diff --git a/en_US.ISO8859-1/articles/linux-comparison/article.sgml b/en_US.ISO8859-1/articles/linux-comparison/article.sgml index 4a68932185..f6a3644a1e 100644 --- a/en_US.ISO8859-1/articles/linux-comparison/article.sgml +++ b/en_US.ISO8859-1/articles/linux-comparison/article.sgml @@ -1,547 +1,546 @@ %articles.ent; ]>
FreeBSD: An Open Source Alternative to Linux Dru Lavigne
dru@isecom.org
 2005 Dru Lavigne $FreeBSD$ &tm-attrib.freebsd; &tm-attrib.linux; &tm-attrib.unix; &tm-attrib.general; &legalnotice; The objective of this whitepaper is to explain some of the features and benefits provided by FreeBSD, and where applicable, compare those features to Linux. This paper provides a starting point for those interested in exploring Open Source alternatives to Linux. Introduction FreeBSD is a &unix; like operating system based on the Berkeley Software Distribution. While FreeBSD and Linux are commonly perceived as being very similar, there are differences: Linux itself is a kernel. Distributions (e.g. Red Hat, Debian, Suse and others) provide the installer and the utilities available to the user. http://www.linux.org/dist lists well over 300 distinct distributions. While giving the user maximum flexibility, the existence of so many distributions also increases the difficulty of transferring one's skills from one distribution to another. Distributions don't just differ in ease-of install and available programs; they also differ in directory layout, available shells and window managers, and software installation and patching routines. FreeBSD is a complete operating system (kernel and userland) with a well-respected heritage grounded in the roots of Unix development.[1] Since both the kernel and the provided utilities are under the control of the same release engineering team, there is less likelihood of library incompatibilities. Security vulnerabilities can also be addressed quickly by the security team. When new utilities or kernel features are added, the user simply needs to read one file, the Release Notes, which is publicly available on the main page of the FreeBSD website. FreeBSD has a large and well organized programming base which ensures changes are implemented quickly and in a controlled manner. There are several thousand programmers who contribute code on a regular basis but only about 300 of these have what is known as a commit bit and can actually commit changes to the kernel, utilities and official documentation. A release engineering team provides quality control and a security officer team is responsible for responding to security incidents. In addition, there is an elected core group of 8 senior committers who set the overall direction of the Project. In contrast, changes to the Linux kernel ultimately have to wait until they pass through the maintainer of kernel source, Linus Torvalds. How changes to distributions occur can vary widely, depending upon the size of each particular distribution's programming base and organizational method. While both FreeBSD and Linux use an Open Source licensing model, the actual licenses used differ. The Linux kernel is under the GPL license while FreeBSD uses the BSD license. These, and other Open Source licenses, are described in more detail at the website of the Open Source Initiative. The driving philosophy behind the GPL is to ensure that code remains Open Source; it does this by placing restrictions on the distribution of GPLd code. In contrast, the BSD license places no such restrictions, which gives you the flexibility of keeping the code Open Source or closing the code for a proprietary commercial product.[2] Having stable and reliable code under the attractive BSD license means that many operating systems, such as Apple OS X are based on FreeBSD code. It also means that if you choose to use BSD licensed code in your own projects, you can do so without threat of future legal liability. FreeBSD Features Supported Platforms FreeBSD has gained a reputation as a secure, stable, operating system for the Intel (i386) platform, However, FreeBSD also supports the following architectures: alpha amd64 ia64 i386 pc98 sparc64 In addition, there is ongoing development to port FreeBSD to the following architectures: ARM MIPS PowerPC Up-to-date hardware lists are maintained for each architecture so you can tell at a glance if your hardware is supported. For servers, there is excellent hardware RAID and network interface support. FreeBSD also makes a great workstation and laptop operating system! It supports the X Window System, the same one used in Linux distributions to provide a desktop user interface. It also supports over 13,000 easy to install third-party applications,[3] including KDE, Gnome, and OpenOffice. Several projects are available to ease the installation of FreeBSD as a desktop. The most notable are: FreeSBIE which provides a LiveCD of FreeBSD. PC-BSD which provides an easy-to-use GUI installer for FreeBSD aimed at the desktop user. Extensible Frameworks FreeBSD provides many extensible frameworks to easily allow you to customize the FreeBSD environment to your particular needs. Some of the major frameworks are: Netgraph Netgraph is a modular networking subsystem that can be used to supplement the existing kernel networking infrastructure. Hooks are provided to allow developers to derive their own modules. As a result, rapid prototyping and production deployment of enhanced network services can be performed far more easily and with fewer bugs. Many existing operational modules ship with FreeBSD and include support for: PPPoE ATM ISDN Bluetooth HDLC EtherChannel Frame Relay L2TP, just to name a few. GEOM GEOM is a modular disk I/O request transformation framework. Since it is a pluggable storage layer, it permits new storage services to be quickly developed and cleanly integrated into the FreeBSD storage subsystem. Some examples where this can be useful are: Creating RAID solutions. Providing full-blown cryptographic protection of stored data. Newer versions of FreeBSD provide many administrative utilities to use the existing GEOM modules. For example, one can create a disk mirror using &man.gmirror.8;, a stripe using &man.gstripe.8;, and a shared secret device using &man.gshsec.8;. GBDE GBDE, or GEOM Based Disk Encryption, provides strong cryptographic protection and can protect file systems, swap devices, and other uses of storage media. In addition, GBDE transparently encrypts entire file systems, not just individual files. No cleartext ever touches the hard drive's platter. MAC MAC, or Mandatory Access Control, provides fine-tuned access to files and is meant to augment traditional operating system authorization provided by file permissions. Since MAC is implemented as a modular framework, a FreeBSD system can be configured for any required policy varying from HIPAA compliance to the needs of a military-grade system. FreeBSD ships with modules to implement the following policies; however the framework allows you to develop any required policy: Biba integrity model Port ACLs MLS or Multi-Level Security confidentiality policy LOMAC or Low-watermark Mandatory Access Control data integrity policy Process partition policy PAM Like Linux, FreeBSD provides support for PAM, Pluggable Authentication Modules. This allows an administrator to augment the traditional Unix username/password authentication model. FreeBSD provides modules to integrate into many authentication mechanisms, including: Kerberos 5 OPIE RADIUS TACACS+ It also allows the administrator to define policies to control authentication issues such as the quality of user-chosen passwords. Security Security is very important to the FreeBSD Release Engineering Team. This manifests itself in several concrete areas: All security incidents and fixes pass through the Security Team and are issued as publicly available Advisories. The Security Team has a reputation for quickly resolving known security issues. Full information regarding FreeBSD's security handling procedures and where to find security information is available at . One of the problems associated with Open Source software is the sheer volume of available applications. There are literally 10s of 1000s of Open Source application projects each with varying levels of responsiveness to security incidents. FreeBSD has met this challenge head-on with VuXML. All software shipped with the FreeBSD operating system as well any software available in the Ports Collection is compared to a database of known, unresolved vulnerabilities. An administrator can use the portaudit utility to quickly determine if any software on a FreeBSD system is vulnerable, and if so, receive a description of the problem and an URL containing a more detailed vulnerability description. FreeBSD also provides many mechanisms which allow an administrator to tune the operating system to meet his security needs: The &man.jail.8; utility allows an administrator to imprison a process; this is ideal for applications which don't provide their own chroot environment. The &man.chflags.1; utility augments the security provided by traditional Unix permissions. It can, for example, prevent specified files from being modified or deleted by even the superuser. FreeBSD provides 3 built-in stateful, NAT-aware firewalls, allowing the flexibility of choosing the ruleset most appropriate to one's security needs. The FreeBSD kernel is easily modified, allowing an administrator to strip out unneeded functionality. FreeBSD also supports kernel loadable modules and provides utilities to view, load and unload kernel modules. The sysctl mechanism allows an administrator to view and change kernel state on-the-fly without requiring a reboot. Support Like Linux, FreeBSD offers many venues for support, both freely available and commercial. Free Offerings FreeBSD is one of the best documented operating systems, and the documentation is available both as part of the operating system and on the Internet. Manual pages are clear, concise and provide working examples. The FreeBSD Handbook provides background information and configuration examples for nearly every task one would wish to complete using FreeBSD. FreeBSD provides many support mailing lists. where answers are archived and fully searchable. If you have a question that wasn't addressed by the Handbook, it most likely has already been answered on a mailing list. The Handbook and mailing lists are also available in several languages, all of which are easily accessible from . There are many FreeBSD IRC channels, forums and user groups. See for a selection. If you're looking for a FreeBSD administrator, developer or support personnel, send a job description which includes geographic location to freebsd-jobs@FreeBSD.org. Commercial Offerings There are many vendors who provide commercial FreeBSD support. Resources for finding a vendor near you include: The Commercial Vendors page at the FreeBSD site: FreeBSDMall has been selling support contracts for nearly 10 years. The BSDTracker Database at: There is also an initiative to provide certification of BSD system administrators. . If your project requires Common Criteria certification, FreeBSD includes the TrustedBSD MAC framework to ease the certification process. Advantages to Choosing FreeBSD There are many advantages to including FreeBSD solutions in your IT infrastructure: FreeBSD is well documented and follows many standards. This allows your existing intermediate and advanced system administrators to quickly transfer their existing Linux and Unix skillsets to FreeBSD administration. In-house developers have full access to all FreeBSD code[4] for all releases going back to the original FreeBSD release. Included with the code are all of the log messages which provide context to changes and bugfixes. Additionally, a developer can easily replicate any release by simply checking out the code with the desired label. In contrast, Linux traditionally didn't follow this model, but has recently adopted a more mature development model. [5] In-house developers also have full access to FreeBSD's GNATS bug-tracking database. They are able to query and track existing bugs as well as submit their own patches for approval and possible committal into the FreeBSD base code. The BSD license allows you to freely modify the code to suit your business purposes. Unlike the GPL, there are no restrictions on how you choose to distribute the resulting software. Conclusion FreeBSD is a mature Unix-like operating system which includes many of the features one would expect in a modern Unix system. For those wishing to incorporate an Open Source solution in their existing infrastructure, FreeBSD is an excellent choice indeed. Addenda See also for a brief history. For a fairly unbiased view of the merits of each license, see . Using FreeBSD's ports - collection: . Software installation is as easy as - pkg_add -r - application_name. + collection: software installation is as easy as + pkg_add -r application_name. In addition, all code is browsable through a web-interface: . An interesting overview of the evolving Linux development model can be found at .