🦉 OpenBSD Shell Basics
OpenBSD provides a security-focused Unix-like environment with a minimalist but powerful shell interface. Understanding OpenBSD's shell fundamentals is essential for effective system administration.
🎯 OpenBSD Shell Environment
Default Shell and Philosophy
OpenBSD emphasizes security and simplicity in its shell environment:
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | # Check current shell
echo $SHELL
# OpenBSD default shell
ksh # KornShell (since OpenBSD 6.8)
# Previously: pdksh (Public Domain KornShell)
# Check available shells
cat /etc/shells
# Shell locations
/bin/ksh # Primary shell
/bin/sh # POSIX shell
/usr/local/bin/bash # If installed
|
Terminal Configuration
OpenBSD's terminal setup focuses on security and simplicity:
1
2
3
4
5
6
7
8
9
10
11
12 | # Terminal settings
stty -a # Display all terminal settings
stty sane # Reset to sane defaults
# Terminal information
tty # Show terminal device name
who am i # Show current login information
# Environment variables
printenv # Display all environment variables
echo $TERM # Terminal type
echo $PATH # Command search path
|
🔧 Basic Command Structure
Core BSD Commands
OpenBSD uses traditional BSD commands with some extensions:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | # File operations
ls -la # List files with details
doas ls -la # List with elevated privileges
cp file1.txt file2.txt # Copy files
mv oldname.txt newname.txt # Move/rename files
rm file.txt # Remove files
mkdir newdir # Create directory
rmdir emptydir # Remove empty directory
rm -rf directory/ # Remove directory and contents
# File viewing and editing
cat file.txt # Display file contents
more file.txt # Page through file (basic pager)
less file.txt # Enhanced pager
head -n 10 file.txt # First 10 lines
tail -n 10 file.txt # Last 10 lines
vi file.txt # Vi editor (standard)
|
Process Management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | # Process viewing
ps aux # All processes
ps -auxwww # Extended process information
top # Interactive process viewer
fstat # File status for processes
# Process control
kill 1234 # Terminate process by PID
kill -9 1234 # Force terminate process
killall process_name # Terminate all matching processes
pkill -f "pattern" # Kill by command line pattern
# Process monitoring
pgrep process_name # Find process IDs
pstat -p 1234 # Process statistics
|
📋 File System Navigation
OpenBSD Directory Structure
OpenBSD follows a traditional Unix hierarchy with security enhancements:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 | # Core directories
/ # Root directory
/bin # Essential user binaries
/sbin # Essential system binaries
/usr # Secondary hierarchy
/usr/bin # User binaries
/usr/sbin # System binaries
/usr/local # Local software
/etc # System configuration files
/var # Variable data
/tmp # Temporary files
/home # User home directories
# Security-related directories
/etc/doas.conf # Doas configuration
/etc/pf.conf # Packet filter configuration
/etc/rc.conf.local # Local startup configuration
/var/log # System logs
# Device files
/dev # Device files
/dev/null # Null device
/dev/zero # Zero device
/dev/random # Random number generator
|
File Permissions and Ownership
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 | # View file permissions
ls -l filename # Long format listing
stat filename # Detailed file information
# Permission modification
chmod 755 script.sh # Set permissions (rwxr-xr-x)
chmod +x script.sh # Make executable
chmod -R 755 directory/ # Recursively set permissions
# Ownership modification
chown user:group file.txt # Change owner and group
chown user file.txt # Change owner only
chgrp group file.txt # Change group only
# Secure permissions
chmod 600 sensitive_file # Owner read/write only
chmod 644 normal_file # Owner rw, others read
chmod 700 private_dir # Owner full access only
# Permission checking
[ -r file.txt ] && echo "Readable"
[ -w file.txt ] && echo "Writable"
[ -x file.txt ] && echo "Executable"
|
🌐 Network Operations
Network Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 | # Network interface information
ifconfig # All network interfaces
ifconfig em0 # Specific interface
netstat -i # Interface statistics
# IP address configuration
ifconfig em0 inet 192.168.1.100 # Set IP address
route add default 192.168.1.1 # Add default route
ping 192.168.1.1 # Test connectivity
# Network services
netstat -an # All network connections
sockstat # Socket statistics
pfctl -sr # Packet filter rules
# DNS resolution
host google.com # DNS lookup
nslookup google.com # Alternative DNS lookup
dig google.com # Detailed DNS query
|
Remote Access and File Transfer
1
2
3
4
5
6
7
8
9
10
11
12
13 | # Secure shell
ssh user@hostname
ssh -i ~/.ssh/key user@host
# Secure copy
scp file.txt user@host:/path/
scp user@host:/path/file.txt .
# Remote file system mounting
sshfs user@host:/remote/path /local/mountpoint
# Built-in file transfer
sftp user@hostname # Secure FTP
|
🛠️ System Administration
Package Management
OpenBSD uses its own package management system:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | # Package management with pkg_
pkg_add package_name # Install package
pkg_delete package_name # Remove package
pkg_info # List installed packages
pkg_info -Q search_term # Search for packages
# Package updates
pkg_add -u # Update installed packages
pkg_info -u # List outdated packages
# Package information
pkg_info package_name # Package details
pkg_info -L package_name # List installed files
# Security updates
syspatch # Apply system patches
sysupgrade # Upgrade to new release
|
System Configuration and Services
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 | # System configuration files
/etc/rc.conf.local # Local startup configuration
/etc/sysctl.conf # Kernel parameters
/etc/doas.conf # Privilege escalation
# Service management
rcctl start service_name # Start service
rcctl stop service_name # Stop service
rcctl restart service_name # Restart service
rcctl enable service_name # Enable at boot
rcctl disable service_name # Disable at boot
rcctl status service_name # Check service status
# System information
uname -a # System information
dmesg # Boot messages
sysctl hw.physmem # Physical memory
sysctl kern.boottime # Boot time
# Disk management
df -h # Disk space usage
du -sh /path # Directory size
fdisk -l # Partition table
disklabel sd0 # Disk label information
|
🎨 Development Environment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | # Compiler toolchain
cc --version # C compiler
gcc --version # GNU C compiler (if installed)
clang --version # LLVM compiler (if installed)
# Build tools
make # Standard make
gmake # GNU make (if installed)
cmake # CMake (if installed)
# Version control
git --version # Git version control
cvs # Concurrent Versions System
# Scripting languages
perl -v # Perl interpreter
python3 --version # Python 3
ruby --version # Ruby (if installed)
|
Environment Variables and Paths
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | # View environment variables
env # All environment variables
printenv PATH # Specific variable
set # Shell variables
# Modify PATH
export PATH="/usr/local/bin:$PATH"
# Shell configuration files
~/.profile # Login shell configuration
~/.kshrc # KornShell configuration
# Persistent environment setup
echo 'export PATH="/usr/local/bin:$PATH"' >> ~/.profile
|
🔍 Security Features
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | # Privilege escalation
doas command # Execute with privileges
doas -u user command # Execute as specific user
# Packet filtering
pfctl -f /etc/pf.conf # Load packet filter rules
pfctl -sr # Show rules
pfctl -si # Show statistics
# Security auditing
syspatch # Apply security patches
signify -V -p pubkey.pub -x file.sig file # Verify signatures
# File integrity
mtree -p /etc # Check file integrity
mtree -p /bin -k sha256 # SHA256 checksums
|
Security Configuration
1
2
3
4
5
6
7
8
9
10
11
12 | # Doas configuration
# /etc/doas.conf
permit persist :wheel # Allow wheel group with password
permit nopass keepenv root # Allow root without password
# System security
sysctl kern.securelevel=1 # Increase security level
sysctl net.inet.ip.forwarding=0 # Disable IP forwarding
# Login security
# /etc/login.conf modifications
# Default settings are quite secure
|
🧾 Summary Quick Reference
Essential Commands
| Category |
Command |
Description |
| Navigation |
cd, pwd, ls |
Directory navigation |
| Files |
cp, mv, rm, mkdir |
File operations |
| Viewing |
cat, more, head, tail |
File content viewing |
| Processes |
ps, top, kill |
Process management |
| Network |
ifconfig, ping, netstat |
Network operations |
| Packages |
pkg_add, pkg_delete |
Package management |
| Services |
rcctl |
Service control |
OpenBSD-Specific Locations
| Path |
Purpose |
/etc/doas.conf |
Privilege escalation configuration |
/etc/pf.conf |
Packet filter firewall rules |
/etc/rc.conf.local |
Local system configuration |
/usr/ports |
Ports collection (source packages) |
/var/log/messages |
System log file |
🧠 Best Practices
OpenBSD Shell Usage Guidelines
✅ Recommended Practices:
- Use doas instead of sudo for privilege escalation
- Keep system updated with syspatch
- Use pkg_add for package management
- Follow security-first configuration approach
- Understand minimalist design philosophy
- Use built-in security features extensively
❌ Common Pitfalls to Avoid:
- Installing software outside package system
- Disabling security features unnecessarily
- Running services without proper configuration
- Ignoring secure default permissions
- Not understanding privilege escalation model
- Using deprecated or insecure protocols
Security Considerations
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | # Enable packet filtering
# Edit /etc/pf.conf and load with:
pfctl -f /etc/pf.conf
# Configure doas properly
# /etc/doas.conf should be minimal and secure
# Monitor system logs
tail -f /var/log/messages
grep "failed" /var/log/authlog
# Regular security updates
syspatch
pkg_add -u
|
🧾 See Also