//**安全是一个过程,而不是一个产品,安全比性能要重要。**//
-----------------------------------
一、前言
二、环境
三、配置网络及镜像源
四、packages安装
五、添加普通用户
六、ports安装
-----------------------------------
一、前言
OpenBSD是一个多平台的,基于4.4BSD的类UNIX操作系统,是BSD衍生出的三种免费操作系统(另外两种是NetBSD和FreeBSD)之一,被称为世界上最安全的操作系统。专案领导人 Theo de Raadt在1995年发起了OpenBSD 专案,希望创造一个注重安全的操作系统。
二、环境
系统:openBSD5.5
官方网站 http://www.openbsd.org/
镜像源(找不到中国的镜像站点,随便选了一个)
安装系统基本是傻瓜式的(系统可以在镜像站点下载,找到install55.iso即可),只要能稍微看懂英语的,都可以解决的,在此,不再描述具体安装过程。安装完毕后一定要重启才能使用系统。
三、配置网络及镜像源
1.配置网络,在虚拟机中安装,网络适配器选择桥接,我用TP-link的路由器使用dhcp分配地址。
如果没有自动获得IP地址,可以使用dhclient vic0获得。
# dhclient vic0 DHCPREQUEST on vic0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 (b0:48:7a:1f:a5:80) bound to 192.168.1.101 -- renewal in 3600 seconds. # ping www.baidu.com PING www.a.shifen.com (61.135.169.125): 56 data bytes 64 bytes from 61.135.169.125: icmp_seq=0 ttl=55 time=23.993 ms 64 bytes from 61.135.169.125: icmp_seq=1 ttl=55 time=19.759 ms --- www.a.shifen.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 19.759/21.876/23.993/2.117 ms
2.配置镜像源
# vi /root/.profile export PKG_PATH=ftp://mirrors.nycbug.org/pub/OpenBSD/5.5/packages/i386/ //重启(没有source命令)
四、packages安装(和yum非常相似)
# echo $SHELL //默认ksh /bin/ksh # pkg_add -v bash //测试安装bash,大概有8471个软件包可以使用。 quirks-1.113: ok bash-4.2.45p0:libiconv-1.14p1: ok bash-4.2.45p0:gettext-0.18.2p4: ok Shell /usr/local/bin/bash appended to /etc/shells bash-4.2.45p0: ok # pkg_info bash-4.2.45p0 GNU Bourne Again Shell gettext-0.18.2p4 GNU gettext libiconv-1.14p1 character set conversion library quirks-1.113 exceptions to pkg_add rules
五、添加用户
# adduser Use option ``-silent'' if you don't want to see all warnings and questions. Reading /etc/shells Check /etc/master.passwd Check /etc/group Ok, let's go. Don't worry about mistakes. There will be a chance later to correct any input. Enter username []: nuo Enter full name []: Nuo Wei Enter shell csh ksh nologin sh [ksh]: Uid [1000]: Login group nuo [nuo]: Login group is ``nuo''. Invite nuo into other groups: guest no [no]: Login class authpf bgpd daemon default staff [default]: Enter password []: Enter password again []: Name: nuo Password: **** Fullname: Nuo Wei Uid: 1000 Gid: 1000 (nuo) Groups: nuo Login Class: default HOME: /home/nuo Shell: /bin/ksh OK? (y/n) [y]: Added user ``nuo'' Copy files from /etc/skel to /home/nuo Add another user? (y/n) [y]: n Goodbye! # ls -l /home total 4 drwxr-xr-x 3 nuo nuo 512 May 10 19:36 nuo # su - nuo //切换用户,并改变shell $ chsh -s bash $ exit //退出并重新登录 # su - nuo -bash-4.2$ ls -la //shell已改变 total 36 drwxr-xr-x 3 nuo nuo 512 May 10 19:36 . drwxr-xr-x 3 root wheel 512 May 10 19:36 .. -rw-r--r-- 1 nuo nuo 22 May 10 19:36 .Xdefaults -rw-r--r-- 1 nuo nuo 773 May 10 19:36 .cshrc -rw-r--r-- 1 nuo nuo 94 May 10 19:36 .cvsrc -rw-r--r-- 1 nuo nuo 398 May 10 19:36 .login -rw-r--r-- 1 nuo nuo 113 May 10 19:36 .mailrc -rw-r--r-- 1 nuo nuo 218 May 10 19:36 .profile drwx------ 2 nuo nuo 512 May 10 19:36 .ssh -bash-4.2$ su - //切换到root用户 Password: you are not in group wheel //默认是无法切换的,因为nuo用户不在wheel组中。 Sorry -bash-4.2$ cat /etc/group |grep wheel wheel:*:0:root # usermod -G wheel nuo //在root用户下将nuo用户添加到wheel组中。 # cat /etc/group |grep wheel wheel:*:0:root,nuo # su - nuo //再次切换,成功! -bash-4.2$ su - Password: # who am i root ttyp1 May 10 19:51 (192.168.1.100) # vi /etc/ssh/sshd_config 42 #PermitRootLogin yes //默认root是可以远程的。但是这样是不安全的。 所以创建一个普通用户,首先以一个普通用户登录,如果需要root权限,su到root用户。 42 PermitRootLogin no //更改默认选项 # /etc/rc.d/sshd restart //重启ssh sshd(ok) sshd(ok)
六、ports安装(即源码安装,编译安装apache为例)
# cd /tmp/ # ftp ftp://mirrors.nycbug.org/pub/OpenBSD/5.5/ports.tar.gz //下载ports # ls .ICE-unix .X11-unix aucat ports.tar.gz # cd /usr/ # tar -zxvf /tmp/ports.tar.gz //时间挺长的,耐心等待。 # which httpd /usr/sbin/httpd # /usr/sbin/httpd -v Server version: Apache/1.3.29 (Unix) //版本太老了,可能由于许可问题,一直未更新。 # pwd /usr # ls X11R6 games lib libexec local obj sbin src bin include libdata lkm mdec ports share xobj # cd /usr/ports/ # ls //安装httpd在www目录下编译安装,安装mysql在databases目录下编译安装... .cvsignore biology emulators lang productivity CVS books fonts mail security INDEX cad games math shells Makefile chinese geo meta sysutils README comms graphics misc telephony archivers converters infrastructure multimedia tests astro databases inputmethods net textproc audio devel japanese news www base editors java plan9 x11 benchmarks education korean print # cd www/ # cd apache-httpd/ # ls CVS Makefile distinfo patches pkg # pwd /usr/ports/www/apache-httpd # make install //安装其它源码也这样,进入到相对应的目录,make install即可 编译安装近两个小时,主要是下载太慢,可能是由于国外镜像站点原因吧。 apache-httpd-2.2.26: ok //最新版本 The following new rcscripts were installed: /etc/rc.d/httpd2 See rc.d(8) for details. --- +apache-httpd-2.2.26 ------------------- This is the official httpd distributed by the Apache Server Project, provided as a port for those who, for various reasons, need to run version 2. OpenBSD provides a custom Apache server, httpd(8), in the base system which has been audited for security and may run in a chroot(2) environment. Users are STRONGLY encouraged to use the system httpd rather than this port. # cd /usr/ports/ # cd packages/i386/all/ //apache安装目录 # ls apache-httpd-2.2.26.tgz bzip2-1.0.6p0.tgz help2man-1.41.1p0.tgz apr-1.4.6p3.tgz db-4.6.21p0v0.tgz metaauto-1.0p1.tgz apr-util-1.4.1p2.tgz gmake-4.0p0.tgz pcre-8.33.tgz autoconf-2.68p0.tgz groff-1.22.2p4.tgz # pkg_info apache-httpd-2.2.26 apache HTTP server apr-1.4.6p3 Apache Portable Runtime apr-util-1.4.1p2 companion library to APR autoconf-2.68p0 automatically configure source code on many Un*x platforms bash-4.2.45p0 GNU Bourne Again Shell bzip2-1.0.6p0 block-sorting file compressor, unencumbered db-4.6.21p0v0 Berkeley DB package, revision 4 gettext-0.18.2p4 GNU gettext gmake-4.0p0 GNU make groff-1.22.2p4 GNU troff typesetter help2man-1.41.1p0 generates simple manual pages from program output libiconv-1.14p1 character set conversion library metaauto-1.0p1 wrapper for gnu auto* pcre-8.33 perl-compatible regular expression library quirks-1.113 exceptions to pkg_add rules # cd /usr/local/sbin/ //命令路径 # ls ab dbmmanage2 htdbm httxt2dbm apachectl2 envvars htdigest2 logresolve2 apxs2 envvars-std htpasswd2 rotatelogs2 checkgid htcacheclean httpd2 suexec2 # ./apachectl2 start //启动apache # ps -aux |grep http root 14554 0.0 0.6 3676 6048 ?? Ss 10:36PM 0:00.29 /usr/local/sbin/httpd2 -k start _apache2 15506 0.0 0.4 3692 4076 ?? S 10:36PM 0:00.05 /usr/local/sbin/httpd2 -k start _apache2 16299 0.0 0.4 3692 4084 ?? I 10:36PM 0:00.11 /usr/local/sbin/httpd2 -k start _apache2 16576 0.0 0.4 3692 4080 ?? I 10:36PM 0:00.08 /usr/local/sbin/httpd2 -k start _apache2 8926 0.0 0.4 3692 4080 ?? I 10:36PM 0:00.08 /usr/local/sbin/httpd2 -k start _apache2 389 0.0 0.4 3692 4076 ?? I 10:36PM 0:00.07 /usr/local/sbin/httpd2 -k start # cd /var/apache2/ //apache文档目录 # ls cgi-bin error htdocs icons logs # ls htdocs/ index.html