Unix: Book Review -- Absolute OpenBSD: Unix for the Practical Paranoid by Michael W. Lucas, Open Starch Press, 2013
BSD -- the Berkeley Software Distribution flavor of Unix -- is alive and well and thriving on a remarkably secure system near you. And the second edition of Absolute OpenBSD (Michael W. Lucas, 2013, no starch press) is ready to teach you all about it.
I don't know which should come first -- why you should look at OpenBSD or why you should buy this book, but these questions seem tightly wound around each other. For those of us who have settled into one of the most popular Unix/Linux systems -- Red Hat, Debian, Fedora, Ubuntu, Mint, Suse, Solaris et al, OpenBSD may seem like a Unix from long ago, but there are aspects of this OS that set it apart from other popularly used Unix systems and this book by Michael W. Lucas and published by no starch press will help you understand, not just those differences, but how to install, deploy, manage, troubleshoot and thrive with an OpenBSD system.
To begin with, let's start with the subtitle -- "Unix for the Practical Paranoid". There's a lot in that title. These days, anyone who manages servers that interact in any way with the Internet are probably somewhat paranoid. In fact, the author says "If you're not paranoid on the Internet, you're in trouble". And why is OpenBSD "for the paranoid"? For one reason, it's because OpenBSD is regarded by many as the most secure OS (yes, even without the benefit of SELinux). Its focus on security borders on the fanatical. OpenBSD pays a lot of attention to the "baked in" kind of security -- auditing their source code with a keen eye toward routing out bugs that could represent an eventual compromise, rather than waiting for flaws to be discovered through successful exploits and addressing them then.
OpenBSD also has built-in cryptography, the systrace system call and the pf packet filter. Due to its ground up dedication to security, it is often used as the OS basis for intrusion detection systems, firewalls, VPN gateways and secure web sites. It's open source, yet it touts some of the highest quality documentation.
The first edition of Absolute OpenBSD: UNIX for the Practical Paranoid was published 10 years ago in 2003 -- ten years ago! It was so well thought of that it became something of a collector's edition and a lot of people have been hungrily waiting for this second edition. I was deeply entrenched in Solaris in 2003, though I still clearly remembered that "SunOS" prior to the birth of "Solaris" was a BSD-based operating system. About the same time that BSD and System V were merged to create Solaris, OpenBSD shot off from NetBSD, providing a clear option for those who wanted to remain in the BSD camp.
This book, in its nearly 500 (490) pages, covers nearly everything I can imagine stuffing into a book on OpenBSD and provides nearly a total immersion on the OS. Yet the author is not so arrogant as to presume you won't need to reach out to other information sources as well -- Chapter 1 is actually devoted to additional sources of information. Even so, you won't get through this book without acquiring a solid grounding in OpenBSD. It's thorough -- full of practical no nonsense information and just enough humor to make it a fun read.
Absolute OpenBSD takes you through a logical progression of stages -- such as installation, configuration and implementation of various features -- and then covers the more advanced topics in sufficient detail that you can tackle them and make them work for you.
Topics include installing OpenBSD -- with excellent guidance on partitioning, the boot process, managing users, disks and file systems, a great overview of TCP/IP and networking, software management. network servers, desktops, configuring kernels, upgrading, packet filtering, and customization. There are also chapters on security, and avoiding root. Just look at this list of chapters:
Chapter 1: Getting Additional Help Chapter 2: Installation Preparations Chapter 3: Installation Walk-Through Chapter 4: Post-Install Setup Chapter 5: The Boot Process Chapter 6: User Management Chapter 7: Root, and How to Avoid It Chapter 8: Disks and Filesystems Chapter 9: More Filesystems Chapter 10: Securing Your System Chapter 11: Overview of TCP/IP Chapter 12: Connecting to the Network Chapter 13: Software Management Chapter 14: Everything /etc Chapter 15: System Maintenance Chapter 16: Network Servers Chapter 17: Desktop OpenBSD Chapter 18: Kernel Configuration Chapter 19: Building Custom Kernels Chapter 20: Upgrading Chapter 21: Packet Filtering Chapter 22: Advanced PF Chapter 23: Customizing OpenBSD
This is truly an excellent book. It's full of essential material on OpenBSD presented with a sense of humor and an obvious deep knowledge of how this OS works. If you're coming to this book from a Unix background of any kind, you're going to find what you need to quickly become fluent in OpenBSD -- both how it works and how to manage it with expertise. I doubt that a better book on OpenBSD could be written.
Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.