Craig, Good to hear from you!
I recently had a pleasant experience with installing OpenBSD 3.3 (3.4 came out on 11/1/03) on an extra laptop from my employer, an HP Omnibook 4150B (128MB RAM, PIII/600Mhz, 18GB HD, ATI Mobility graphics card, Orinoco Silver 802.11b PCMCIA wlan nic). First, I had tried installing Knoppix 3.2 on it, which worked okay but I was a little bored with it. I then tried Mepis on it but either I had a bad CD or it just didn't like my HD as the install kept crapping out at the same place. I tried good old Debian on it and had some problems problems getting X working like I wanted, but I got past that. I then tried installing OpenBSD on it from the CD distribution, which includes a nice install doc in the foldout CD label, some nifty stickers and an original sound track. It installed faster than any of the previous, even the straight Debian install. I think I rebooted 15 minutes after starting the install and was at a shell prompt. WARNING: the partition manager will scare you if you are familiar with _minimal_ partition managers. The default OpenBSD install is _tiny_, but it contains everything you need to make it a firewall and NAT box and includes sshd by default. The OpenBSD CD package has 3 CDs in it, so you can install it on MacPPC, VAX, Sparc, Sparc64 and of course i386. It also includes the source code and a ports tree, which is basically a big directory of various software packages that you install by selecting a package, typing "make" to download and compile the source to make the install package, and then type "make install" to install the package. This ensures you have a package that is custom compiled and installed for your system. The ports tree system will also automatically handle software package dependencies. Here's the abbreviated output from an install of "John the Ripper", a well-known free software password cracker: fenris# cd /usr/ports fenris# ls .cvsignore cad emulators mail print CVS chinese games math productivity INDEX comms graphics mbone russian Makefile converters infrastructure misc security README databases japanese net shells archivers devel java news sysutils astro distfiles korean packages textproc audio editors lang palm www benchmarks education ls.out plan9 x11 fenris# cd security fenris# ls ADMfzap keychain p5-PGP-Sign ADMsmb klaxon parse ADMsnmp l0phtcrack pcsc-lite CVS libident pgp Makefile libmcrypt pgp5 aescrypt logsentry pgpdump aide logsurfer pgplib antisniff lxnb portscanner apg mcrypt portsentry arirang mhash ppgen bfbtester nbaudit py-Rijndael bounix nessus py-cryptkit bsd-airtools nfsshell py-gnupg ccrypt outguess py-sslwrapper cfs p0f radiusniff cgichk p5-Authen-Radius rdp chrootuid p5-Crypt-Blowfish scanlogd cops p5-Crypt-CBC scanssh corkscrew p5-Crypt-DES sentinel crack p5-Crypt-OpenSSL-DSA shash crank p5-Crypt-OpenSSL-RSA siphon cyrus-sasl p5-Crypt-OpenSSL-Random slurpie cyrus-sasl2 p5-Crypt-RC4 smbsniff dante p5-Crypt-Rijndael smurflog despoof p5-Crypt-SSLeay socks5 dsniff p5-Crypt-TripleDES sqlat fragroute p5-Crypt-Twofish stel fragrouter p5-Digest-HMAC strobe gnupg p5-Digest-MD5 stunnel gpa p5-Digest-Nilsimsa swatch gpgme p5-Digest-SHA1 tempwatch hlfl p5-GPG uvscan hydra p5-GnuPG uvscan_dat integrit p5-GnuPG-Interface vomit isic p5-IO-Socket-SSL whisker its4 p5-MD5 xmlsec john p5-Net_SSLeay zebedee fenris# cd john fenris# ls CVS Makefile distinfo patches pkg fenris# make ===> Checking files for john-1.6p1 >> john-1.6.tar.gz doesn't seem to exist on this system. >> Attempting to fetch /usr/ports/distfiles/john-1.6.tar.gz from http://www.openwall.com/john/. 100% |************************************************************| 485 KB 00:08 >> Checksum OK for john-1.6.tar.gz. (sha1) ===> Extracting for john-1.6p1 ===> Patching for john-1.6p1 ===> Configuring for john-1.6p1 ===> Building for john-1.6p1 ln -sf x86-any.h arch.h make ../run/john ../run/unshadow ../run/unafs ../run/unique JOHN_OBJS="DES_fmt.o DES_std.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o x86.o" CFLAGS="-c -Wall -O2 -fomit-frame-pointer -m486" ASFLAGS="-c -DUNDERSCORES -DALIGN_LOG -DBSD" cc -c -Wall -O2 -fomit-frame-pointer -m486 -funroll-loops DES_fmt.c ... (snipped for brevity: compiles a bunch of .c source code files) cc -c -Wall -O2 -fomit-frame-pointer -m486 -funroll-loops unique.c gcc -c -DUNDERSCORES -DALIGN_LOG -DBSD x86.S cc -s DES_fmt.o DES_std.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o x86.o -o ../run/john ln -s john ../run/unshadow ln -s john ../run/unafs ln -s john ../run/unique fenris# make install ===> Faking installation for john-1.6p1 install -d -o root -g bin -m 755 /usr/ports/security/john/w-john-1.6p1/fake-i386/usr/local/share/doc/john ... (snipped: processes various package related files) /usr/ports/security/john/w-john-1.6p1/fake-i386/usr/local/share/doc/john ===> Building package for john-1.6p1 Creating package /usr/ports/packages/i386/All/john-1.6p1.tgz Using SrcDir value of /usr/ports/security/john/w-john-1.6p1/fake-i386/usr/local Creating gzip'd tar ball in '/usr/ports/packages/i386/All/john-1.6p1.tgz' ===> Installing john-1.6p1 from /usr/ports/packages/i386/All/john-1.6p1.tgz cc -c -Wall -O2 -fomit-frame-pointer -m486 -funroll-loops recovery.c ... (snipped: compiles some more files) cc -c -Wall -O2 -fomit-frame-pointer -m486 -funroll-loops unique.c gcc -c -DUNDERSCORES -DALIGN_LOG -DBSD x86.S cc -s DES_fmt.o DES_std.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o x86.o -o ../run/john ln -s john ../run/unshadow ln -s john ../run/unafs ln -s john ../run/unique fenris# /usr/local/bin/john John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer Usage: /usr/local/bin/john [OPTIONS] [PASSWORD-FILES] -single "single crack" mode -wordfile:FILE -stdin wordlist mode, read words from FILE or stdin -rules enable rules for wordlist mode -incremental[:MODE] incremental mode [using section MODE] -external:MODE external mode or word filter -stdout[:LENGTH] no cracking, just write words to stdout -restore[:FILE] restore an interrupted session [from FILE] -session:FILE set session file name to FILE -status[:FILE] print status of a session [from FILE] -makechars:FILE make a charset, FILE will be overwritten -show show cracked passwords -test perform a benchmark -users:[-]LOGIN|UID[,..] load this (these) user(s) only -groups:[-]GID[,..] load users of this (these) group(s) only -shells:[-]SHELL[,..] load users with this (these) shell(s) only -salts:[-]COUNT load salts with at least COUNT passwords only -format:NAME force ciphertext format NAME (DES/BSDI/MD5/BF/AFS/LM) -savemem:LEVEL enable memory saving, at LEVEL 1..3 I used xf86cfg included with OpenBSD to configure a XF86Config. I just ran xf86cfg, it detected my hardware, I saved the output and started X ("startx"). Voila! It runs fvwm by default with some nifty menus and features already configured. Next, I used the ports tree like above to install openbox, which is a variant of blackbox, a minimal, small footprint window manager for X, but with more nifty features built-in, like ALT-tab between apps, and ALT-Fn between workspaces, etc. REALLY nice on an older box. Check it out: http://www.icculus.org/openbox/ I find OpenBSD to run _really_ fast and well on older laptops that usually lack the performance of a desktop. It takes about 5 seconds from typing "startx" to see the openbox desktop. KDE and Gnome are nice, but jeez, they are resource pigs. Here's the output of "top" after starting X, openbox and xterm: load averages: 0.09, 0.10, 0.08 14:27:47 24 processes: 1 running, 23 idle Memory: Real: 21M/34M act/tot Free: 87M Swap: 0K/208M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND 31979 _x11 2 0 11M 12M sleep select 0:01 0.00% XFree86 32753 root 2 0 356K 876K idle select 0:00 0.00% sshd 23261 root 2 0 400K 1184K sleep select 0:00 0.00% sshd 19868 root 2 0 988K 2116K sleep select 0:00 0.00% fluxbox 964 root 2 0 1336K 2852K sleep select 0:00 0.00% xterm 11855 root 2 0 908K 832K sleep select 0:00 0.00% sendmail 15991 root 18 0 356K 296K sleep pause 0:00 0.00% csh 10568 root 2 0 152K 724K sleep select 0:00 0.00% top 23998 root 18 0 348K 312K idle pause 0:00 0.00% csh 31362 root 2 0 104K 384K sleep select 0:00 0.00% syslogd 1 root 10 0 340K 200K idle wait 0:00 0.00% init 31186 root 18 0 388K 284K idle pause 0:00 0.00% sh 27597 root 18 0 344K 272K idle pause 0:00 0.00% csh 27374 root 2 0 232K 460K idle select 0:00 0.00% cron 10834 root 2 0 64K 356K idle select 0:00 0.00% inetd 13785 root 10 0 52K 612K idle wait 0:00 0.00% xinit 15031 root 2 0 1608K 408K idle netio 0:00 0.00% XFree86 16776 root 3 0 48K 408K idle ttyin 0:00 0.00% getty I still have 87MB RAM free to play with! Installing OpenBSD on a laptop is a good way to learn about OpenBSD and network security since it is portable and you can plug into various networks and WLANs to do "trouble-shooting". Ahem. For educational purposes only. ;) The only downside is that the laptop goes into sleep mode and doesn't wake up, requiring a hard reboot, but the fsck utilities are rock-solid so far and I haven't lost any files yet. Probably just a BIOS tweak. For more info and extra L33T cred, check out: http://www.openbsd.org. ;) John Hebert CMB wrote: > Last week I had some fun determining which distros I like.... > > At home... I finally got one of my scrap boxes to run (lack of > memory)....and for comparison purposes I did installs in slackware9.2, > debian3, knoppix-std, and koppix3.3... -- John Hebert System Engineer I T Group, Inc. 225-922-4535
