//**安全是一个过程,而不是一个产品,安全比性能要重要。**//
-----------------------------------
一、前言
二、环境
三、配置网络及镜像源
四、packages安装
五、添加普通用户
六、ports安装
-----------------------------------
一、前言
OpenBSD是一个多平台的,基于4.4BSD的类UNIX操作系统,是BSD衍生出的三种免费操作系统(另外两种是NetBSD和FreeBSD)之一,被称为世界上最安全的操作系统。专案领导人 Theo de Raadt在1995年发起了OpenBSD 专案,希望创造一个注重安全的操作系统。
二、环境
系统:openBSD5.5
官方网站 http://www.openbsd.org/
镜像源(找不到中国的镜像站点,随便选了一个)
安装系统基本是傻瓜式的(系统可以在镜像站点下载,找到install55.iso即可),只要能稍微看懂英语的,都可以解决的,在此,不再描述具体安装过程。安装完毕后一定要重启才能使用系统。
三、配置网络及镜像源
1.配置网络,在虚拟机中安装,网络适配器选择桥接,我用TP-link的路由器使用dhcp分配地址。
如果没有自动获得IP地址,可以使用dhclient vic0获得。
# dhclient vic0 DHCPREQUEST on vic0 to 255.255.255.255 port 67 DHCPACK from 192.168.1.1 (b0:48:7a:1f:a5:80) bound to 192.168.1.101 -- renewal in 3600 seconds. # ping www.baidu.com PING www.a.shifen.com (61.135.169.125): 56 data bytes 64 bytes from 61.135.169.125: icmp_seq=0 ttl=55 time=23.993 ms 64 bytes from 61.135.169.125: icmp_seq=1 ttl=55 time=19.759 ms --- www.a.shifen.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 19.759/21.876/23.993/2.117 ms
2.配置镜像源
# vi /root/.profile export PKG_PATH=ftp://mirrors.nycbug.org/pub/OpenBSD/5.5/packages/i386/ //重启(没有source命令)
四、packages安装(和yum非常相似)
# echo $SHELL //默认ksh /bin/ksh # pkg_add -v bash //测试安装bash,大概有8471个软件包可以使用。 quirks-1.113: ok bash-4.2.45p0:libiconv-1.14p1: ok bash-4.2.45p0:gettext-0.18.2p4: ok Shell /usr/local/bin/bash appended to /etc/shells bash-4.2.45p0: ok # pkg_info bash-4.2.45p0 GNU Bourne Again Shell gettext-0.18.2p4 GNU gettext libiconv-1.14p1 character set conversion library quirks-1.113 exceptions to pkg_add rules
五、添加用户
# adduser
Use option ``-silent'' if you don't want to see all warnings and questions.
Reading /etc/shells
Check /etc/master.passwd
Check /etc/group
Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: nuo
Enter full name []: Nuo Wei
Enter shell csh ksh nologin sh [ksh]:
Uid [1000]:
Login group nuo [nuo]:
Login group is ``nuo''. Invite nuo into other groups: guest no
[no]:
Login class authpf bgpd daemon default staff [default]:
Enter password []:
Enter password again []:
Name: nuo
Password: ****
Fullname: Nuo Wei
Uid: 1000
Gid: 1000 (nuo)
Groups: nuo
Login Class: default
HOME: /home/nuo
Shell: /bin/ksh
OK? (y/n) [y]:
Added user ``nuo''
Copy files from /etc/skel to /home/nuo
Add another user? (y/n) [y]: n
Goodbye!
# ls -l /home
total 4
drwxr-xr-x 3 nuo nuo 512 May 10 19:36 nuo
# su - nuo //切换用户,并改变shell
$ chsh -s bash
$ exit //退出并重新登录
# su - nuo
-bash-4.2$ ls -la //shell已改变
total 36
drwxr-xr-x 3 nuo nuo 512 May 10 19:36 .
drwxr-xr-x 3 root wheel 512 May 10 19:36 ..
-rw-r--r-- 1 nuo nuo 22 May 10 19:36 .Xdefaults
-rw-r--r-- 1 nuo nuo 773 May 10 19:36 .cshrc
-rw-r--r-- 1 nuo nuo 94 May 10 19:36 .cvsrc
-rw-r--r-- 1 nuo nuo 398 May 10 19:36 .login
-rw-r--r-- 1 nuo nuo 113 May 10 19:36 .mailrc
-rw-r--r-- 1 nuo nuo 218 May 10 19:36 .profile
drwx------ 2 nuo nuo 512 May 10 19:36 .ssh
-bash-4.2$ su - //切换到root用户
Password:
you are not in group wheel //默认是无法切换的,因为nuo用户不在wheel组中。
Sorry
-bash-4.2$ cat /etc/group |grep wheel
wheel:*:0:root
# usermod -G wheel nuo //在root用户下将nuo用户添加到wheel组中。
# cat /etc/group |grep wheel
wheel:*:0:root,nuo
# su - nuo //再次切换,成功!
-bash-4.2$ su -
Password:
# who am i
root ttyp1 May 10 19:51 (192.168.1.100)
# vi /etc/ssh/sshd_config
42 #PermitRootLogin yes //默认root是可以远程的。但是这样是不安全的。
所以创建一个普通用户,首先以一个普通用户登录,如果需要root权限,su到root用户。
42 PermitRootLogin no //更改默认选项
# /etc/rc.d/sshd restart //重启ssh
sshd(ok)
sshd(ok)
六、ports安装(即源码安装,编译安装apache为例)
# cd /tmp/
# ftp ftp://mirrors.nycbug.org/pub/OpenBSD/5.5/ports.tar.gz //下载ports
# ls
.ICE-unix .X11-unix aucat ports.tar.gz
# cd /usr/
# tar -zxvf /tmp/ports.tar.gz //时间挺长的,耐心等待。
# which httpd
/usr/sbin/httpd
# /usr/sbin/httpd -v
Server version: Apache/1.3.29 (Unix) //版本太老了,可能由于许可问题,一直未更新。
# pwd
/usr
# ls
X11R6 games lib libexec local obj sbin src
bin include libdata lkm mdec ports share xobj
# cd /usr/ports/
# ls //安装httpd在www目录下编译安装,安装mysql在databases目录下编译安装...
.cvsignore biology emulators lang productivity
CVS books fonts mail security
INDEX cad games math shells
Makefile chinese geo meta sysutils
README comms graphics misc telephony
archivers converters infrastructure multimedia tests
astro databases inputmethods net textproc
audio devel japanese news www
base editors java plan9 x11
benchmarks education korean print
# cd www/
# cd apache-httpd/
# ls
CVS Makefile distinfo patches pkg
# pwd
/usr/ports/www/apache-httpd
# make install //安装其它源码也这样,进入到相对应的目录,make install即可
编译安装近两个小时,主要是下载太慢,可能是由于国外镜像站点原因吧。
apache-httpd-2.2.26: ok //最新版本
The following new rcscripts were installed: /etc/rc.d/httpd2
See rc.d(8) for details.
--- +apache-httpd-2.2.26 -------------------
This is the official httpd distributed by the Apache Server Project,
provided as a port for those who, for various reasons, need to run
version 2.
OpenBSD provides a custom Apache server, httpd(8), in the base system
which has been audited for security and may run in a chroot(2)
environment. Users are STRONGLY encouraged to use the system httpd
rather than this port.
# cd /usr/ports/
# cd packages/i386/all/ //apache安装目录
# ls
apache-httpd-2.2.26.tgz bzip2-1.0.6p0.tgz help2man-1.41.1p0.tgz
apr-1.4.6p3.tgz db-4.6.21p0v0.tgz metaauto-1.0p1.tgz
apr-util-1.4.1p2.tgz gmake-4.0p0.tgz pcre-8.33.tgz
autoconf-2.68p0.tgz groff-1.22.2p4.tgz
# pkg_info
apache-httpd-2.2.26 apache HTTP server
apr-1.4.6p3 Apache Portable Runtime
apr-util-1.4.1p2 companion library to APR
autoconf-2.68p0 automatically configure source code on many Un*x platforms
bash-4.2.45p0 GNU Bourne Again Shell
bzip2-1.0.6p0 block-sorting file compressor, unencumbered
db-4.6.21p0v0 Berkeley DB package, revision 4
gettext-0.18.2p4 GNU gettext
gmake-4.0p0 GNU make
groff-1.22.2p4 GNU troff typesetter
help2man-1.41.1p0 generates simple manual pages from program output
libiconv-1.14p1 character set conversion library
metaauto-1.0p1 wrapper for gnu auto*
pcre-8.33 perl-compatible regular expression library
quirks-1.113 exceptions to pkg_add rules
# cd /usr/local/sbin/ //命令路径
# ls
ab dbmmanage2 htdbm httxt2dbm
apachectl2 envvars htdigest2 logresolve2
apxs2 envvars-std htpasswd2 rotatelogs2
checkgid htcacheclean httpd2 suexec2
# ./apachectl2 start //启动apache
# ps -aux |grep http
root 14554 0.0 0.6 3676 6048 ?? Ss 10:36PM 0:00.29 /usr/local/sbin/httpd2 -k start
_apache2 15506 0.0 0.4 3692 4076 ?? S 10:36PM 0:00.05 /usr/local/sbin/httpd2 -k start
_apache2 16299 0.0 0.4 3692 4084 ?? I 10:36PM 0:00.11 /usr/local/sbin/httpd2 -k start
_apache2 16576 0.0 0.4 3692 4080 ?? I 10:36PM 0:00.08 /usr/local/sbin/httpd2 -k start
_apache2 8926 0.0 0.4 3692 4080 ?? I 10:36PM 0:00.08 /usr/local/sbin/httpd2 -k start
_apache2 389 0.0 0.4 3692 4076 ?? I 10:36PM 0:00.07 /usr/local/sbin/httpd2 -k start
# cd /var/apache2/ //apache文档目录
# ls
cgi-bin error htdocs icons logs
# ls htdocs/
index.html
转载于:https://blog.51cto.com/hatech/1409324
5971
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
