6.7 Updated! July 21, 2020, proudly hosted by ARP Networks. Follow me on Twitter.

history Forked from NetBSD. Theo de Raadt is the founder and leader of the OpenBSD project. The first OpenBSD release 1.1/CVS appear on October 18, 1995.

why use openbsd UNIX-like

Get the latest version of OpenSSH, OpenSMTPD, OpenRSYNC, OpenNTPD, OpenIKED, OpenBGPD, LibreSSL, mandoc

Get the latest PF (Packet Filter) features

Get carp(4), httpd(8), relayd(8), vmd(8)

Security focused Operating System (unveil(2), pledge(2)...)

Thorough documentation

Cryptography

openbsd innovations Software and ideas developed or maintained by the OpenBSD project: https://www.openbsd.org/innovations.html

openbsd version numbers Semiannual release cycle

New release is incremented by 0.1

openbsd's flavors -release, shipped every six months

shipped every six months -stable, -release plus patches (support for 6.6 & 6.7)

-release plus patches (support for 6.6 & 6.7) -current, development branch

cvs repository Choose your repository at: https://www.openbsd.org/anoncvs.html

cvsweb CVSweb is a WWW interface for CVS repositories with which you can browse a file hierarchy on your browser to view each file's revision history in a very handy manner: https://cvsweb.openbsd.org

manual pages # How to read a man page, for example foo(5) ? man 5 foo Or view it on your browser at: https://man.openbsd.org

supported hardware Some dmesgs

installation Really simple, ready in 5 minutes (KISS). The response file is emailed to the root user on next boot. Get more information: https://www.openbsd.org/faq/faq4.html

auto-install Use autoinstall(8) or you can try upobsd package for a full unattended install/upgrade process.

filesystem OpenBSD use by default ffs2 (Enhanced Fast File System) since version 6.7. If you create a new filesystem manually you will still get an FFS1 filesystem unless you force -O2 or if the filesystem will be larger than 1 TB. Read: newfs(8)

networking files /etc/myname Default hostname /etc/mygate Default gateway /etc/hosts Known hosts on the network /etc/resolv.conf Resolver (DNS) /etc/hostname.if Configuration for each network interface, for example: /etc/hostname.bge0 Read: myname(5), hostname.if(5), resolv.conf(5), hosts(5)

networking # Display the current configuration of network interfaces ifconfig # Set DHCP for 're0' interface, on the fly dhclient re0 # Perform network (re)initialisation sh /etc/netstart

networking (set at startup) Example 1: configure static IP address for re0 ## File: /etc/hostname.re0 inet 192.168.0.58 255.255.255.0 Don't forget to run sh /etc/netstart re0 to apply changes to running system.

networking (set at startup) Example 2: configure DHCP for bge0 ## File: /etc/hostname.bge0 dhcp Don't forget to run sh /etc/netstart bge0 to apply changes to running system.

networking (set at startup) Example 3: configure wireless # First, see a list of available wireless networks: ifconfig iwn0 scan ## File: /etc/hostname.iwn0 nwid ACCESS_POINT_NAME wpakey THE_SECRET_KEY dhcp # Or, for multiple access points join AT_HOME wpakey THE_SECRET_KEY join AT_WORK wpakey THE_SECRETKEY dhcp Don't forget to run sh /etc/netstart iwn0 to apply changes to running system.

routing # Show the routing table (ipv4) route -n show -inet # Show the routing table (ipv6) route -n show -inet6 # Delete all gateway entries from the routing table route -n flush

pf ruleset sample ## File: /etc/pf.conf # Protect a laptop (allow only ping/ssh from anywhere) set skip on lo block log all pass in on egress inet proto icmp all icmp-type echoreq pass in on egress inet proto tcp from any to any port ssh pass out Read: pf.conf(5)

pf (packet filter) (Useful commands) # Disable PF pfctl -d # Enable PF and load the rules pfctl -ef /etc/pf.conf # Just load the rules (apply changes) pfctl -f /etc/pf.conf # View the loaded rules pfctl -s rules Read: pfctl(8)

debug pf with tcpdump tcpdump -nettti pflog0 Read: tcpdump(8)

manage users # Manually user [add|del|info|mod] foobar # Add users interactively adduser # Remove users interactively rmuser Read: adduser(8)

manage groups File: /etc/group group [add|del|info|mod] foobar Members in wheel group can use su(1) to become root. Read: group(8), group(5)

sudo replaced with doas(1) ## File: /etc/doas.conf # Permit the user 'marc' to reboot the box permit nopass marc as root cmd /sbin/reboot # Marc can now reboot the box $ doas reboot Read: doas(1), doas.conf(5) Try doas mastery (blog).

install packages # By default, the /etc/installurl file already contains an OpenBSD mirror server URL https://cdn.openbsd.org/pub/OpenBSD # Search for packages pkg_info -Q foobar # For example, to install Squid pkg_add squid # Update packages pkg_add -u Look in /usr/local/share/doc/pkg-readmes for extra documentation. Read: pkg_info(1), pkg_add(1), installurl(5)

packages # List packages installed pkg_info # List files installed by a package pkg_info -L foobar # View install-message for a specific package pkg_info -M foobar Read: pkg_info(1), packages(7)

packages (continued) # Delete a Package pkg_delete foobar # Show unused dependencies pkg_delete -an # Delete unused dependencies pkg_delete -a # Delete all except 'nginx' pkg_delete -X nginx Read: pkg_delete(1)

install non-free firmware packages fw_update Firmware is downloaded from release-specific directories at: http://firmware.openbsd.org/firmware Read: fw_update(1)

manage daemons, services File: /etc/rc.conf.local rcctl [enable|disable|start|stop|reload|restart] foobar # For example, to start the apmd(8) daemon for CPU scaling, you might do rcctl enable apmd rcctl set apmd flags -A rcctl start apmd Read: rcctl(8)

run a script at startup File: /etc/rc.local Read: rc.local(8)

update openbsd (-stable) Any security or reliability fixes can be found at:

https://www.openbsd.org/errata.html Errata patches are generated for the 2 last releases (6.6, 6.7).

update openbsd (-stable), the tools Use syspatch(8) to update your kernel and userland, available for the last 2 release. And pkg_add -u to update packages.

upgrade openbsd To upgrade 6.5 to 6.7, you need to follow instructions from: https://www.openbsd.org/faq/upgrade66.html

and then

https://www.openbsd.org/faq/upgrade67.html sysupgrade(8), is a utility to upgrade OpenBSD to the next release or a new snapshot.

openbsd filesystem The most important to know! / Root directory /home User home directories /root Default home directory for the superuser /mnt A temporary mount point

openbsd filesystem (continued) /etc System configuration files and scripts /etc/examples Example configuration files for base system daemons /etc/skel (dot) files for new accounts /etc/signify Key files used for signify(1)

openbsd filesystem (continued) /tmp Cleaned after a reboot /var/tmp Symbolic link to the system /tmp /var/log Log files /var/run pid, socket files, utmp, dmesg.boot

openbsd filesystem (continued) /var/db Database files /var/www Configuration files for httpd(8) /var/www/htdocs Web repository for httpd(8) /usr/local Third-party software goes here /usr/src BSD and/or local source files Read: hier(7)

openbsd kernels /bsd

Kernel executable (the operating system loaded into memory at boot-time). In case of multiple processors, installer will rename /bsd to /bsd.sp and finally /bsd.mp to /bsd

openbsd kernels (continued) /bsd.booted

Kernel executable, a resume from hibernation (handled by the bootloader).

openbsd kernels /obsd

Old kernel, next boot it will use the new kernel /bsd (kernel relinking).

openbsd kernels (continued) /bsd.sp

Kernel executable for single processor machines.

openbsd kernels (continued) /bsd.mp

Kernel executable for multiprocessor machines.

openbsd kernels (continued) /bsd.rd Installation kernel. The built-in RAM disk contains utilities which can be run without an external file system, so this kernel is useful for limited system maintenance too.

tune the system sysctl.conf(5) sysctl variables to set at system startup

sysctl(8) get or set kernel state

&

config(8) modify a kernel



setting laptop hibernation (sysctl) machdep.lidaction=0 do nothing machdep.lidaction=1 suspend machdep.lidaction=2 hibernate

maintenance doas pkg_check -F Checks that there are no other random objects under /usr/local doas dmesg -s Review rc(8) system startup messages ldd foobar List dynamic object dependencies df -h See disk usage top -s .1 Check load (cpu/mem) Read: pkg_check(8), dmesg(8), ldd(1), ld.so(1), df(1), top(1)

maintenance (continued) reset reset your terminal when it gets messed up by control sequences rcctl ls on what is enabled on your system doas rcctl ls started what is running on your system Read: reset(1), rcctl(8)

some useful packages screenfetch Display system information in the terminal w3m Text-based web browser noice minimalistic file browser

some useful packages (continued) pstree List processes as a tree tmate Share your terminal on the web without open any ports testdisk Scan and repair disk partitions

presentations & papers https://www.openbsd.org/events.html

need more help FAQ: https://www.openbsd.org/faq/

Manual page: afterboot(8)

IRC Channel: #openbsd

Mailing list: misc@

** bonus Join us on Telegram!