New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
This was very entertaining read indeed! Also it was a bit disappointing to see your problems with NetBSD installation. I completely agree that common things like MariaDB should just install without any fuss. Perhaps QA was having a day off when it was released in a hurry on a Friday afternoon...
Perhaps we can have part 8 in this thread where we get NetBSD to run on my grandfather's clock! On a serious note, I've always wanted to see how my old accelerated Amigas would run it. It would be cool to get them going with it and even use the networking capabilities that the modern extension cards provide. I don't think my grandfather's clock has an MMU
On a different note, I'm wondering how many people are already using root-on-ZFS instead of UFS and have you had any hiccups doing so. My only real complain on it is that sometimes you forget to update the boot code, system doesn't boot anymore, and it is bit of a pain to repair it using a rescue media.
Another thing that came to my mind while reading your series is that, is OpenBSD's security overkill and is there even such a thing as 'too secure OS'? I mean you can harden most systems to be very secure like you said yourself, so in which use cases you'd always use it over anything else outside of the most common firewall use case?
Love pfSense, hate Free/TrueNAS, running heavy workloads on FreeBSD.
I suppose "how secure" something needs to be depends on what you are trying to protect. If you throw uptime kuma on a random vps (no credentials, no api keys to steal, nothing of value for anyone really) security probably doesn't matter much to you at all. However, if you are running an e-mail server where you get 2FA messages, the ability to use forgot password and reset account passwords, etc you might not want the VPS provider to be able to see all of that. Or maybe you have Cloudflare API keys, github credentials, vpn passwords and stuff like that which would be bad to get out.
I seriously doubt most VPS providers are snooping on their customers but the fact that they COULD (and very easily in most cases) makes some of us want additional layers of security. I can't log into my own systems without my hardware key (ssh keys alone can be stolen so not adequate). I do full disk encryption so someone can't just copy my VM and mount it and start digging through all my data. I even go so far as to use encrypted swap to limit memory attacks where they can try and find my disk encryption key. A lot of this stuff is much easier with OpenBSD because it's built in. If you are just talking a firewall, FreeBSD borrowed carp and pf from OpenBSD a while ago so it will serve that purpose. If you are going for something much more hardened OpenBSD is leaps and bounds ahead of FreeBSD. So no, I don't think there is such a thing as too secure for some of us but for most people there is definitely "secure enough" or they just don't care to go that far down the rabbit hole.
Are there folks who have gotten this working in a SolusVM environment?
Hi @hostthebest! Sorry, I don't know the answer to your question. I do have a VM made under Solus. The VM has a rescue environment. Maybe, from the rescue environment, one could dd the qcow2 file on to the VM disk? Alternatvively, it might be possible to create a VM in the rescue environment, boot an ISO, and install to the main VM disk. Also, maybe the provider could add the BSD qcow2 images to Solus. But I haven't actually tried any of these inside Solus. One of these days before too long, I probably will try it. Best wishes! Tom
I've always heard about BSD and have not tried it before but this post has inspired me to give it a shot
This is not affiliated by Hetzner, but if you want to try out ARM FreeBSD as a Raspi dude, you can very easily and cheaply do it in their cloud offering. They have ISOs for you to use once you get through the initial VM creation and installation is a breeze.
This is exactly why we created this thread. Hearing this made my night and I hope the experience of giving it a try goes well.
Earlier in this thread I mentioned Ken Thompson and the Raspberry Pi.
Now @Raspi_dude is here, mentioing that he älways heard about BSD, but hasn tried it, and now is inspired.
Hey! Hi! @Raspi_dude! Glad this thread inspired you! Any chance you might be Ken? /s
Haha! Good luck with your trial of BSD! Please let us know how it goes!
Sorry I'm not Ken I don't know who that is
Will do!
I installed it on a VPS, is there any good idea for Docker?
What's 'this'? Any BSD? FreeBSD? NetBSD? OpenBSD?
Afaik I have installed FreeBSD from ISO in a Solus environment.
https://en.wikipedia.org/wiki/Ken_Thompson
You mentioning Hetzner just gave me the nudge I needed to try out FreeBSD in a VM
The installation was a breeze, no manual needed. Although halfway through when I looked up the hardening options I saw that the FreeBSD Handbook has a documentation of every step along with screenshots. Very nice!
Documentation seems to be a strength of FreeBSD over OpenBSD. OpenBSD's FAQs are decent but not as complete.
Gonna play around with setting up a VPN, web server, firewall and other things I tend to do on my Linux servers.
What would be a good starting point for someone who has only barely tinkered with BSD installs in the past?
I'm a Debian man, through and through. It's what I know, it's what I'm familiar with, and I'm usually slow to adopt change.
Say I just wanted to deploy a BSD server for a LEMP stack, or for DNS applications (bind/named/unbound/powerdns/etc) or similar, would you suggest one start with OpenBSD?
If you are new to BSD and want the smoothest experience I'd start with FreeBSD. It is the most popular BSD and has the best support. It will be a BEMP stack then though.
Welcome to the club!
Just jumping in here (I've been a NetBSD user for a number of years), honestly, for someone starting out with BSD, I would sooner recommend FreeBSD, simply because of its much larger user community and the quality of its documentation
(Unless you like tinkering and quirks ...)
@MannDude I imagine your VPN nodes run more than just WireGuard and while I recommended FreeBSD for EMP stack OpenBSD has WireGuard built in. You don't have to install a single package to bring up a WireGuard connection, just run ifconfig command. Now keeping track of client/server keys and management of it all that's a totally separate issue but to spin up a 128MB (or even 32MB) instance for a VPN node is cake. In reality I don't think most people care whether what they are running is from a package or code outside of their OS but when security is the goal having a smaller codebase and less dependencies is a big deal.
Are you sure you're not Ken @Not_Oles ?
I am very happy to hear that! As it as been mentioned many times already in this thread, FreeBSD is the most 'new user friendly' of the BSDs and this is a good proof of that. Handbook is also very comprehensive and their forum is active. Once you get over the small initial learning curve, you'll be good to go to a nice and comfortable BSD journey!
I'm kinda interested in trying out OpenBSD but the fact there isn't much documentation on it is deterring me. Learning Freebsd was pretty simple, a lot of the packages are the same and I like the rc.conf It is straightforward and easy to understand.
If you are already familiar with FreeBSD I don't think you'll have any major problems with OpenBSD. It will be all little stuff that might annoy you but you'll be able to get past. The OpenBSD developers don't care that you find something annoying or that they could have big performance improvements if they think it reduces security. Security is priority one over there. Also, security and convenience are often at odds and most people don't really consider security and just want convenience which is why so many people seem to get turned off by OpenBSD. I don't mind compiling projects from scratch or manually fixing dependencies to get something working. It has all become second nature and I find myself a little bummed when I don't have to work at something to get it working. Granted not all the time, sometimes I just want to hit a button and have it all magically work but most of the time I feel like I learn a lot more when I have to dig in to make it work.
I've heard a lot of things about security regarding OpenBSD and that was the main thing that piqued my interest. But how does it compare in terms of security to other BSD like FreeBSD?
Where is the best place to start for OpenBSD?
Thanks!
Was trying to enable TCP MD5 support for BGP but
service netif restartjust disconnects me and even reverting the changes I've made and trying to restart the network interface doesn't actually make things work again. Oof.To be fair, I've only tinkered with it for maybe 30-45 minutes. I'll try to find some more time to dive into this deeper. Just using ChatGPT to dumb it down enough for me and to answer questions.
EDIT: But I am currently working on deploying a large PowerDNS based anycast setup, so FreeBSD may be a good choice. The VPN stuff (and pretty much everything else we do, unless it's unsupported) is all Debian based. But this could be a good hands-on approach to learning something new that may actually be better.
I don't really think Docker is comparable to Jails, but I've only read about Jails, I've never used it.
Still, my understanding is that Jails isn't the whole ecosystem that is Docker.
PS. Working with Docker daily and enjoying it very much.
Edit: Not even arguing about which one's better, I'm saying it's not the same thing.
NetBSD 10 now also has wireguard built in (although it's not a Jason A. Donenfeld approved implementation). Doesn't FreeBSD also have wireguard now (after some implementation drama)?
@MannDude
I'll start at the end, at your second post because one should first help a new BSD user with issues that currently and concretely stand in his way.
netif is not enough. The correct way is
service netif restart && service routing restart. No need to restart the server.Then install the packages you need. I'll use your question as an example:
pkg update && pkg upgrade// similar to good debian habitpkg add mysql80-server php83 nginx nsd unbound// install the packages you need/wantFinally configure the packages you installed. Usually the package manager provides useful hints. Generally, most package config files are in
/usr/local/etc(or a subdir).. And try to start your servers like so (e.g.)service unbound onestart. If it works you'll have to enter one (or a couple of) line(s) in/etc/rc.conf("THE" FreeBSD config file) likensd_enable="YES"(the package manager tells you which lines are needed).If you want to see whether a package is available (or which version(s)) just use
pkg search [some name]like 'php' or, when looking for a particular version (e.g.) 'php80'.I know, the "common understanding" is that OpenBSD is the most secure, but I'd advise you to use FreeBSD at least for the beginning. Also consider that the BSDs tend to not be enemies but often use good thing from one another. So you'll find a lot of OpenBSD ideas/approaches and even software in FreeBSD. All in all I think the distance (in terms of security) has become quite small.
I hope this will help you getting started. Feel free to ask if you need any further help or hints
Edit: almost forgotten, "disks, part 2". Once your system is pretty much up and running just run
sade(as root) and you'll see which partition were automatically created and, more importantly, which 'slices' (roughly equivalent to partitions in linux). When done just ^C out of it.I should have been soecific. I was curious on whether anyone has packed a BSD flavor into a template. It's clear that you can install any from an iso which is the reason most default to that. I thought the former was clear given that fact. Would like to look into that and know what types of packages are folks setting up with a BSD flavor as the base.
Sorry, me not know. After some template installs I learned my lesson and install from ISO only because the templates I've seen/used so far weren't worth the bytes they used up and the results were at best very weird and it was clearly visible that a linux guy created them.