In other news, I guess all I want is a paraphrasing of the important man pages printed. Important meaning things like: afterboot, netstat, tcpdump, vpn, isakmpd.conf, pf.conf, pfctl, sh, man, ln, etc. :)

    have a nice day

    1. By Anonymous Coward () on

      > pictures of the openbsd dev team in the nude

      Ow. Ow. Ow.

      You just made my eyes bleed.

    2. By zil0g () on

      That would be 1337!

  41. By HAL9000 () none@internet.null on mailto:none@internet.null

    I'd like to see customization. Ways to put it to use in such places like routers, and more on the new pf. How about it's history, and the changes that it has undergone? It's use for wireless technology? How about explaining the new IPv6, or setting up an Internet proxy?

  42. By Dylan Harris () on

    A book isn't big enough to go into everything in great depth, whereas many of the man pages do provide such information. But I find the whole man and info systems pretty scattergun, so I'd like to see the overall summeries and concepts that are (mostly) missing from those pages (there are superb exceptions, like afterboot). I'd also like to hear about people who've used OpenBSD successfully; maybe not to the depth of case studies, but certainly a good hint as to how to use it practically in the big bad world. Finally, I'd like some clues how to link, in a sophisticated way, OpenBSD into networks with PCs running other operating systems: as much as I try otherwise, people still insist on paying me money to write Windows code (sorry about swearing in public), but I remain stubborningly unwilling to put any of my windows machines near the net without at least an OpenBSD armoured decorum preserver between their digital goolies and the evil outside world.

    1. By Funk () on

      A book isn't big enough to go into everything in great depth, whereas many of the man pages do provide such information. But I find the whole man and info systems pretty scattergun, so I'd like to see the overall summeries and concepts that are (mostly) missing from those pages (there are superb exceptions, like afterboot).

      It would be really useful to have pointers to the man pages in section 8 that go into depth on particular topics rather than the usual commands. Most people accustomed to other Unices won't know to look for these unless they're pointed out. Yeah, a lot of them are mentioned in afterboot(8), but afterboot should be summarized in a book anyway, for those who haven't read it in a while or (horrors!) never read it at all.

  43. By Just Another Admin () on

    if it had useful content. As others have already suggested/requested, information to make better sense out of VPNs on BSD would be wonderful. There's a very good book on the market for building Linux VPNs. I would also like more information on building a custom kernel (still have not been able to figure this one out), patch and upgrade an existing sytstem, use pf in different situations, how to set up jailed server environments, and how to successfully implement logging (preferably using syslog-ng). I think the book's focus should be on security, since this is where OpenBSD really shines. I don't give a rat's @$$ about GUIs or desktop use, but I think you should explain how to set up secure web, e-mail, ftp, and even file and print services. I think you should also explain how to use OpenBSD as a router, firewall, and VPN gateway. That's what IMHO most of us want to use this fine OS for anyway. So, to summarize my ramble:

    Patches, ports, upgrades, and kernel customization
    PF firewall config
    Chroot jail for server apps
    E-mail, web, and ftp server configs
    Router, firewall, VPN gateways
    Using OpenBSD as a secure log server
    Using as a Snort NIDS

    I don't care for design history and all that. I want a one-stop-shop for configuring OpenBSD as a secure network device or Internet server without having to sift through man pages, on-line docs and newsgroups. That's all. Write that, and I'll buy two copies.

    1. By Anonymous Coward () on

      "I don't give a rat's @$$ about GUIs or desktop use"
      If that is truely the case, you must use a Microsoft product called Windows. I care for my DeskTop environment and wish for it to be as correct as possible.

      Anyone who doesn't care what their desktop does, and how, as long as the tool works for a desirable amount of time, more than likey uses Windows. Windows is bloated, slow, and does everything you can imagine.

      Inefficiency leaves room for equality, and efficiency leaves room for no equality. In this case, Microsoft tries to please everyone, making the system as accessible as possible to reach monetary goals. OpenBSD however, caters to itself. The developers code for their interests, and that's where its strengths lie. They try not to please everyone, but try to please only themselves. In essence excluding a large user base which has no reason to be sniffing around OpenBSD. Sounds to me, you shouldn't even bother with OpenBSD to begin with.

      1. By zil0g () on

        for gawdz sake how many pages can you write about OpenBSD on the deskop?
        "right, uh first make sure you selected xbase in the installation, then run xf86cfg or xf86config, configure x just like on any other system.
        NOW for the tricky part, turn 'xdm' on in /etc/rc.conf and run 'xdm'; done*"

        *the adventurous user might want look in the nearest pkg mirror for something like 'fluxbox', 'icewm' or even kde* or gnome*

        "halfway usable browsers exist in the ports tree, for fully-fledged pr0n consumption we need to bugg the mozilla developers untill OBSD is fully supported"

        really, if a mar00n like me can run it on the desktop, so can anyone else - and I can't even type right.
        and looking at the suggestions so far there doesn't seem to be that hight a demand for desktops, but well for firewall/NAT boxes, vpn this-and-that servers.
        where did windows come in the picture here? are you telling me YOU will be the one who walks in the office and says: "STOP! stop what you're doing close those spreadsheets! I'll reinstall your lousy windoze boxen with OpenBSD! You'll thank me for it, because it's stable, secure and 'correct'!"
        (don't get me wrong, I think it is just that, but your average office worker won' care WHAT it is if they can't find 'word' on the desktop with a green 'W' icon...)
        who cares if someone uses windows? heck I do it's either that or (eww)Linux to play my beloved game collection in, diff is most won't run in Linux...
        hmm... I've got it! let's add a chapter for everyone who plays games in OpenBSD! that should attract an even greater reader-base!
        in summary: if I'm not using OBSD on the desktop, I shouldn't use it at all, thank you. (and no, I didn't write the first post)

        (I'm not really this bitchy, it just _sounds_ like it on the net. btw, I can't spell either - didn't go to school, go figure).

  44. By Gimlet () on

    I'd love to have a great, OpenBSD-specific book to read and have on my bookshelf as a reference. However, one danger I've noticed is that a lot of Unix tend to try to cover too many bases at once.

    For example, there are several excellent books on system administration, TCP/IP, sendmail, Samba, etc. Better just to say, "buy, borrow, or steal these books!" and then use the saved space to cover things in detail that aren't available elsewhere.

    I'd be very interested in having a book that focused on what OpenBSD can be used for better than other systems. Firewalling, SSL, VPN, and other security topics where OpenBSD shows its strengths would be greatly appreciated.

    Oh, and please don't put the book on the level of a Unix newbie. A solid, well-written, and *detailed* technical book would be far more beneficial to most OpenBSD users, and, IMHO, would appeal to serious users of other Unixes.

    And someone mentioned an OpenBSD-centric follow-up to McKusick's BSD bible. That would be wonderful, but I think it would be another book, perhaps best suited for one of the core developers -- another source of revenue for the project perhaps?

  45. By rust () on

    I guess the one of the most important items that I would greatly appreciate is a drawn out explanation as to why OpenBSD's network stack is considered far superior to other BSD's.

    I have asked this question many times from co-workers/friends and have received little in return.

  46. By anonymous () on

    As a MCSE, and sometimes Linux user, the thing I most want to see is user management for a network system. I would like to see users able to login from any workstation, have their drive mountings (mappings), and applications.

    On Winblows (TM), I set up boxes from an image with applications and network profiles (aka, icons on the desktop, drive mountings, printer mappings, etc). The user profiles reside on a server with the user shares. When a user logs into a random box, they get "Their" desktop and run.

    I don't need the idea behind the system, I'm not a CS major. I load the programs from compiled binaries, read the manuals, and try to modify the buggy po$hits work as advertised. If I want to set up a network on linux it would be OS, GUI, Webbrowser + addins, Mail (Mozilla + Kmail or such), and the office suite (Star or Corel).


    1. By Anonymous Cowherd () on

      As the same AC replying to the 'Security' post up top... this covers the point I forgot. Quite often, an OpenBSD box gets thrown in as "security pixie dust" in front of a bunch of Windows clients- better than just a Linksys router, but still certainly no miracle cure (especially with many services concentrated on one machine).

      Demonstrating interaction with Windows clients would be good, as would a mention of what little can be done to enhance security for them via OpenBSD - I hate texts that dive into a particular commercial product, but discussions of what's available for virus protection [Kaspersky AV for Linux being the only *NIX-hosted Windows scanner I know of], and [network/fileserver] backup would be nice.

  47. By Anonymous Coward () on

    I don't think yet another book which covers the basics of unix before going into the meat of the topic is really needed, so hearty support here on the decision to stick to OBSD specifics. Topics like sendmail, BIND, and Apache also have substantial documentation readily available in deadtree format, so inclusion of just a `Further Reading' section for such things would likely be a good idea, with only notes on how the implementation may differ from standard under OBSD. I can't think of any decent available books on stuff like photuris or even kerberos, and certainly no books on pf, so details on these would likely be good. Definitely lots of details on pf, with more examples than the man pages give. A lot of firewalling concepts may be found under other books, so again no need to overlap existing texts too much; implementation of concepts specifically via pf would be good, though. Certainly topics about creating new ports and modifying existing ones, keeping the source tree updated via cvs/cvsup/whatever, with specifics about how to keep up with stable vs current vs release, etc. FreeBSD and Linux compatibility are covered in the FAQ with relative terseness, so extra details there wouldn't hurt either. Finally, although covered in the FAQ, touching on custom kernels and potential gotchas (module dependencies and such).

    I do have to disagree with the fellow who said OBSD is too new to warrant a book. All OSes which're still being worked on will evolve over time, and documentation will inevitably go stale. My Solaris 2.5 docs still retain some relevence today, but should be replaced. Same with my older Complete FreeBSD book. If the author can stick to the specifics, online errata will hold readers for a while, and when it becomes necessary for a new release, it'll likely be a more managable task to update the book's content.

    Blah blah blah...

  48. By Ash () on

    I'd love to see a book on OpenBSD kernel hacking. AFAIK there isn't much print on BSD kernels, how to write drivers, and write code that is acceptable.

    1. By Anonymous Coward () on

      Paths in the right direction would be nice.

  49. By Anonymous Coward () on

    3 books you must have...

    1. By Anonymous Coward () on

      Lion's Commentary on UNIX with Source Code
      The C Programming Language
      Managing Projects with Make

  50. By Boris () - on -

    Under 200 pages, in the same spirit as openbsd itself. no beginers stuff, there's so many around.
    some simple chapter on programming show how to write'secure' code, and how to avoid race conditions etc. some chapter on all*BSD things, to remind us that openbsd is indeed open. Something that will still mean something in 3 years from now.

  51. By J.Smith () on N/A

    If youre looking for good ideas for an OpenBSD Book, take a look at the FreeBSD handbook thats maintained by the FreeBSD people over at their web site. It includes all kinds of details about setting up and maintaining a freebsd system - it would be nice to see something similair for OpenBSD as well.

    1. By Daniel Feenberg () on

      Seconded, the FreeBSD handbook is good about
      concentrating on those thinks that are not universal.

      One thing that no books seem to cover is configuration changes. Changing a host id or NIC, or adding a hard drive are all commonplace
      tasks, but are never documented for an free OS.
      Users can figure this stuff out, but it would
      be better if it were in the text books.

    2. By Daniel Feenberg () on

      Seconded, the FreeBSD handbook is good about
      concentrating on those thinks that are not universal.

      One thing that no books seem to cover is configuration changes. Changing a host id or NIC, or adding a hard drive are all commonplace
      tasks, but are never documented for an free OS.
      Users can figure this stuff out, but it would
      be better if it were in the text books.

  52. By Anonymous Coward () on


    At my job I had to setup a BSD with RAS. Pain in the neck finding information about how to do it and how to easily maintain it(adding/changing modems, adding/changing IP's).

  53. By Adam Getchell () on

    OpenBSD is about security, and excels on the edge of the network. I'd like to see generally accepted practices for:

    * Building a transparent bridging firewall
    * Building a NAT firewall for hosts
    * Other lockdown and performance tuning for firewalls
    * Use of ALTQ (and how to record bandwidth usage to the above log system)
    * How to do load balancing
    * How to setup SQUID as a reverse proxy cache for webservers (Apache, Zope, IIS, etc)
    * How to set up a DNS, SMTP, servers
    * How to setup and configure symon (or some other suitable practice) to create a central monitoring system for your transparent bridges, NAT boxes, SQUID boxes, bandwidth throttling, etc.
    * How to setup and configure SNORT, ACID, PHP
    * Tuning the above systems

    That takes care of some edge uses for OpenBSD. Now, for general network use as a webserver, application server, and file/print server, I'd like to see sections on:

    * Apache
    * Tomcat (and in particular, getting it locked down and working properly. I've struggled with it, myself.
    * SAMBA
    * CVS/OpenCM etc.
    * Kerberos integration (because, if you manage a large number of systems you'll want to get away from separate accounts on each server)
    * AFS
    * Tuning the above systems

    Finally, I wouldn't mind seeing sections on configuring OpenBSD in the desktop environment, particularly:

    * X/KDE configuration
    * GNOME (perhaps)
    * Diskless terminals
    * CD boot systems, RAMFS

    The last two suited towards dumb terminal/CD systems approach.

    Now, I realize the above list might be 3 books instead of 1, but that's the order I personally would rate.

    Finally, I have "The Design and Implementation of the 4.4 BSD Operating System", but anything to help aspiring newbie kernel hackers would be welcome. Such a tome could also include philosophical discussion, if desired.

    All in all, a tall order. I'd be willing to contribute my meager knowledge to the effort.


  54. By marc bayerkohler () on

    I would -really- appreciate more doc and examples on upgrading obsd. ive read the docs on cvs, but a lot of it seems to take knowledge for granted, and it could be a little easier.

    Id like better explanations of 'Snapshots', and the steps of taking a box from 2.7 to the latest -stable without losing my data and configurations.

    Also, more examples of setting up VPNs, espesh to other OSes.

    1. By Forge () on

      I've been using OpenBSD at my company since version 2.5. I'd like to see a whole chapter with recommendations on how to upgrade the system, specifically how to upgrade using anonymous CVS (and mergemaster), and how to apply patches. Once most people get past the initial install and configuration, this is a main concern (especially since new security fixes are released every couple weeks).

  55. By Forge () on

    I've been using OpenBSD at my company since version 2.5. I'd like to see a whole chapter with recommendations on how to upgrade the system, specifically how to upgrade using anonymous CVS (and mergemaster), and how to apply patches. Once most people get past the initial install and configuration, this is a main concern (especially since new security fixes are released every couple weeks).

  56. By herodiade () on

    Like it was said in slashdot, sysadmins expect security from OpenBSD, so they may (i do) expect content like "hardening (more an more) the OS".
    Using syscalls policies, chrooting everything, ipsec's vpns, hardening the fs ... is an necessary content.

    Another point : documenting Altq usage.
    Since open is frequently used in firewalls/gateway (the good place for an QoS Altq box), since it does more and more to integrate altq on the kernel, since it's very hard to configure a good altq policy, and since there isn't a lot of hand on tutorials on altq ...

  57. By James () on

    Something called "Helpme" which is like a FAQ but contains the most common cause of a system to fail

  58. By Graun Frondwidth () on

    Somewhere in the networking section, please explain (all in one place) what the heck all
    of those devices which are displayed when you
    execute "ifconfig -a" actually are.

    Another section on getting X up and running
    with Gnome/KDE and a window manager other
    than twm would also be much appreciated.

    1. By Anonymous Coward () on

      EvilWM is the wise choice. :)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]