Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Install OpenBSD to Secure Your Web Server : Page 2

Designed to be "secure by default", the OpenBSD server operating system offers comprehensive security features. Learn how to perform a network install of this OS—along with PHP4 and MySQL—to keep sensitive data protected.


advertisement

Configure the File Structure and the Network

Now on with the install. First, clear the possibility that OpenBSD recognized an existing partition on your hard-drive by typing the following:

z a. ENTER.

The "z" command zeroes the partitions, leaving only C. Author Note: Thanks to Joel Dinel for the partition zeroing hint.



Now you can add the file structure. This consists of /(root), /var, /swap, /usr, and /home. File size is an important consideration:

  • The root / must be at least 150m; 500m is recommended.
  • /tmp can be as small as 150m. Performance can increase if this is larger.
  • /var should be larger for a server because /var/www and /var/mail can fill up quickly (especially if you expect to handle larger mail attachments).
  • swap should be twice the size of the RAM you have or twice the size of the RAM you expect to have.
  • 512MB of RAM makes a swap space of 1,024MB ideal. One gig of RAM makes two gigs of swap space.
  • /usr and /home need to be larger if you are creating a desktop workstation with X Windows.

I am using a 10GB hard drive. You should use values that make sense for your situation. Keep in mind that the values for offset will differ depending on the size of your hard drive. The following instructions create the basic file structure for the operating system:

TYPE: a a. ENTER. offset:[63]. ENTER. size:500m. ENTER. FS type: [4.2BSD]. ENTER. mount point:[none] /. ENTER. TYPE: a b. ENTER. offset:[614880]. ENTER. size: [19386045] 1024m. ENTER. FS type: [swap]. ENTER. TYPE: a d. ENTER. offset: [2712528]. ENTER. size: [17288397] 500m. ENTER. FS type: [4.2BSD]. ENTER. mount point: [none] /tmp. ENTER. TYPE: a e. ENTER. offset: [3327408]. ENTER. size: [16673517] 3g. ENTER. FS type: [4.2BSD]. ENTER. mount point: [none] /var. ENTER. TYPE: a f. ENTER. offset:[5425056]. ENTER. size: [14575869] 2g. ENTER. FS type: [4.2BSD]. ENTER. mount point: [none] /usr. ENTER. TYPE: a g. ENTER. offset: [9619344]. ENTER. size: [10381581] 2g. ENTER. FS type: [4.2BSD]. ENTER. mount point: [none] /home. ENTER.

Now that you have created the file structure, write the changes:

TYPE: p. ENTER.

This shows the partitions you are about to create. Leave a little extra space for future changes (like RAM upgrades, or log files filling /var) or leave the size of the g partition unspecified and g will use up the rest of your hard disk:

TYPE: q. ENTER. Write new label? Choose y. ENTER.

Now, cycle through the options you have created. Hit ENTER until the /home directory appears, then type "done".

The next step destroys all existing data on these partitions:

Are you sure that you're ready to proceed? TYPE: y. ENTER.

You will be prompted for a system hostname. Use any name you like. I used the name ftknox.

The following steps guide you through configuring the network using DHCP:

  • Configure the network? Choose yes. ENTER.
  • If you are using an Ethernet card that is supported by OpenBSD, then you should be prompted to initialize an interface. Press ENTER.
  • Symbolic (host) name for vr0? TYPE: "([ftknox] dlink530TX)". ENTER. You should see the speed options for your Ethernet card.
  • Do you want to change the media options? Choose no. ENTER.
  • IPv4 address for vr0? (or 'none' or 'dhcp') TYPE: dhcp. ENTER.
  • Enter your DNS domain name and the address of your DNS nameserver.
  • Default IPv4 route? Choose dhcp. ENTER.
  • Edit hosts with ed? Choose no. ENTER.
  • Do you want to do any manual network configuration? Choose no. ENTER.
  • Password for root account? Do not use any word in any language. Numbers and letters and special characters are best in combination.

Now that the network and file structure configuration is done, it is time to access an (F)TP server to install the operating system:

Where are the install sets? (or 'done') TYPE: f ENTER. HTTP/FTP proxy URL? (e.g., 'http://proxy:8080'. or 'none') Choose none. ENTER. Display the list of known FTP servers? Choose yes. ENTER.

Find the server that is closest to you (heeding the warnings from the introduction regarding international distribution):

  • Server? (IP address, hostname, list#, 'done' or '?') TYPE: "ftp.openbsd.org". ENTER.
  • Does the server support passive mode FTP? Choose yes. ENTER.
  • Server directory? Choose pub/OpenBSD/3.6/i386. ENTER.
  • Login? Choose anonymous. ENTER.

The following sets are available:

  • File name? (or 'done') [bsd.mp] TYPE all. ENTER.
  • File name? (or 'done') TYPE: "-game36.tgz". ENTER.
  • File name? (or 'done') TYPE: "done". ENTER.
  • Ready to install sets? TYPE: "yes" ENTER.

And away you go. You are now installing the entire OpenBSD operating system over the Internet to your host (server) computer. So depending on your connection speed, this could take minutes or hours. If it works, you will see various messages about getting somefile.tgz, followed by a percentage. Of course, 100 percent is the target.

Then you will be prompted with the following questions:

  • Where are the install sets? (or 'done') TYPE: done ENTER.
  • Start sshd(8) by default? Choose yes. ENTER.
  • Do you expect to run the X window System? Choose either yes or no. ENTER. (*/ I personally believe that X Windows has no place on a server, but you may think differently.\*)
  • Change the default console to com0? Choose no ENTER.
  • Set your time zone. This one's self-explanatory.

You should now have a congratulations screen and a root prompt. Take your boot floppy out of the a: drive and TYPE halt. Reboot your machine to start using OpenBSD. You will notice that because you started sshd by default that it will have generated a new dsa and rsa host key. This is excellent. OpenSSH runs seamlessly with OpenBSD because the same people make both. For further information, read the OpenSSH FAQ. The afterboot section of the man pages offers a wealth of information that you should read as well:

TYPE: "man afterboot".

One of the strengths of OpenBSD is the high quality of its man pages. Make sure you read these before attempting to post a question on any OpenBSD forum. (Browsing Hint: Page Up and Page Down move you through the man pages; ENTER scrolls one line; TYPE "q" to quit.)

Set Up SU

To use SU, you must first create a regular user, which you will regularly log in as:
  1. Log in as root.
  2. TYPE: "adduser".
  3. Choose your favorite shell. I use the default [sh].
  4. Use the default login class.
  5. Use the default Home partition: [/home].

Continue using the defaults, unless you have a special situation. I choose not to send a message to myself and to be prompted for passwords by default. One thing I do change is the password encryption method. Blowfish is my algorithm of choice (and is likely the default). Enter username and full name when prompted.

Now continue as root:

  1. TYPE: "vi /etc/group".
  2. The top line should read: "wheel:*0:root".
  3. TYPE "i" to enter vi insert mode.
  4. Move to the end of the first line using the right arrow.
  5. Add a comma and the username of the user you just created. (e.g., wheel:*0:root,user1)
  6. Press ESC and TYPE ":wq" to write the file and exit vi.

Test this out:

  1. Press CTRL-ALT-F2 to open a new login screen.
  2. Log in as the new user you just created.
  3. TYPE "su".
  4. Enter your root password.

You should once again have a root prompt ‘#’. Use this prompt to install the ports and package collections. The following section shows you how.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap