How To: Install & Use the Ultra-Secure Operating System OpenBSD in VirtualBox

Install & Use the Ultra-Secure Operating System OpenBSD in VirtualBox

OpenBSD implements security in its development in a way that no other operating system on the planet does. Learning to use the Unix-like operating system can help a hacker understand secure development, create better servers, and improve their understanding of the BSD operating system. Using VirtualBox, the OS can be installed within a host to create a full-featured test environment.

This extremely secure operating system boasts features with which no other OS can compare. While OpenBSD is often regarded as a server OS, it can also be used on the desktop or within a virtual machine and still offer these same security features to regular users. This can be valuable to a device which stands a higher risk of being attacked or to anyone who wants greater protection against the possibility of remote code execution exploits such as those found in Microsoft Windows.

OpenBSD is derived from the Berkeley Software Distribution, or BSD, a Unix-like operating system developed initially at the University of California, Berkeley. Theo de Raadt forked OpenBSD from NetBSD in 1995, and the project continues to develop and grow today. The OpenBSD project also maintains several other popular tools, including OpenSSH and LibreSSL.

The OpenBSD development team's focus on security has led to an extensive amount of specific changes to the OS. These modifications include memory protections during compilations in order to prevent buffer or integer overflow attacks, extensive use of cryptography, randomization of various system signatures, and extensive privilege separation. These factors combine to form an extremely secure operating system for servers and desktops alike. The OpenBSD homepage itself boasts that the system has had "only two remote holes in the default install, in a heck of a long time!"

To test and learn more about the OpenBSD operating system, it can be installed and used within a virtual machine, in this case, using VirtualBox.

Step 1: Downloading an OpenBSD Image

OpenBSD can be downloaded from one of its HTTP/FTP mirrors. Select the location of the mirror closest to your location if you wish for the fastest speed.

Once you've selected a mirror, you will be brought to a page with a number of directories. To download the most recent disc image, select the highest release number. The "6.2" folder should include the most recently updated version as of December 2017, but this is subject to increase as subsequent releases are made. Once in the most recent version directory, there should be a number of subdirectories for different system architectures.

For most users, amd64 or i386 images will be the most useful. After selecting a system architecture subdirectory, a number of files will be available for download.

Among this set, the "install62.iso" file represents the installation image for version 6.2 of OpenBSD. Click on this file to download and save it.

Step 2: Preparing VirtualBox

VirtualBox is one of the simplest virtualization environments for Windows, macOS, and Linux. It can be downloaded from VirtualBox's website or it can be installed on Debian-based Linux distros like Ubuntu by using apt as in the command below.

sudo apt-get install virtualbox

Once VirtualBox is downloaded, installed, and opened, click the "New" button in the upper left of the main window to begin creating the new virtual machine.

A window will open requesting a name, type, and version. Typing OpenBSD into the Name field should lead to the automatic population of the following two selections, but if not, set Type to "BSD" and Version to "OpenBSD" 32- or 64-bit.

The next portion of virtual machine configuration is memory allocation. Generally speaking, the more memory one can grant to a virtual machine, the faster the VM will be able to run. The amount of memory one is willing to provide to the VM generally depends on the amount of RAM available on the host machine, shown at the right end of the memory slider bar within VirtualBox. A relatively lightweight operating system such as OpenBSD can function with a limited amount of memory if necessary.

At the Hard disk step, choose to "Create a virtual hard disk now." OpenBSD will need to be installed within the virtual machine, so a virtual hard drive to install this to will be needed.

If you have no need to move the virtual machine image between different virtualization tools, it's best to leave VDI selected for the Hard disk file type selection step.

The next selection is between a dynamically allocated or fixed size virtual hard disk. For most users, "Dynamically allocated" is the most simple to use, as it requires the least configuration.

Lastly, the maximum size and storage location of the virtual hard drive can be set. This may be an external hard drive or a specific location on a local drive. The size is the maximum size to which the virtual hard drive can grow, so if there are considerable size restraints based on hard drive size it may be worthwhile to limit this amount. The base installation size of OpenBSD will be relatively small, so this limit could easily be set to only a few GB.

Now the OpenBSD VM should be available from the main VirtualBox menu to be started. To launch it, simply click the "Start" button at the top of the interface while the OpenBSD virtual machine is selected.

Once the virtual machine is started, it will request a boot medium to start the virtual machine from.

After, click on the folder icon at the left of this selection menu in order to open a file selector. Here, browse to and select the OpenBSD ISO image downloaded earlier and click "Open," then click "Start" to launch the virtual machine. The OpenBSD installer should now begin to boot.

Step 3: Installing OpenBSD

On first boot, the OpenBSD image will load a text-based installer environment, as shown in the image below.

To begin the installation process, type i and press Enter. This process includes a number of questions and configuration options, each of which is explained with a short statement. The first prompt requests the preferred keyboard layout. Type L and press Enter if you wish to list all available options, or simply type us or uk to set the keyboard layout to US or UK English.

The next questions regard network configuration. Within a virtual machine, the network settings are relatively simple to set. Each option, beginning with Available network interfaces until DNS domain name, can be responded with by simply pressing Enter, as the default network configuration options should be fine for most users. On a hardware install, it may be worth taking more care when choosing these settings, depending on your network configuration.

The next option, Password for root account, allows one to set the root password. The "will not echo" string denotes that when pressing the keys for the password, it will not be visible, nor will it be returned to the user after entering. The root password should generally be strong, especially for a server or internet-connected system.

After entering the root password twice, the installer asks if you would like to start the SSH daemon, or background service, by default. While this is not necessary, it may be useful. To enable it, press Enter.

The following two questions regard the graphical configuration of the system. If you'd like to use a graphical interface, enable the X Window System by pressing Enter. The next question asks if you would like the X Window System to be started by the xenodm login manager. While this isn't necessary, it will make installing a different desktop environment easier, as shown later in this tutorial. to enable it, type yes and press Enter.

Next, enter a name and password for a standard-level user. For security reasons, it's best not to run as the root user, so this user will be used for most standard desktop operations. For most users, it will also be worth denying root SSH login for security reasons.

For the last question in this set, enter ? to see the available time zones, then type your preferred choice from the list or press Enter to continue with the default selection.

Next, the installer will partition the discs. In general, the only disc available for the virtual machine will be fine for the installation. While custom partitioning works even within the virtual machine environment, the default Whole disk MBR selection, abbreviated to w, is an ideal selection for the virtual machine. Press Enter again to continue the installation.

The next portion of the installation allows for "sets" of packages to be selected, downloaded, and installed. To download them from the internet, enter http when prompted for the location of the sets. You can define your preferred HTTP proxy and server, but the default setting with no proxy will work for most users. Next, sets can be selected or you can simply install all of them. Type done and press Enter to begin installing the sets.

After the sets finish installing, the OpenBSD installation should be complete! To start it, enter reboot at the command line and wait for the system to load.

You may find that the system boots back into the installation screen, most likely due to the initial installation media still being loaded, rather than the virtual hard drive. If this is the case, within VirtualBox, select the OpenBSD virtual machine and click "Settings." Under the "Storage" menu in the left pane, right-click on the ISO file shown under Storage Devices and click "Remove Attachment." Then, restart the virtual machine.

If a login screen such as the one below appears, OpenBSD has installed and booted from its virtual hard drive.

Now, we can log into the OpenBSD desktop environment and begin making changes to the operating system.

Step 4: Configuring & Using OpenBSD

After logging in using the username and password defined during the installation process, the OpenBSD X Window System and the fvwm window manager will load. This is a very basic graphical environment, but it does create a stacking window manager which can be used for visual tasks. A left-click menu is available when clicking anywhere on the default desktop.

Opening an XTerm window from this menu will help us install additional packages, some of which will allow us to add additional elements to the desktop environment. Once a terminal window is open, we'll use pkg_add to install additional packages. First, run su in a new terminal window to gain superuser privileges. Now we can install some additional packages. To replace the default window manager, we'll install the Xfce desktop environment, the Leafpad text editor, the Thunar file manager, consolekit2 to assist with login session management, and the Firefox web browser.

pkg_add xfce xfce-extras leafpad thunar firefox consolekit2

After these packages are installed, we can return to our regular user terminal session by typing exit and pressing Enter. After this, we can create a "xsession" startup file, which will launch Xfce at the next login, by running the command below.

echo "exec ck-launch-session startxfce4" > .xsession

This command "echoes" the statement within the quotation marks into the file ".xsession."

Now, you can restart the system. To restart the system, you need to have root privileges, so first sun su once again to regain a root terminal window, then type reboot and press Enter to reboot the system. When the virtual machine reboots, Xfce should automatically start.

Once the desktop environment is installed, OpenBSD is ready to be used much like any other Unix-like operating system, including Linux.

The OpenBSD operating system has software in its repository to do practically any task of other operating systems, including word processors, image editors, and even games. If a tool isn't already available, it can very likely be compiled if the source code is available.

Using OpenBSD

With Xfce installed, the graphical usage of OpenBSD should be relatively familiar for users of Linux distributions or Unix-like operating systems. The command line environment, ksh, will also generally be familiar to users of Bash. OpenBSD offers extensive documentation, with pages that thoroughly explain the often unfamiliar components of the operating system, such as package management and system administration. A complete user's guide is also available. OpenBSD is a very powerful, extensible system, and becoming familiar with it is a useful skill for any system administrator, security engineer, or hacker!

I hope that you enjoyed this tutorial on OpenBSD! If you have any questions about this tutorial or OpenBSD usage, feel free to leave a comment or reach me on Twitter @tahkion.

Cover image by NOAA's National Ocean Service/Flickr; Screenshots by TAKHION/Null Byte

1 Comment

It may be ultra-secure in the program's world, but it can be easily by-passed just by standing behind the user.

Share Your Thoughts

  • Hot
  • Latest