OAMP Update: Secure OpenBSD, Apache, MySQL and PHP

I got tired of essentially re-writing the same article over and over again, yet it seems with each release of OpenBSD and each OAMP install I do, things get just a little more refined. So I present to you a living document on its own page here at HiR Information Report. It's been written so that it is not specific to a distinct architecture or version of OpenBSD, so long as the proper packages exist on the OpenBSD mirror sites. This has been updated and tested on OpenBSD 4.8 and the recently-released OpenBSD 4.9, i386 architecture only.

Secure OpenBSD, Chroot Apache, MySQL and Suhosin Hardened PHP Installation Guide


Why I'm coming home to OpenBSD

Although those who know me will tell you I love OpenBSD, I'm generally an operating system agnostic. I enjoy tinkering with OSes, and always have. There have been a few I tried and couldn't enjoy for the life of me (Mac OS versions prior to OS X, PalmOS, HP-UX and plan9 among them) but since 1997, OpenBSD has always felt like home to me, and I've long been a little bit of a fan.

Not long ago, my primary computer was a 13" MacBook that was bought for me by one of my consulting customers in late 2006, and prior to that, I was using OpenBSD on a crappy old Dell desktop and OS X on a G3 PowerBook. OS X is just unixy enough to geek out on. I could get most BSD-type stuff to compile. My MacBook also ran Windows 7 pretty well. I got switched on to it when my wife upgraded to 7 from Vista. It also ran OpenBSD, Backtrack and Ubuntu in VirtualBox like a champ.

When the MacBook started showing its age about 6 months ago, I went to a Toshiba NB305 netbook. It came with Windows 7 Starter edition, which really isn't much of an operating system at all. It's basically a kernel meant to launch Internet Explorer. Not amused. I didn't feel like paying to "unlock" Windows Home Premium.

Figuring that the hardware and all of the funky function keys would probably work best under Ubuntu, I went that route. Webcam aside (I never use it anyway) the hardware worked pretty well. I had to wait around for patches to get the screen brightness keys to work. Power management was always funky right after getting unplugged. Otherwise, Ubuntu worked pretty well for me. I set it up to dual-boot alongside Windows 7 Starter, just so I could use my radio programming software.

3 months ago, Ubuntu managed to corrupt the partition table on the hard drive. Recovery involved spending 4 hours restoring Windows 7 starter edition from the factory media and re-installing Ubuntu. A few days ago, the same thing happened. A co-worker has had similar trouble lately, as well.

There are a bunch of distros out there -- probably too many. Netbook-specific distributions are hot stuff. Frogman's on a Crunchbang kick. More than one person tried to tell me to go to Gentoo, Debian, Arch or some other flavor of Linux. I've used them before. Every few years, Linux has to piss me off, I suppose.

Faced with the prospect of a half-day wasted getting my netbook back to the way I thought I liked it, I decided to see what OpenBSD offered, since I haven't run it on the desktop outside of a VM in several years. The install is always quick, so if anything, it wouldn't be too much of a waste of my time.

Taking the OpenBSD plunge on my NB305. Feels like $HOME again.

As expected, Xorg didn't need any configuring to determine and use my display to its maximum potential. X has come a long way since the late 1990s. I was worried about things like power management (suspend, resume), hardware drivers, support for WPA2 and of course the function keys for display brightness, volume and the like, since they gave me a bit of trouble on Ubuntu.

You know what, though? Everything worked right out of the box. I had to enable apmd in /etc/rc.conf to get suspend to work, but that was it. I also found a pretty neat trick to get most flash videos to play in Firefox, with only open source tools and not actually using anything from Adobe. Youtube, vimeo, blip and even Badgers all work great. Let's face it, life would suck if you couldn't watch Lolcats, Badgers and Mythbusters.

Flash video on OpenBSD

It's way too soon to tell if OpenBSD will be any more reliable than Ubuntu in the long run, but I feel much more at home for the time being.

Moar useful OpenBSD resources I ran across this week:

That reminds me, I'm behind schedule on my OAMP guide for OpenBSD 4.9, but I'm pretty sure the existing instructions haven't changed, save for version numbers.