- Advance Praise for Absolute OpenBSD, 2nd Edition
- Dedication
- About the Author
- About the Technical Reviewer
- Foreword
- Acknowledgments
- Introduction
- 1. Getting Additional Help
- 2. Installation Preparations
- 3. Installation Walk-Through
- 4. Post-Install Setup
- 5. The Boot Process
- 6. User Management
- 7. Root, and How to Avoid It
- The Root Password
- Using Groups
- Hiding Root with sudo
- Using sudo
- sudoedit
- The Biggest sudo Mistake: Exclusions
- sudo Logs
- 8. Disks and Filesystems
- Device Nodes
- DUIDs and /etc/fstab
- MBR Partitions and fdisk(8)
- Labeling Disks
- The Fast File System
- What’s Currently Mounted?
- Mounting and Unmounting Partitions
- How Full Is That Partition?
- Adding New Hard Disks
- 9. More Filesystems
- 10. Securing Your System
- 11. Overview of TCP/IP
- 12. Connecting to the Network
- 13. Software Management
- 14. Everything /etc
- /etc Across Unix Variants
- The /etc Files
- /etc/adduser.conf
- /etc/amd
- /etc/authpf
- /etc/bgpd.conf
- /etc/boot.conf
- /etc/changelist
- /etc/chio.conf
- /etc/csh.*
- /etc/daily and /etc/daily.local
- /etc/dhclient.conf
- /etc/dhcpd.conf
- /etc/disklabels/
- /etc/disktab
- /etc/dumpdates
- /etc/dvmrpd.conf
- /etc/exports
- /etc/fbtab
- /etc/firmware
- /etc/fonts/
- /etc/fstab
- /etc/ftpchroot
- /etc/ftpusers
- /etc/gettytab
- /etc/group
- /etc/hostapd.conf
- /etc/hostname.*
- /etc/hosts
- /etc/hosts.equiv
- /etc/hosts.lpd
- /etc/hotplug/
- /etc/ifstated.conf
- /etc/iked/, /etc/iked.conf, /etc/ipsec.conf, and /etc/isakmpd
- /etc/inetd.conf
- /etc/kbdtype
- /etc/kerberosV/
- /etc/ksh.kshrc
- /etc/ldap/ and /etc/ldapd.conf
- /etc/localtime
- /etc/locate.rc
- /etc/login.conf
- /etc/lynx.cfg
- /etc/magic
- /etc/mail/
- /etc/mail.rc
- /etc/mailer.conf
- /etc/man.conf
- /etc/master.passwd, /etc/passwd, /etc/spwd.db, and /etc/pwd.db
- /etc/mixerctl.conf
- /etc/mk.conf
- /etc/moduli
- /etc/monthly and /etc/monthly.local
- /etc/motd
- /etc/mrouted.conf
- /etc/mtree/
- /etc/mygate
- /etc/myname
- /etc/netstart
- /etc/networks
- /etc/newsyslog.conf
- /etc/nginx/
- /etc/nsd.conf
- /etc/ntpd.conf
- /etc/ospf6d.conf and /etc/ospfd.conf
- /etc/pf.conf and /etc/pf.os
- /etc/ppp/
- /etc/printcap
- /etc/protocols
- /etc/rbootd.conf
- /etc/rc.*
- /etc/relayd.conf
- /etc/remote
- /etc/resolv.conf and /etc/resolv.conf.tail
- /etc/ripd.conf
- /etc/rmt
- /etc/rpc
- /etc/sasyncd.conf
- /etc/sensorsd.conf
- /etc/services
- /etc/shells
- /etc/skel/
- /etc/sliphome/
- /etc/snmpd.conf
- /etc/ssh/
- /etc/ssl/
- /etc/sudoers
- /etc/sysctl.conf
- /etc/syslog.conf
- /etc/systrace/
- /etc/termcap
- /etc/ttys
- /etc/weekly and /etc/weekly.local
- /etc/wsconsctl.conf
- /etc/X11
- /etc/ypldap.conf
- 15. System Maintenance
- 16. Network Servers
- 17. Desktop OpenBSD
- 18. Kernel Configuration
- 19. Building Custom Kernels
- 20. Upgrading
- 21. Packet Filtering
- 22. Advanced PF
- 23. Customizing OpenBSD
- A. Afterword
- Index
- About the Author
- Copyright
What Is Security?
We bandy the word security around a whole lot, so it’s worth taking a moment to talk about security itself. We all have a vague idea of what it means. “Security” means your stuff is safe, and other folks can’t get it. That’s fine, as far as it goes, but it doesn’t go far enough. In information technology, security has three parts:
ConfidentialityThis means that secret data should remain secret. Your private information must not get into the public eye. That Eastern European kiddie porn syndicate should not get your credit card number.
IntegrityThis means that data on the system should not be changed without authorization. Your records should remain intact. That intruder should not change the shipping address on an order, making your staff ship a crate of really expensive stuff to an abandoned warehouse in Detroit.
AvailabilityThis means that the system keeps running. If your business depends on your website, losing the website means losing business. Someone who can take your website down can starve your company. And all kinds of people are willing to shut you down, either to compete or just for laughs.
Having been a system administrator for longer than some of you have been alive, I have a less formal idea of security. Security means eliminating bad days caused by computer problems. Spending a day getting a piece of software to compile is not a bad day. Is it an annoying day? Sure, but it’s not bad. A day when I need to get intruders out of my systems is bad. A day when I have a meeting due to computer intrusions is bad. A day when I realize that I cannot trust any computer on the network, and I must reinstall every blasted piece of gear I own, is really bad.[1]
While OpenBSD cannot change the fact that some of my servers are old enough to leave elementary school, it can fix the software aspects of security.
-
No Comment