Why Did I Use OpenBSD for My Remote File Server
So, many of you may know that I am a long-time Linux user.
However, recently many of my friends tried REALLY HARD to convince me to try BSD-based systems.
At first glance, my opinion was a solid NO. I mean, one of the most important thing for me is software ecosystem. Of course, Linux (GNU/Linux) absolutely crushed most operating systems in terms of ecosystems.
Later, as I was looking for a way to configure my remote file server, I decided to give it a try.
What the hell is this?
What is BSD?
BSD stands for Berkeley Software Distribution, which refers to a series of Unix operating system variants and distributions developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley, from the late 1970s into the 1990s. BSD was initially a set of modifications and extensions to AT&T’s Unix operating system. Over time, BSD evolved into a complete operating system in its own right, with significant contributions to the development of internet protocols and networking (the TCP/IP stack in many operating systems is derived from BSD code).
The term “BSD” now encompasses several open-source Unix-like operating systems that trace their ancestry to the original Berkeley Software Distribution. These include:
- FreeBSD: Perhaps the most widely used BSD variant, known for its performance, advanced networking, and support for a wide range of hardware.
- NetBSD: Emphasizes portability and supports a wide array of hardware platforms, making it suitable for many types of devices.
- OpenBSD: Focuses on security, correctness, and clean code.
- DragonFly BSD: A fork of FreeBSD 4.8, aimed at optimizing the operating system for modern multiprocessor/multicore environments.
BSD operating systems are known for their reliability, performance, and advanced networking features. They are used in a variety of applications, from servers and desktops to embedded systems, and have influenced other operating systems, including Linux and macOS (which incorporates components from FreeBSD).
What is OpenBSD?
OpenBSD is a free and open-source, security-focused Unix-like operating system based on the Berkeley Software Distribution (BSD). It is renowned for its emphasis on security, code correctness, and standardization. OpenBSD is developed by a volunteer team of developers from around the world and is suitable for use on a variety of platforms, including servers, desktops, and embedded systems. The project’s development is characterized by a comprehensive code auditing process aimed at discovering and fixing security vulnerabilities and bugs, adherence to documentation standards, and the creation of secure default settings.
Why I used it eventually?
1. Security
One of the most important thing about a server is security.
OpenBSD is often considered more secure than other server operating systems for several reasons, stemming from its development philosophy, security features, and practices. Here are the key aspects that contribute to its reputation for security:
1. Security by Default
OpenBSD’s default installation is minimalistic, reducing the attack surface by only including essential components. Fewer running services and applications mean fewer potential vulnerabilities. The system’s default settings are configured with security in mind, making it harder to exploit out of the box.
2. Proactive Security Measures
OpenBSD developers focus on proactive security measures. They implement features designed to mitigate the impact of vulnerabilities and bugs. For example:
- W^X (Write XOR Execute) policy ensures that memory cannot be writable and executable at the same time, making it harder for attackers to execute arbitrary code.
- Stack-smashing protection (SSP) to prevent stack buffer overflow attacks.
- Address Space Layout Randomization (ASLR), which makes it difficult for attackers to predict the memory addresses of running processes, complicating exploits that rely on this knowledge.
3. Code Auditing
The OpenBSD project places a strong emphasis on code quality and auditing. The developers conduct thorough reviews of the system’s source code to identify and fix vulnerabilities, potential bugs, and insecure coding practices. This continuous process of code auditing helps in maintaining a high level of security.
4. Patch Management and Disclosure
OpenBSD has a clear and efficient process for handling security vulnerabilities. When a vulnerability is discovered, patches are developed and released promptly. The project also maintains detailed patch and security advisory documentation, making it easier for administrators to understand and apply necessary updates.
5. Cryptography and Randomness
OpenBSD includes a robust cryptographic framework, signifying a strong emphasis on encryption for data security. It also focuses on providing high-quality randomness for cryptographic operations, critical for secure encryption and session keys.
6. Minimalist Philosophy
The OpenBSD project adheres to a minimalist philosophy, aiming to keep the system lean and manageable. This approach helps in reducing the number of potential vulnerabilities and makes it easier to secure the system effectively.
7. Innovations and Contributions
OpenBSD is known for its contributions to security, such as the development of OpenSSH, a tool widely used for secure remote access. The project’s innovations often benefit the broader Unix-like OS ecosystem, enhancing security beyond just OpenBSD.
Conclusion
While no operating system can be considered entirely secure, OpenBSD’s design principles, development practices, and focus on security features contribute to its reputation as a particularly secure choice for server environments. Its proactive approach to security, emphasis on code quality, and minimalistic design make it an attractive option for security-conscious users and organizations.
2. Low overhead
For a poor student like me, the budget for a server can be really tight. Thus, the spec for the server can be really low.
Here’s a side-by-side comparison. One is a fresh install of Debian 12 (bookworm) and the other is OpenBSD 7.2.
3. No bloatware
Yes I’m now STRONGLY CRITICIZING Canonical Ubuntu. Though Ubuntu is also a great operating system, but the bloatware… I mean, who the heck would think snap is a good thing. Just check your df -h.
Like… What???
Back on topic. By default, OpenBSD includes literally no utilities. You have to install them all by yourself. Which also means that the system is tiny by default. According to themselves, OpenBSD can be installed on at a 512 MB disk.
4. F**k off Systemd
Well, Systemd is bad in some cases. Sure, it’s widely supported. However, it’s very complex, and it is responsible for a lot of things. Systemd configurations are defined by their own types of files, which adds more work for the users.
On the other hand, init system on BSD is more simplified and easier to use. It’s essentially just Shell scripts and it runs faster and easier for maintenance.
5. Just try something else
Tired of Linux? Why don’t we try some other operating systems. Technically, both Linux and BSD are based on Unix, i.e. a *nix system.
BSD is more closer to Unix, i.e. a more direct descendant of Unix. While Linux is Unix-like, not entirely Unix.
Trying something new is never a bad idea, isn’t it?
Feelings?
To be honest, OpenBSD is not an easy option for beginners. It literally requires you to be savvy-enough to even complete the installation process, which is not so hard, but harder than most user-friendly Linux distributions.
Shamelessly, I actually spent like one and a half hours to install it for the very first time. My bootloader keeps breaking.
Just used it for less than 24 hours, but it’s well-beyond my expectations. I don’t regret my choice (for now).