Thursday, May 23, 2013

Unix: Book Review -- Absolute OpenBSD: Unix for the Practical Paranoid by Michael W. Lucas, Open Starch Press, 2013

 I don't know which should come first -- why you should look at OpenBSD or why you should buy this book, but these questions seem tightly wound around each other. For those of us who have settled into one of the most popular Unix/Linux systems -- Red Hat, Debian, Fedora, Ubuntu, Mint, Suse, Solaris et al, OpenBSD may seem like a Unix from long ago, but there are aspects of this OS that set it apart from other popularly used Unix systems and this book by Michael W. Lucas and published by no starch press will help you understand, not just those differences, but how to install, deploy, manage, troubleshoot and thrive with an OpenBSD system.

To begin with, let's start with the subtitle -- "Unix for the Practical Paranoid". There's a lot in that title. These days, anyone who manages servers that interact in any way with the Internet are probably somewhat paranoid. In fact, the author says "If you're not paranoid on the Internet, you're in trouble". And why is OpenBSD "for the paranoid"? For one reason, it's because OpenBSD is regarded by many as the most secure OS (yes, even without the benefit of SELinux). Its focus on security borders on the fanatical. OpenBSD pays a lot of attention to the "baked in" kind of security -- auditing their source code with a keen eye toward routing out bugs that could represent an eventual compromise, rather than waiting for flaws to be discovered through successful exploits and addressing them then.

OpenBSD also has built-in cryptography, the systrace system call and the pf packet filter. Due to its ground up dedication to security, it is often used as the OS basis for intrusion detection systems, firewalls, VPN gateways and secure web sites. It's open source, yet it touts some of the highest quality documentation.

The first edition of Absolute OpenBSD: UNIX for the Practical Paranoid was published 10 years ago in 2003 -- ten years ago! It was so well thought of that it became something of a collector's edition and a lot of people have been hungrily waiting for this second edition. I was deeply entrenched in Solaris in 2003, though I still clearly remembered that "SunOS" prior to the birth of "Solaris" was a BSD-based operating system. About the same time that BSD and System V were merged to create Solaris, OpenBSD shot off from NetBSD, providing a clear option for those who wanted to remain in the BSD camp.

This book, in its nearly 500 (490) pages, covers nearly everything I can imagine stuffing into a book on OpenBSD and provides nearly a total immersion on the OS. Yet the author is not so arrogant as to presume you won't need to reach out to other information sources as well -- Chapter 1 is actually devoted to additional sources of information. Even so, you won't get through this book without acquiring a solid grounding in OpenBSD.

No comments:

Post a Comment