Snort 2.9.3.1 on OpenBSD 5.2

image: dirt

I’ve been aware of the OpenBSD project for quite a long time now. Their attitude of getting their software working reliably and securely appeals to my software engineering senses. I’ve not been through all their code; rather, to me, they look like a duck and quack like a duck. Their reputation is fearsome (in more than one respect).

OpenBSD is a BSD, an operating system that’s a flavour of unix. There’s a long and history behind Open BSD, the other BSDs (such as Apple’s OS X), Unix, and Linux, which I won’t bother to repeat here. Suffice to say that OpenBSD is a secure variant, and a good candidate for hosting firewalls, DMZs, and intrusion detection software. Another specific advantages of OpenBSD is the documentation. It is concise, clear, and almost always has the necessary examples.

OpenBSD generic, the standard install, works perfectly well on the Soekris 6501, but it’s too big from the tiny, elderly, 128M 4801s. For them, I had to build a revised kernel with a lot of content removed. Attached to this essay is NET4801, the basic configuration file I made. My aim was to get something working; I expect there are many more things that can be done to tidy & tune a kernel for the 4801s.

If you need a revised kernel, and you most probably won’t, you’ll need to install Open BSD on a convenient machine for building it. There and good and clear instructions in OpenBSD for doing so. Find them like this: once you’ve install OpenBSD, it’ll advise you to man afterboot. In there is good advice on configuring the OS, and, currently at the bottom, is a note on compiling the kernel. Go follow that note, and enjoy exploring the docs.

image: dirt

I used a virtual machine with an old SANDISK CF card reader to install Open BSD on to the Soekris SBCs CF cards, using the 386 ISO. You don’t need the games, X, or the development modules. This worked for the CF cards for all three machines. After I’d created the installation, I made some initial configuration changes, &, for the 4801s, replaced the standard generic kernel with the one I’d compiled.

One thing that I added to the standard open BSD install was some scripts to automate backing up. I used the dump facility, which is documented to be unreliable on live filesystems. I need to do more work on backup.

I must mention that I am impressed that MySQL seems to work perfectly well on an eight year old SBC running an ancient hard disk. Now, admittedly, I’m not overwhelming the database with oodles of urgent alerts, but, all the same, I have to congratulate Oracle for their software and the OpenBSD port guys for making sure it all works cleanly on a pretty limited system.

A good number of the installations that follow require OpenBSD packages. I had no problems with any of them.