diff --git a/en_US.ISO8859-1/articles/linux-comparison/article.sgml b/en_US.ISO8859-1/articles/linux-comparison/article.sgml index 5926afffd1..1ef6a433cb 100644 --- a/en_US.ISO8859-1/articles/linux-comparison/article.sgml +++ b/en_US.ISO8859-1/articles/linux-comparison/article.sgml @@ -1,551 +1,548 @@ %articles.ent; ]>
FreeBSD: An Open Source Alternative to Linux Dru Lavigne
dru@isecom.org
 2005 Dru Lavigne $FreeBSD$ &tm-attrib.freebsd; &tm-attrib.linux; &tm-attrib.unix; &tm-attrib.general; &legalnotice; The objective of this whitepaper is to explain some of the features and benefits provided by &os;, and where applicable, compare those features to &linux;. This paper provides a starting point for those interested in exploring Open Source alternatives to &linux;. Introduction &os; is a &unix; like operating system based on the Berkeley Software Distribution. While &os; and &linux; are commonly perceived as being very similar, there are differences: &linux; itself is a kernel. Distributions (e.g. Red Hat, Debian, Suse and others) provide the installer and the utilities available to the user. http://www.linux.org/dist lists well over 300 distinct distributions. While giving the user maximum flexibility, the existence of so many distributions also increases the difficulty of transferring one's skills from one distribution to another. Distributions don't just differ in ease-of install and available programs; they also differ in directory layout, available shells and window managers, and software installation and patching routines. &os; is a complete operating system (kernel and userland) with a well-respected heritage grounded in the roots of Unix development.[1] Since both the kernel and the provided utilities are under the control of the same release engineering team, there is less likelihood of library incompatibilities. Security vulnerabilities can also be addressed quickly by the security team. When new utilities or kernel features are added, the user simply needs to read one file, the Release Notes, which is publicly available on the main page of the &os; website. &os; has a large and well organized programming base which ensures changes are implemented quickly and in a controlled manner. There are several thousand programmers who contribute code on a regular basis but only about 300 of these have what is known as a commit bit and can actually commit changes to the kernel, utilities and official documentation. A release engineering team provides quality control and a security officer team is responsible for responding to security incidents. In addition, there is an elected core group of 8 senior committers who set the overall direction of the Project. In contrast, changes to the Linux kernel ultimately have to wait until they pass through the maintainer of kernel source, Linus Torvalds. How changes to distributions occur can vary widely, depending upon the size of each particular distribution's programming base and organizational method. While both &os; and &linux; use an Open Source licensing model, the actual licenses used differ. The Linux kernel is under the GPL license while &os; uses the BSD license. These, and other Open Source licenses, are described in more detail at the website of the Open Source Initiative. The driving philosophy behind the GPL is to ensure that code remains Open Source; it does this by placing restrictions on the distribution of GPLd code. In contrast, the BSD license places no such restrictions, which gives you the flexibility of keeping the code Open Source or closing the code for a proprietary commercial product.[2] Having stable and reliable code under the attractive BSD license means that many operating systems, such as Apple OS X are based on FreeBSD code. It also means that if you choose to use BSD licensed code in your own projects, you can do so without threat of future legal liability. &os; Features Supported Platforms &os; has gained a reputation as a secure, stable, operating system for the &intel; (&i386;) platform. However, &os; also supports the following architectures: alpha amd64 ia64 &i386; pc98 &sparc64; In addition, there is ongoing development to port &os; to the following architectures: &arm; &mips; &powerpc; Up-to-date hardware lists are maintained for each architecture so you can tell at a glance if your hardware is supported. For servers, there is excellent hardware RAID and network interface support. &os; also makes a great workstation and laptop operating system! It supports the X Window System, the same one used in &linux; distributions to provide a desktop user interface. It also supports over 13,000 easy to install third-party applications,[3] including KDE, Gnome, and OpenOffice. Several projects are available to ease the installation of &os; as a desktop. The most notable are: DesktopBSD which aims at being a stable and powerful operating system for desktop users. FreeSBIE which provides a LiveCD of &os;. PC-BSD which provides an easy-to-use GUI installer for &os; aimed at the desktop user. Extensible Frameworks &os; provides many extensible frameworks to easily allow you to customize the FreeBSD environment to your particular needs. Some of the major frameworks are: Netgraph Netgraph is a modular networking subsystem that can be used to supplement the existing kernel networking infrastructure. Hooks are provided to allow developers to derive their own modules. As a result, rapid prototyping and production deployment of enhanced network services can be performed far more easily and with fewer bugs. Many existing operational modules ship with FreeBSD and include support for: PPPoE ATM ISDN Bluetooth HDLC EtherChannel Frame Relay L2TP, just to name a few. GEOM GEOM is a modular disk I/O request transformation framework. Since it is a pluggable storage layer, it permits new storage services to be quickly developed and cleanly integrated into the FreeBSD storage subsystem. Some examples where this can be useful are: Creating RAID solutions. Providing full-blown cryptographic protection of stored data. Newer versions of FreeBSD provide many administrative utilities to use the existing GEOM modules. For example, one can create a disk mirror using &man.gmirror.8;, a stripe using &man.gstripe.8;, and a shared secret device using &man.gshsec.8;. GBDE GBDE, or GEOM Based Disk Encryption, provides strong cryptographic protection and can protect file systems, swap devices, and other uses of storage media. In addition, GBDE transparently encrypts entire file systems, not just individual files. No cleartext ever touches the hard drive's platter. MAC MAC, or Mandatory Access Control, provides fine-tuned access to files and is meant to augment traditional operating system authorization provided by file permissions. Since MAC is implemented as a modular framework, a FreeBSD system can be configured for any required policy varying from HIPAA compliance to the needs of a military-grade system. &os; ships with modules to implement the following policies; however the framework allows you to develop any required policy: Biba integrity model Port ACLs MLS or Multi-Level Security confidentiality policy LOMAC or Low-watermark Mandatory Access Control data integrity policy Process partition policy PAM Like &linux;, &os; provides support for PAM, Pluggable Authentication Modules. This allows an administrator to augment the traditional &unix; username/password authentication model. &os; provides modules to integrate into many authentication mechanisms, including: Kerberos 5 OPIE RADIUS TACACS+ It also allows the administrator to define policies to control authentication issues such as the quality of user-chosen passwords. Security Security is very important to the FreeBSD Release Engineering Team. This manifests itself in several concrete areas: All security incidents and fixes pass through the Security Team and are issued as publicly available Advisories. The Security Team has a reputation for quickly resolving known security issues. Full information regarding FreeBSD's security handling procedures and where to find security information is available at . One of the problems associated with Open Source software is the sheer volume of available applications. There are literally tens of thousands of Open Source application projects each with varying levels of responsiveness to security incidents. &os; has met this challenge head-on with VuXML. All software shipped with the FreeBSD operating system as well any software available in the Ports Collection is compared to a database of known, unresolved vulnerabilities. An administrator can use the &man.portaudit.1; utility to quickly determine if any software on a &os; system is vulnerable, and if so, receive a description of the problem and an URL containing a more detailed vulnerability description. &os; also provides many mechanisms which allow an administrator to tune the operating system to meet his security needs: The &man.jail.8; utility allows an administrator to imprison a process; this is ideal for applications which don't provide their own chroot environment. The &man.chflags.1; utility augments the security provided by traditional Unix permissions. It can, for example, prevent specified files from being modified or deleted by even the superuser. &os; provides 3 built-in stateful, NAT-aware firewalls, allowing the flexibility of choosing the ruleset most appropriate to one's security needs. The &os; kernel is easily modified, allowing an administrator to strip out unneeded functionality. &os; also supports kernel loadable modules and provides utilities to view, load and unload kernel modules. The sysctl mechanism allows an administrator to view and change kernel state on-the-fly without requiring a reboot. Support Like &linux;, &os; offers many venues for support, both freely available and commercial. Free Offerings &os; is one of the best documented operating systems, and the documentation is available both as part of the operating system and on the Internet. Manual pages are clear, concise and provide working examples. The FreeBSD Handbook provides background information and configuration examples for nearly every task one would wish to complete using &os;. &os; provides many support mailing lists. where answers are archived and fully searchable. If you have a question that wasn't addressed by the Handbook, it most likely has already been answered on a mailing list. The Handbook and mailing lists are also available in several languages, all of which are easily accessible from . There are many FreeBSD IRC channels, forums and user groups. See for a selection. If you're looking for a &os; administrator, developer or support personnel, send a job description which includes geographic location to freebsd-jobs@FreeBSD.org. Commercial Offerings There are many vendors who provide commercial &os; support. Resources for finding a vendor near you include: The Commercial Vendors page at the &os; site: FreeBSDMall, who have been selling support contracts for nearly 10 years. The BSDTracker Database at: There is also an initiative to provide certification of BSD system administrators. . If your project requires Common Criteria certification, &os; includes the TrustedBSD MAC framework to ease the certification process. Advantages to Choosing &os; There are many advantages to including &os; solutions in your IT infrastructure: &os; is well documented and follows many standards. This allows your existing intermediate and advanced system administrators to quickly transfer their existing Linux and Unix skillsets to FreeBSD administration. In-house developers have full access to all FreeBSD code[4] for all releases going back to the original &os; release. Included with the code are all of the log messages which provide context to changes and bug fixes. Additionally, a developer can easily replicate any release by simply checking out the code with the desired label. In contrast, &linux; traditionally didn't follow this model, but has recently adopted a more mature development model. [5] In-house developers also have full access to FreeBSD's GNATS bug-tracking database. They are able to query and track existing bugs as well as submit their own patches for approval and possible committal into the FreeBSD base code. The BSD license allows you to freely modify the code to suit your business purposes. Unlike the GPL, there are no restrictions on how you choose to distribute the resulting software. Conclusion &os; is a mature &unix;-like operating system which includes many of the features one would expect in a modern &unix; system. For those wishing to incorporate an Open Source solution in their existing infrastructure, &os; is an excellent choice indeed. Addenda See also for a brief history. For a fairly unbiased view of the merits of each license, see . Using FreeBSD's ports collection: software installation is as easy as pkg_add -r application_name. In addition, all code is browsable through a web-interface: . An interesting overview of the evolving Linux development model can be found at .
- - - diff --git a/en_US.ISO8859-1/articles/linux-users/article.sgml b/en_US.ISO8859-1/articles/linux-users/article.sgml index 416e87cef7..190fed0679 100644 --- a/en_US.ISO8859-1/articles/linux-users/article.sgml +++ b/en_US.ISO8859-1/articles/linux-users/article.sgml @@ -1,590 +1,590 @@ %articles.ent; ]>
FreeBSD Quickstart Guide for &linux; Users John Ferrell 2008 The FreeBSD Documentation Project $FreeBSD$ &tm-attrib.freebsd; &tm-attrib.linux; &tm-attrib.intel; &tm-attrib.redhat; &tm-attrib.unix; &tm-attrib.general; This document is intended quickly familiarize intermediate to advanced &linux; users with the basics of FreeBSD. Introduction This document will highlight the differences between &os; and &linux; so that intermediate to advanced &linux; users can quickly familiarize themselves with the basics of &os;. This is just a technical quickstart, it does not attempt to design philosophical differences between the two operating systems. This document assumes that you have already installed &os;. If you have not installed &os; or need help with the installation process please refer to the Installing FreeBSD chapter of the &os; Handbook. Shells: No Bash? Those coming from &linux; are often surprised to find that Bash is not the default shell in &os;. In fact, Bash is not even in the default installation. Instead, &os; uses &man.tcsh.1; as the default shell. Although, Bash and your other favorite shells are available in &os;'s Packages and Ports Collection. If you do install other shells you can use &man.chsh.1; to set a user's default shell. It is, however, recommended that the root's default shell remain unchanged. The reason for this is that shells not included in the base distribution are normally installed in /usr/local/bin or /usr/bin. In the event of a problem the file systems where /usr/local/bin and /usr/bin are located may not be mounted. In this case root would not have access to its default shell, preventing root from logging in. For this reason a second root account, the toor account, was created for use with non-default shells. See the security FAQ for information regarding the toor account. Packages and Ports: Adding software in &os; In addition to the traditional &unix; method of installing software (download source, extract, edit source code, and compile), &os; offers two other methods for installing applications: packages and ports. A complete list of of all available ports and packages can be found here. Packages Packages are pre-compiled applications, the &os; equivalents of .deb files on Debian/Ubuntu based systems and .rpm files on Red Hat/Fedora based systems. Packages are installed using &man.pkg.add.1;. For example, the following command installs Apache 2.2: &prompt.root; pkg_add /tmp/apache-2.2.6_2.tbz Using the switch will tell &man.pkg.add.1; to automatically fetch a package and install it, as well as any dependencies: &prompt.root; pkg_add -r apache22 Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/Latest/apache22.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/All/expat-2.0.0_1.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/All/perl-5.8.8_1.tbz... Done. [snip] To run apache www server from startup, add apache22_enable="YES" in your /etc/rc.conf. Extra options can be found in startup script. If you are running a release version of &os; (6.2, 6.3, 7.0, etc., generally installed from CD-ROM) pkg_add -r will download packages built for that specific release. These packages may not be the most up-to-date version of the application. You can use the PACKAGESITE variable to override this default behavior. For example, set PACKAGESITE to to download the most recent packages built for the 6.X series. You can read more about the &os; versions in the article Choosing the &os; Version That Is Right For You. For more information on packages please refer to section 4.4 of the &os; Handbook: Using the Packages System. - + Ports &os;'s second method for installing applications is the Ports Collection. The Ports Collection is a framework of Makefiles and patches specifically customized for installing various software applications from source on &os;. When installing a port the system will fetch the source code, apply any required patches, compile the code, and install the application (and do the same for any dependencies). The Ports Collection, sometimes referred to as the ports tree, can be found in /usr/ports. That is assuming the Ports Collection was installed during the &os; installation process. If the Ports Collection has not been installed it can be added from the installation discs using &man.sysinstall.8;, or pulled from the &os; servers using &man.csup.1; or &man.portsnap.8;. Detailed instructions for installing the Ports Collection can be found in section 4.5.1 of the handbook. Installing a port is as simple (generally) as changing in to the port's directory and starting the build process. The following example installs Apache 2.2 from the Ports Collection: &prompt.root; cd /usr/ports/www/apache22 &prompt.root; make install clean A major benefit of using ports to install software is the ability to customize the installation options. For example, when installing Apache 2.2 from ports you can enable mod_ldap by setting the WITH_LDAP &man.make.1; variable: &prompt.root; cd /usr/ports/www/apache22 &prompt.root; make WITH_LDAP="YES" install clean Please see section 4.5 of the &os; Handbook, Using the Ports Collection, for more information about the Ports Collection. Ports or packages, which one should I use? Packages are just pre-compiled ports, so it is really a matter of installing from source (ports) versus installing from binary packages. Each method has its own benefits: Packages (binary) Faster installation (compiling large applications can take quite a while). You do not need to understand how to compile software. No need to install compilers on your system. Ports (source) Ability to customize installation options. (Packages are normally built with standard options. With ports you can customize various options, such as building additional modules or changing the default path.) You can apply your own patches if you are so inclined. - + If you do not have any special requirements, packages will probably suit your situation just fine. If you may ever need to customize, ports are the way to go. (And remember, if you need to customize but prefer packages, you can build a custom package from ports using make package and then copy the package to other servers.) System Startup: Where are the run-levels? &linux; uses the SysV init system, whereas &os; uses the traditional BSD-style &man.init.8;. Under the BSD-style &man.init.8; there are no run-levels and no /etc/inittab, instead startup is controlled by the &man.rc.8; utility. The /etc/rc script reads /etc/defaults/rc.conf and /etc/rc.conf to determine which services are to be started. The specified services are then started by running the corresponding service initialization scripts located in /etc/rc.d/ and /usr/local/etc/rc.d/. These scripts are similar to the scripts located in /etc/init.d/ on &linux; systems. Why are there two locations for service initialization scripts? The scripts found in /etc/rc.d/ are for applications that are part of the base system. (&man.cron.8;, &man.sshd.8;, &man.syslog.3;, and others.) The scripts in /usr/local/etc/rc.d/ are for user-installed applications such as Apache, Squid, etc. What is the difference between the base system and user-installed applications? FreeBSD is developed as a complete operating system. In other words, the kernel, system libraries, and userland utilities (such as &man.ls.1;, &man.cat.1;, &man.cp.1;, etc.) are developed and released together as one. This is what is referred to as the base system. The user-installed applications are applications that are not part of the base system, such as Apache, X11, Mozilla Firefox, etc. These user-installed applications are generally installed using &os;'s Packages and Ports Collection. In order to keep them separate from the base system, user-installed applications are normally installed under /usr/local/. Therefore the user-installed binaries reside in /usr/local/bin/, configuration files are in /usr/local/etc/, and so on. Services are enabled by specifying ServiceName_enable="YES" in /etc/rc.conf (&man.rc.conf.5;). Take a look at /etc/defaults/rc.conf for the system defaults, these default settings are overridden by settings in /etc/rc.conf. Also, when installing additional applications be sure to review the documentation to determine how to enable any associated services. - + The following snippet from /etc/rc.conf enables &man.sshd.8; and Apache 2.2. It also specifies that Apache should be started with SSL. # enable SSHD sshd_enable="YES" # enable Apache with SSL apache22_enable="YES" apache22_flags="-DSSL" Once a service has been enabled in /etc/rc.conf, the service can be started from the command line (without rebooting the system): &prompt.root; /etc/rc.d/sshd start - + If a service has not been enabled it can be started from the command line using : - + &prompt.root; /etc/rc.d/sshd forcestart Network configuration Network Interfaces Instead of a generic ethX identifier that &linux; uses to identify a network interface, &os; uses the driver name followed by a number as the identifier. The following output from &man.ifconfig.8; shows two &intel Pro 1000 network interfaces (em0 and em1): &prompt.user; ifconfig em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet 10.10.10.100 netmask 0xffffff00 broadcast 10.10.10.255 ether 00:50:56:a7:70:b2 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet 192.168.10.222 netmask 0xffffff00 broadcast 192.168.10.255 ether 00:50:56:a7:03:2b media: Ethernet autoselect (1000baseTX <full-duplex>) status: active - + IP Configuration An IP address can be assigned to an interface using &man.ifconfig.8;. However, to remain persistent across reboots the IP configuration must be included in /etc/rc.conf. The following example specifies the hostname, IP address, and default gateway: hostname="server1.example.com" ifconfig_em0="inet 10.10.10.100 netmask 255.255.255.0" defaultrouter="10.10.10.1" Use the following to configure an interface for DHCP: hostname="server1.example.com" ifconfig_em0="DHCP" Firewall Like IPTABLES in &linux;, &os; also offers a kernel level firewall; actually &os; offers three firewalls: - + IPFIREWALL IPFILTER PF IPFIREWALL or IPFW (the command to manage an IPFW ruleset is &man.ipfw.8;) is the firewall developed and maintained by the &os; developers. IPFW can be paired with &man.dummynet.4; to provide traffic shaping capabilities and simulate different types of network connections. Sample IPFW rule to allow SSH in: ipfw add allow tcp from any to me 22 in via $ext_if IPFILTER is the firewall application developed by Darren Reed. It is not specific to &os;, and has been ported to several operating systems including NetBSD, OpenBSD, SunOS, HP/UX, and Solaris. Sample IPFILTER command to allow SSH in: pass in on $ext_if proto tcp from any to any port = 22 The last firewall application, PF, is developed by the OpenBSD project. PF was created as a replacement for IPFILTER. As such, the PF syntax is very similar to that of IPFILTER. PF can be paired with &man.altq.4; to provide QoS features. Sample PF command to allow SSH in: pass in on $ext_if inet proto tcp from any to ($ext_if) port 22 Updating &os; There are three methods for updating a &os; system: from source, binary updates, and the installation discs. Updating from source is the most involved update method, but offers the greatest amount of flexibility. The process involves synchronizing a local copy of the FreeBSD source code with the &os; CVS (Concurrent Versioning System) servers. Once the local source code is up to date you can build new versions of the kernel and userland. For more information on source updates see the chapter on updating in the &os; Handbook. Binary updates are similar to using yum or apt-get to update a &linux; system. The command &man.freebsd-update.8; will fetch new updates and install them. The updates can be scheduled using &man.cron.8;. If you do use &man.cron.8; to schedule the updates, please be sure to use freebsd-update cron in your &man.crontab.1; to reduce the possibility of a large number of machines all pulling updates at the same time. 0 3 * * * root /usr/sbin/freebsd-update cron The last update method, updating from the installation discs, is a straight-forward process. Boot from the installation discs and select the option to upgrade. procfs: Gone But Not Forgotten In &linux;, you may have looked at /proc/sys/net/ipv4/ip_forward to determine if IP forwarding was enabled. Under &os; you should use &man.sysctl.8; to view this and other system settings, as &man.procfs.5; has been deprecated in current versions of &os;. (Although sysctl is available in &linux; as well.) In the IP forwarding example, you would use the following to determine if IP forwarding is enabled on your FreeBSD system: &prompt.user; sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 0 The flag is used to list all the system settings: &prompt.user; sysctl -a kern.ostype: FreeBSD kern.osrelease: 6.2-RELEASE-p9 kern.osrevision: 199506 kern.version: FreeBSD 6.2-RELEASE-p9 #0: Thu Nov 29 04:07:33 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC kern.maxvnodes: 17517 kern.maxproc: 1988 kern.maxfiles: 3976 kern.argmax: 262144 kern.securelevel: -1 kern.hostname: server1 kern.hostid: 0 kern.clockrate: { hz = 1000, tick = 1000, profhz = 666, stathz = 133 } kern.posix1version: 200112 ... Some of these sysctl values are read-only. There are occasions where procfs is required, such as running older software, using &man.truss.1; to trace system calls, and &linux; Binary Compatibility. (Although, &linux; Binary Compatibility uses its own procfs, &man.linprocfs.5;.) If you need to mount procfs you can add the following to /etc/fstab: proc /proc procfs rw,noauto 0 0 will prevent /proc from being automatically mounted at boot. And then mount procfs with: &prompt.root; mount /proc Common Commands Package Management &linux; command (Red Hat/Debian) &os; equivalent Purpose yum install package / apt-get install package pkg_add -r package Install package from remote repository rpm -ivh package / dpkg -i package pkg_add -v package Install package rpm -qa / dpkg -l pkg_info List installed packages System Management &linux; command &os; equivalent Purpose lspci pciconf List PCI devices lsmod kldstat List loaded kernel modules modprobe kldload / kldunload Load/Unload kernel modules strace truss Trace system calls Conclusion Hopefully this document has provided you with enough to get started with &os;. Be sure to take a look at the &os; Handbook for more in depth coverage of the topics touched on as well as the many topics not covered in this document.