So my buddy James a.k.a. n0b0d4 a.k.a. Genesyswave who you may know best for his posts on SecurityCatalyst, decides to be funny. Or maybe he was being serious. A few hours after mentioning the OAMP post, he asked if I had a post about installing OpenBSD securely.
Well, not as such...
So, here's a walk-through:
- Insert CD. You can download the ISO for free.
- Boot from it. You might need to tweak your boot settings.
- Follow the prompts.
Voila. You have a hardened, secure OpenBSD install. If you want a really secure installation, I recommend not enabling X11 or SSH. hah.
update: In my fanboy-induced haze, I must admit that I didn't even think to mention patching. There are already three reliability (potential DOS/Crash) fixes for OpenBSD as of writing, and it's not even been out for but a week or so. It goes without saying that no one is perfect. OpenBSD has patches, just like every other operating system.
Patching OpenBSD is not nearly as easy as it is on most popular Linux distributions, but the OpenBSD FAQ covers patching better than I could cover it here. To tell the truth, the patching process is one of my big gripes. To patch OpenBSD, go to the OpenBSD 4.6 Errata (patches) page and download the patches. Read the comments and follow the instructions. Note: you'll almost always need a full source tree to patch OpenBSD.