No.Starch.Absolute.OpenBSD.2nd.Edition.Apr.2013

时间:2016-07-02 12:42:58
【文件属性】:

文件名称:No.Starch.Absolute.OpenBSD.2nd.Edition.Apr.2013

文件大小:10.99MB

文件格式:PDF

更新时间:2016-07-02 12:42:58

OpenBSD BSD Unix

Absolute OpenBSD: UNIX for the Practical Paranoid By Michael W. Lucas 2013 | 536 Pages | ISBN: 1593274769 | EPUB + PDF | 4 MB + 11 MB The definitive guide to OpenBSD Foreword by Henning Brauer, OpenBSD PF Developer OpenBSD, the elegant, highly secure Unix-like operating system, is widely used as the basis for critical DNS servers, routers, firewalls, and more. This long-awaited second edition of Absolute OpenBSD maintains author Michael Lucas's trademark straightforward and practical approach that readers have enjoyed for years. You'll learn the intricacies of the platform, the technical details behind certain design decisions, and best practices, with bits of humor sprinkled throughout. This edition has been completely updated for OpenBSD 5.3, including new coverage of OpenBSD's boot system, security features like W^X and ProPolice, and advanced networking techniques. You'll learn how to: Manage network traffic with VLANs, trunks, IPv6, and the PF packet filter Make software management quick and effective using the ports and packages system Give users only the access they need with groups, sudo, and chroots Configure OpenBSD's secure implementations of SNMP, DHCP, NTP, hardware sensors, and more Customize the installation and upgrade processes for your network and hardware, or build a custom OpenBSD release Whether you're a new user looking for a complete introduction to OpenBSD or an experienced sysadmin looking for a refresher, Absolute OpenBSD, 2nd Edition will give you everything you need to master the intricacies of the world's most secure operating system. "The definitive book on OpenBSD gets a long-overdue refresh." -Theo de Raadt, OpenBSD Founder ============================================== Book review: Absolute OpenBSD (Second Edition) Absolute OpenBSD OpenBSD 5.3 came out at the beginning of May, right on schedule. The latest version of the security-oriented operating system brought several improvements to the table, including better driver and processor support, bug fixes and security enhancements. All in all it looked like a positive and conservative step for the OpenBSD project. This is all great news for users of the operating system as the OpenBSD crowd tends to appreciate quiet, evolutionary steps. While great for the users and administrators who run OpenBSD, "driver improvements and security enhancements" doesn't make for exciting reviews as not a whole lot of changes have happened on the surface since we looked at OpenBSD last year. With that in mind, rather than focus on the latest release of OpenBSD, I'd like to share a resource which will help people who have an interest in OpenBSD get better acquainted with the operating system. Specifically, I'd like to share with you a book written by Michael W. Lucas called "Absolute OpenBSD". There are two aspects of Mr Lucas' book which set it apart from most other instructive texts and, for that matter, from the other books I've reviewed here in the past. The first is Lucas has a sense of humour and that makes what would otherwise be a dry look at the nuts and bolts of an open source operating system a surprisingly fun journey. On the topic of system upgrades Lucas writes, "Sever upgrades can make even seasoned sysadmins wish that they had a simpler job, such as performing as a carnival sideshow, stuffing weasels into their trousers." On another page he points out that OpenBSD will allow you to set up any program to act as a window manager, "You can also enter a command that isn't a window manager, such as grep. If you do, OpenBSD will silently log you out. It won't say, `Please step away from the keyboard before I hurt you.' Not threatening you passes for user-friendly in OpenBSD." In both cases his jokes are funny because they come loaded with more than a kernel of truth. The second characteristic of Lucas' book I greatly appreciated was that it doesn't really try to be a how-to text. In the past I've shared books I've enjoyed which talk about how to use the Ubuntu desktop or how to trouble-shoot a server or how to use the command line. Those books tend to take things one step at a time and walk us through processes. "Absolute OpenBSD" doesn't really come across as a how-to-use-this-technology book. While it does include tutorials and plenty of advice on how to administer OpenBSD, I didn't really get the feeling we were being shown how to use the operating system. Rather I believe Lucas was primarily concerned with showing us how OpenBSD works, how the pieces fit together. Last month I reviewed a book called "A Practical Guide to Linux Commands, Editors and Shell Programming" and we might think of that text as an instruction manual which teaches us how to drive a car, how to fill the gas tank and change the tyres. All very useful things to know how to do. "Absolute OpenBSD" does cover filling the gas tank and changing the tyres, but it spends a good deal of time under the hood. The chapters in "Absolute OpenBSD" cover things like how the engine works, what a spark plug is, why a battery goes dead and why we should never lick said battery. (In this example licking a battery is a direct parallel to reconfiguring the OpenBSD kernel.) Lucas is aware OpenBSD is a highly flexible operating system and the tasks we may perform with it are not necessarily the same ones he performs. Therefore he sets about explaining how all the pieces fit together, how the system works, what its key features are and he sprinkles in a good deal of advice about how to avoid common pitfalls. Actually, one of the first things Lucas does is acknowledge his book can't cover everything and we will need to seek outside help eventually. The first chapter is dedicated to introducing OpenBSD resources, documentation, mailing lists and other places where we can seek assistance. After that we get into some more hands-on material such as how to install OpenBSD, how to partition our hard drives and checking to make sure our hardware is supported. There are chapters on securing the operating system, managing the OpenBSD firewall, performing upgrades and adjusting kernel-level settings. These are the more practical aspects of the book. Thrown into the mix are chapters containing more abstract information. For example, one chapter is dedicated to explaining the purpose and contents of every configuration file under the /etc directory. We're told how the system boots itself and which files are checked and in what order. We're told about different styles of attacks (and attackers) and how to protect ourselves. We're told how user accounts and account security features work and how to best handle sudo. There is a chapter on dealing with X and a section dedicated to what OpenSSH does and how we can make the most of secure shell, including a tutorial on locking down users' remote access. We're told about the OpenBSD ports tree, not just how to use it, but how ports work and why the ports tree has certain features. Lucas covers how to perform scheduled tasks and, more importantly, what sort of tasks we might wish to automate. In a lot of ways reading "Absolute OpenBSD" reminds me of conversations I've had while sitting around a table with other IT people, trading little snippets of advice and horror stories. The book focuses less on the steps required to perform tasks and more on why we should (or should not) perform those tasks. It's less about guiding us down a single path and more of a crash course in (digital) jungle survival. "These are the plants you need to be able to recognize -- these ones are poison, those ones you can eat," the book seems to say. "These are the tools you should take with you and here is how to get the most out of your pocket knife." While the material is specifically focused on OpenBSD, a good deal of the concepts and advice are relevant to users of any UNIX or UNIX-like operating system. The instructions on using pkg_add to keep software up to date may be specific to OpenBSD, but scheduling package updates is universal. Using inetd to limit network connections from the outside world may be specific to a subset of UNIX-like systems, but limiting the flow of connections in general is important for any server admin. That's what I like about "Absolute OpenBSD", it covers the why at least as much as the how and that makes it a great instruction manual for any system administrator, not just OpenBSD admins. I certainly recommend the book for administrators, especially people interested in OpenBSD. Even if you don't read the entire text, be sure to check out the author's tips and asides that are featured on almost every page, they are heavy with wisdom from the trenches. Title: Absolute OpenBSD (Second Edition) Author: Michael W. Lucas © 2013 Publisher: No Starch Press ISBN: 1-59327-476-9 Length: 536 pages Available from: No Starch Press and Amazon


网友评论

  • 很好,非常喜欢openbsd这个系统,但是资料很少,这个就很有用,谢谢。