# RootPrompt.org   Nothing but Unix.[Home] [Features] [Programming] [Mac OS X] [Search]


 Feature: OpenBSD's Good Example

Last week I installed OpenBSD for the first time. I found that OpenBSD has done a lot of things right and that there are some things that the Linux community should study and emulate. Principles the OpenBSD developers are following such as "Secure by Default mode" and code auditing are things that we should be doing to Linux.

 (Submitted by Noel Wed Aug 23, 2000 )

  

OpenBSD's Good Example

by Noel

It may seem odd to start an article about OpenBSD by talking about Linux. I talk about my experience and love of Linux so that I will not be mistaken for one of the *BSD rocks Linux sucks crowd. There are important lessons to be learned from OpenBSD that those in the Linux community must not ignore.

I have been using Linux from the summer of 1994 until today. I loved it when I started using it and I love it today. I have used it as a desktop and as a server. A few years ago on the fourth of July I declared independence and removed the windows partition on my machine. I had kept Windows around to run Quicken, but decided that I would find a Linux replacement or do without.

I have been hearing about this OpenBSD thing for a long time. I had been interested but Linux did everything that I needed it to do. I still found reading about OpenBSD interesting. It was an operating system designed to be secure from the minute you finished installing. One that you never saw articles about entitled: "How to secure your OpenBSD box".

Over the six years that I have been using Linux it has taken more and more work to secure a machine once I have installed it from the CD. Some of this is from my skill level and knowledge increasing and some is from the additional software and services that the distributions are including. The last Linux installation I did on my machine at home took much more time to secure than it did to install.

At work I support Sun Solaris machines. They also suffer from the problem of having a lot of things to secure once they are installed. The installations leave a lot of services open and daemons running.

This is of course not really a Linux problem. The Linux kernel is the least of our worries it is instead the software in the distribution that is the problem. The organizations that build the distributions in the most part configure them to have the most services running and do not set them up with security in mind.

This is a big problem for Linux. You should not have to be an expert to get a secure Linux machine. There are just not enough Linux experts to go around and there will be many unsecured Linux machines on the net.

I want Linux to continue to grow. I want it to grow in the desktop, server and palmtop/embedded areas. The more Linux grows the more software and games will be available. The more it grows the more hardware will be supported. However a deserved reputation for being insecure will not make Linux grow and will retard its growth.

So a couple of weeks ago I ordered an OpenBSD 2.7 CDROM and installed it on a upgraded 486 I had laying around. The machine I installed it on was a Pentium 83MHZ upgrade, 40MB ram, two 350MB hard drives with an NE2000 Ethernet card.

The install went well. The disk formating tool that is called disklable could be difficult for someone who has only installed Linux. It is not as friendly as fdisk, or some of the other Linux tools. I have used similar tools under Digital Unix (aka OSF/1 and True 64) and Solaris so I did not have any problems with it.

I am not going to go into great detail about the installation. The only problem I had was with the Ethernet card. The card that was in the machine was an old NE2000 card that I had picked up at a going out of business sale a couple of years ago. I had no idea what brand it was and it being a jumperless card could not change the IRQ and port on the card. This caused a problem with getting the card to work under OpenBSD. I solved this by running over to the store and buying a eleven dollar Ethernet card.

The thing I appreciated first about OpenBSD was that it was not running lots of unneeded services. There was not hours of work needed to secure everything and turn off a bunch of daemons that I did not need.

The next impression I had was how usable as a desktop it was. I had a picture in my mind of OpenBSD as a striped down Unix that was secure because it did not offer much. Instead of this I found a system that installs a minimum of software but that has a lot of packages that can be installed. The X windows was configured with the fvwm window manager. Set up almost like I run my normal working environment. In the tradition of the more someone agrees with you the smarter they are, the person that set up X Windows is a genius. Setting everything up is going to take more effort than it does under a Linux distribution that installs 3GB of software but the end result would still be a very usable desktop environment.

It is my opinion that there are many lessons in how OpenBSD is put together that the Linux community needs to take note of. We need to have distributions that come secure out of the box. We need to have options for major distributions that tighten things up.

OpenBSD's security goal is:

"OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than Sun, SGI, IBM, HP, or other vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems."

They believe in full disclosure and they have been doing security audits on their code for four years. This has saved them from being vulnerable to many exploits and problems that effected other operating systems.

The OpenBSD security page says the following about their auditing process:

Another facet of our security auditing process is its proactiveness. In most cases we have found that the determination of exploitability is not an issue. During our ongoing auditing process we find many bugs, and endeavor to fix them even though exploitability is not proven. We fix the bug, and we move on to find other bugs to fix. We have fixed many simple and obvious careless programming errors in code and only months later discovered that the problems were in fact exploitable.

They also talk about not requiring their users to be a security expert as soon as they install OpenBSD.

To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.

This is in stark contrast to the increasing number of systems that ship with NFS, mountd, web servers, and various other services enabled by default, creating instantaneous security problems for their users within minutes after their first install.

Why do we in the Linux community produce distributions that require the user to be a security expert? Why don't we at least add a "Secure by Default mode" to our distributions? If we are aiming at the desktop then turn off what the desktop user does not need or use something like ipchains to filter some of the services we are running from the outside world.

I am not claiming that the makers of the distributions do not care about security. However they do as a rule configure their distribution to maximize the services available and to make things always be as easy for the user as possible. This is not all bad but I believe it must not be taken to an extreme that gives the user a very usable system that is also very unsecure.

I am also not claiming that no one in the Linux community is doing anything about this. There are two auditing projects that I know of: the Linux Security-Audit Project and the Linux Kernel Auditing Project. There are also people working on secure distributions of Linux such as Trustix Secure Linux and Bastille Linux. The makers of other distributions should be following the example of the secure distributions and providing as much support as they can to the auditing projects.

We will all benefit from Linux and Linux distributions becoming more secure. If we will not try to be number one in the industry for security as OpenBSD does then perhaps we can work towards having some distributions be a close second.


Our content can be syndicated: Main page Mac Page

Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author