Home 
 1. Installation 
 Creating floppies on Unix 
 Creating floppies on Windows o...  
 Starting the install 
 After you reboot 
 2. Personalize 
 Changing Console Display 
 Changing /etc files 
 Installing X 
 Printers 
 Personalize ksh 
 Tuning your monitor resolution...  
 Ports Tree 
 Package Management 
 App Install 
 Running Linux binaries on Open...  
 Activating Apache Web 
 Recompiling Apache 
 Rebuild and install OpenSSL 
 Configuring email 
 Changing services Banner 
OpenBSD 3.8 Quick Guide I386 Adonis a.K.a NtWaK0
Installation Personalize
GNU Free Documentation License
Version 1.0, 2006-02-24
Copyright © 2006 Adonis aKa NtWaK0 (www.safehack.com)
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

graphic
1. Installation
Creating floppies on Unix
Format and check for bad sectors.
  # fdformat /dev/rfd0c
  Format 1440K floppy `/dev/rfd0c'? (y/n): y
  Processing VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV done.
If you do not see ALL "V"'s then the disk is most likely bad, and you should try a new one.

Write the installation image to floppy.
  # dd if=floppy38.fs of=/dev/rfd0c bs=32k
Check to make sure that the copied image is the same as the original with the cmp command. If identical you will just get back the prompt.
  # cmp /dev/rfd0c floppy38.fs
Creating floppies on Windows or DOS
You can get the tools from the tools directory on any of the OBSD FTP mirrors, or from the 3.8/tools directory on CD1 of the OpenBSD CD set.
To write the installation image.
Example usage of rawrite:
  C:\> rawrite
  RaWrite 1.2 - Write disk file to raw floppy diskette
  Enter source file name: floppy38.fs
  Enter destination drive: a
  Please insert a formatted diskette into drive A: and press -ENTER- : Enter

Example usage of fdimage:
  C:\> fdimage -q floppy38.fs a:

Example usage of ntrw:
  C:\> ntrw floppy38.fs a:
Starting the install
When your boot is successful, you will see a lot of text messages scroll by. This text, is the dmesg, the kernel telling you what devices have been found, and where, a copy is saved as /var/run/dmesg.boot.
SHIFT+PGUP will let you examine text that has scrolled off the screen.
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
erase ^?, werase ^W, kill ^U, intr ^C, status ^T
(I)nstall, (U)pgrade or (S)hell? i
Specify terminal type: [vt220] Enter
kbd(8) mapping? ('?' for list) [none] Enter
Proceed with install? [no] y


Setting up disks
To enable all available security features you should configure the disk(s) to allow the creation of separate filesystems for /, /tmp, /var, /usr, and /home.
  • D - Clears any existing disklabel, creates a new default disklabel which covers just the current OpenBSD partition.
  • m - Modifies an existing entry in a disklabel.
  • r or reinit: Clears existing partition table, makes one big OpenBSD partition, flags it active, and installs the OpenBSD MBR code. Equivalent to saying "yes" to the "use *all* of ..." question.
  • p or print: Displays the current partition table in sectors. "p m" will show the partition table in megabytes, "p g" will show it in gigabytes.
  • e or edit: edit or alter a table entry.
  • f or flag: Marks a partition as the active partition, the one that will be booted from.
  • u or update: Updates the MBR with the OpenBSD boot code, similar to "reinit", except it doesn't alter the existing partition table.
  • exit and quit: Careful on these, as some users are used to "exit" and "quit" having opposite meanings.
MIN DISK PARTITIONS
(root)             100MB
/usr               250MB (no X) or 400MB (with X)
/var               25MB
/tmp               50MB
swap               32MB

Available disks are: wd0.
Which one is the root disk? (or done) [wd0] Enter
Do you want to use *all* of wd0 for OpenBSD? [no] Enter
  >p
  > d a
  > a a
  offset: [---] Enter
  size: [---] 150m
  Rounding to nearest cylinder:
  FS type: [4.2BSD] Enter
  mount point: [none] /
  > a b
  offset: [---] Enter
  size: [---] 300m
  Rounding to nearest cylinder:
  FS type: [swap] Enter
  > a d
  offset: [---] Enter
  size: [---] 120m
  Rounding to nearest cylinder:
  FS type: [4.2BSD] Enter
  mount point: [none] /tmp
  > a e
  offset: [---] Enter
  size: [---] 80m
  Rounding to nearest cylinder:
  FS type: [4.2BSD] Enter
  mount point: [none] /var
  > a g
  offset: [---] Enter
  size: [---] 3g
  Rounding to nearest cylinder:
  FS type: [4.2BSD] Enter
  mount point: [none] /usr
  > a h
  offset: [---] Enter
  size: [---] 4g
  Rounding to nearest cylinder:
  FS type: [4.2BSD] Enter
  mount point: [none] /home
  >q
  Write new label?: [y] Enter
  Mount point for wd0d (size=---)? (or 'none' or 'done') [/tmp] Enter
  Mount point for wd0e (size=---)? (or 'none' or 'done') [/var] Enter
  Mount point for wd0g (size=---)? (or 'none' or 'done') [/usr] Enter
  Mount point for wd0h (size=---)? (or 'none' or 'done') [/home] Enter
  Mount point for wd0d (size=---)? (or 'none' or 'done') [/tmp] done


Setting the system hostname
Enter system hostname (short form, e.g. 'foo'): puffy
STATIC IP
  Configure the network? [yes] Enter
  Available interfaces are: fxp0.
  Which one do you wish to initialize? (or 'done') [fxp0] Enter
  Symbolic (host) name for fxp0? [puffy] Enter
  The default media for fxp0 is
         media: Ethernet autoselect (100baseTX full-duplex)
  Do you want to change the default media? [no] Enter
  IP address for fxp0? (or 'dhcp') 199.185.137.55
  Netmask? [255.255.255.0] Enter
  IPv6 address for fxp0? (or 'rtsol' or 'none') [none]
  No more interfaces to initialize.
  DNS domain name? (e.g. 'bar.com') [my.domain] example.com
  DNS nameserver? (IP address or 'none') [none] 199.185.137.1
  Use the nameserver now? [yes] Enter
  Default route? (IP address, 'dhcp' or 'none') 199.185.137.128
  add net default: gateway 199.185.137.128
  Edit hosts with ed? [no] Enter
  Do you want to do any manual network configuration? [no] Enter

USING DHCP
  Configure the network? [yes] Enter
  Available interfaces are: fxp0.
  Which one do you wish to initialize? (or 'done') [fxp0] Enter
  Symbolic (host) name for fxp0? [puffy] Enter
  The default media for fxp0 is
         media: Ethernet autoselect (100baseTX full-duplex)
  Do you want to change the default media? [no] Enter
  IP address for fxp0? (or 'dhcp') dhcp
  Issuing hostname-associated DHCP request for fxp0.
  Sending on  Socket/fallback/fallback-net
  DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 1
  DHCPOFFER from 199.185.137.128
  DHCPREQUEST on fxp0 to 255.255.255.255 port 67
  DHCPACK from 199.185.137.128
  New Network Number: 199.185.137.0
  New Broadcast Address: 199.185.137.255
  bound to 199.185.137.55 -- renewal in 43200 seconds.
  Done - no available interfaces found.
  DNS domain name? (e.g. 'bar.com') [example.org] Enter
  DNS nameserver? (IP address or 'none') [199.185.137.1] Enter
  Use the nameserver now? [yes] Enter
  Default route? (IP address, 'dhcp' or 'none') [199.185.137.128] Enter
  Edit hosts with ed? [no] Enter
  Do you want to do any manual network configuration? [no] Enter

Set the password for the root account
Password for root account? (will not echo) TyPeASeCurePaSSW0rDHeRe
Password for root account? (again) TyPeASeCurePaSSW0rDHeRe

Choosing installation media
  Let's install the sets!
  Location of sets? (cd disk ftp http or 'done') [cd] Enter
  Available CD-ROMs are: cd0.
  Which one contains the install media? (or 'done') [cd0] Enter
  Pathname to the sets?  (or 'done') [3.8/i386] Enter

Choosing file sets
  File Name? (or 'done') [bsd.mp] all
         [X] bsd
         [X] bsd.rd
         [ ] bsd.mp
         [X] base38.tgz
         [X] etc38.tgz
         [X] misc38.tgz
         [X] comp38.tgz
         [X] man38.tgz
         [ ] game38.tgz
         [X] xbase38.tgz
         [X] xetc38.tgz
         [X] xshare38.tgz
         [X] xfont38.tgz
         [X] xserv38.tgz
  File Name? (or 'done') -game38.tgz -bsd.mp
  File Name? (or 'done') [done] Enter
  Ready to install sets? [yes] Enter
  Location of sets? (cd disk ftp http or 'done') [done] Enter

Finishing up
Start sshd(8) by default? [yes] y
To change edit /etc/rc.conf.local or /etc/rc.conf.
Start ntpd(8) by default? [no] y
To change edit /etc/rc.conf.local or /etc/rc.conf.
Do you expect to run the X Window System? [yes] y
Change the default console to com0? [no] Enter
Saving configuration files......done.
Generating initial host.random file ......done.
What timezone are you in? ('?' for list) [Canada/Mountain] ? Canada/Eastern
# halt

Before you reboot
  • Set your mount points to be what they will be on a normal reboot of your newly installed system.
    • # /mnt/usr/sbin/chroot /mnt
After you reboot
Checks
Check Local Time Soft link
$ ln -fs /usr/share/zoneinfo/Canada/Eastern /etc/localtime
You can update the system time by using rdate.
$ rdate -ncv time.nrc.ca or any time server.

Check hostname
Use the hosname command to verify that the name of your machine is correct. The hostname is save in /etc/myname
# hostname
# cat /etc/myname

Check Gateway
# cat /etc/mygate

Check disk mounts
Check that the disks are mounted correctly by comparing the /etc/fstab file against the output of the mount and df commands.
# cat /etc/fstab
# mount
# df
# pstat -s

Check nameserver (DNS client)
# cat resolv.conf
# cat /etc/resolv.conf               
search mydomain
nameserver 24.100.143.142 (My ISP DNS auto assigned using DHCP)
nameserver 24.100.143.143 (My ISP DNS auto assigned using DHCP)
nameserver 24.100.143.144 (My ISP DNS auto assigned using DHCP)
lookup file bind

You can either reboot or run the /etc/netstart script. You can do this by simply typing (as root). To test if the DNS is working type uname or uname -a and try to ping another host.

Disable RPC-based network services
We wont be running any NFS or YP we will make sure portmap=NO in /etc/rc.conf.local
A good approach is to never touch /etc/rc.conf itself. Instead, create the file /etc/rc.conf.local, copy just the lines you are about to change from /etc/rc.conf and adjust them as you like.

Mail Aliases
Edit /etc/mail/aliases and set the three standard aliases to go to either a mailing list, or the system administrator.
# Well-known aliases -- these should be filled in!
root: root
manager: root
dumper: root 
Run newaliases after changes.
$ newaliases

Deny root SSH Login
If you wish to deny root logins over the network, edit the /etc/ssh/sshd_config file and set PermitRootLogin to ``no''
Adding users
The easiest way to add a user in OpenBSD is to use the adduser script. You can configure adduser by editing /etc/adduser.conf.
I will add a user called ntwak0. He will be given the $HOME directory /home/ntwak0, and will be a member of the group guest, with a shell set to /bin/ksh.

    # adduser
    Use option ``-silent'' if you don't want to see all warnings and questions.
    Reading /etc/shells
    Reading /etc/login.conf
    Check /etc/master.passwd
    Check /etc/group
    Ok, let's go.
    Enter username []: ntwak0
    Enter full name []: Adonis a.K.a. NtWaK0 www.safehack.com
    Enter shell csh ksh nologin sh [sh]: ksh
    Uid [1002]: Enter
    Login group ntwak0 [ntwak0]: guest
    Login group is ``guest''. Invite ntwak0 into other groups: guest no
    [no]: no
    Login class auth-defaults auth-ftp-defaults daemon default staff
    [default]: Enter
    Enter password []: Type password, then Enter
    Enter password again []: Type password, then Enter

    Name:        ntwak0
    Password:    ****
    Fullname:    Adonis a.K.a. NtWaK0 www.safehack.com
    Uid:         1002
    Gid:         31 (guest)
    Groups:      guest
    Login Class: default
    HOME:        /home/ntwak0
    Shell:i      /bin/ksh
    OK? (y/n) [y]: y
    Added user ``ntwak0''
    Copy files from /etc/skel to /home/ntwak0
    Add another user? (y/n) [y]: n
    Goodbye!

If you want a user to be able to use the root password add the user to wheel group. You can add your own variables by editing /usr/sbin/adduser.
path=('/bin','/usr/bin','/usr/local/bin')
This contains the list of directories that contain legitimate shells.
shellpref=('csh','sh','ksh','nologin')
This is a list of legitimate shells. Adduser will let you choose from any of these when creating a new user.

Adding users non interactively
# adduser -batch ntwak0 wheel 'ntwak0' passwordhere

I will add the same user using another method. The settings are located in /etc/usermgmt.conf and can be viewed by using user command:
    $ user add -D
    $ encrypt -p -b 6
    Enter string:
    $2a$06$YOdOZM3.4m6MObBXjeZtBOWArqC2.uRJZXUkOghbieIvSWXVJRzlq
# user add -p '$2a$06$YOdOZM3.4m6MObBXjeZtBOWArqC2.uRJZXUkOghbieIvSWXVJRzlq' - u 1002 -s /bin/ksh -c "NtWaK0 User" -m -g guest ntwak0
OR
# user add -p '$2a$06$YOdOZM3.4m6MObBXjeZtBOWArqC2.uRJZXUkOghbieIvSWXVJRzlq' - u 1002 -s /bin/ksh -c "NtWaK0 User" -m -g wheel ntwak0

Note: Make sure to use ' ' (single quotes) around the password string, not " "
$ userinfo ntwak0

Change user logon information
# chpass root 

To delete users use the rmuser utility. It will remove any crontab entries, their $HOME dir, and their mail. Also it will remove their /etc/passwd and /etc/group entries.
# userdel -r ntwak0
Initial Network Setup
Find out what network interfaces have been identified.
$ ifconfig -a
  • # lo  - Loopback Interface
  • # pflog - Packet Filter Logging Interface
  • # sl - SLIP Network Interface
  • # ppp - Point to Point Protocol
  • # tun - Tunnel Network Interface
  • # enc - Encapsulating Interface
  • # bridge - Ethernet Bridge Interface
  • # vlan - IEEE 802.1Q Encapsulation Interface
  • # gre - GRE/MobileIP Encapsulation Interface
  • # gif - Generic IPv4/IPv6 Tunnel Interface
  • # carp - Common Address Redundancy Protocol Interface
If you don't have your interface configured, create the /etc/hostname.xxx file.
name = your interface will take the place of "xxx".
    address_family address netmask broadcast [other options]

Simple configuration for an IPv4 address:
    $ cat /etc/hostname.fxp0
    inet 10.0.0.38 255.255.255.0 NONE
Force 100baseTX full-duplex mode.
    inet 10.0.0.38 255.255.255.0 NONE media 100baseTX mediaopt full- duplex
Use special flags specific to a certain interface
    $ cat /etc/hostname.vlan0
    inet 172.21.0.31 255.255.255.0 NONE vlan 2 vlandev fxp1

If you have changed the network configuration you can reboot or run netstart script.
# sh /etc/netstart


Setting up aliases on an interface
To do this simply edit the file /etc/hostname.<if>
For the example, we assume that the user has an interface dc0 and is on the network 192.168.0.0. Other important information:

    * IP for dc0 is 192.168.0.2
    * NETMASK is 255.255.255.0
# cat /etc/hostname.dc0
inet 192.168.0.2 255.255.255.0 media 100baseTX
inet alias 192.168.0.3 255.255.255.255
inet alias 192.168.0.4 255.255.255.255
# ifconfig dc0 inet alias 192.168.0.3 netmask 255.255.255.255

To view these aliases you must use the command:
    $ ifconfig -A


Check Routing tables
$ netstat -rn
$ route show


DHCP Client
To use the DHCP client dhclient, edit /etc/hostname.xl0 (interface is xl0). All you need to put in this hostname file is 'dhcp':
    # echo dhcp > /etc/hostname.xl0

If you want to start a DHCP client from the command line, make sure /etc/dhclient.conf exists, then try:
    # dhclient fxp0
Source Code
src.tar.gz contains a source archive starting at /usr/src. This file contains everything you need except for the kernel sources, which are in a separate archive. To extract:

sys.tar.gz contains a source archive starting at /usr/src/sys. This file contains all the kernel sources you need to rebuild kernels. To extract:

Extracting the source code
To extract the source tree from the CD to /usr/src (assuming the CD is mounted on /mnt):
    # cd /usr/src; tar xzf /mnt/src.tar.gz
    # cd /usr; tar xzf /mnt/XF4.tar.gz
    # cd /usr; tar xzf /mnt/ports.tar.gz

Update the tree with a command like:
      # cd [portsdir]/; cvs -d anoncvsserver.openbsd.org:/cvs update -Pd -rOPENBSD_3_8

Searching the ports tree
$ cd /usr/ports
$ make search key=fetchmail
Straightforward installation
$ cd /usr/ports/mail/fetchmail
$ make install
Updating using CVS
Following -Stable
Here is how someone using anoncvs regularly would update his source tree:
    * First, start out by `get'-ing an initial tree:
      (If you are following current):
        # setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
        # cd /usr
        # cvs -q get -P src

      (If you are following the patch branch for 3.8):
        # setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
        # cd /usr
        # cvs -q get -rOPENBSD_3_8 -P src

    * Anytime afterwards, to `update' this tree:
      (If you are following current):
        # cd /usr/src
        # cvs -q up -Pd

      (If you are following the patch branch for 3.8):
        # cd /usr/src
        # cvs -q up -rOPENBSD_3_8 -Pd

In the above example, -q is optional, only intended to minimize cvs's output. For those who like to see screenfulls of output, it can be omitted.

To use ports, it is similar to src:
      (If you are following current):
        # setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
        # cd /usr
        # cvs -q get -P ports

      (If you are following the patch branch for 3.8):
        # setenv CVSROOT anoncvs@anoncvs.ca.openbsd.org:/cvs
        # cd /usr
        # cvs -q get -rOPENBSD_3_8 -P ports

    * Anytime afterwards, to `update' this tree:
      (If you are following current):
        # cd /usr/ports
        # cvs -q up -Pd

      (If you are following the patch branch for 3.8):
        # cd /usr/ports
        # cvs -q up -rOPENBSD_3_8 -Pd

NOTE: For users wishing to use rsh, you must first set the CVS_RSH environment variable to point to the rsh(1) program:
    * For Korn/Bourne shells:
              $ export CVS_RSH=/usr/bin/rsh
    * For csh/tcsh:
              % setenv CVS_RSH /usr/bin/rsh
Rebuild Your Kernel
To rebuild the default kernel from stable:
      # cd /usr/src/sys/arch/i386/conf
      # /usr/sbin/config GENERIC
      # cd /usr/src/sys/arch/i386/compile/GENERIC
      # make clean && make depend && make

To reboot with the newly compiled kernel:
# cd /usr/src/sys/arch/i386/compile/GENERIC
# cp /bsd /bsd.old          (Save an old copy of your kernel)
# cp bsd /bsd               (Copy the new kernel into place)
# reboot

Building the userland (rebuild the system binaries)
Note that the use of the /usr/obj directory is mandatory. Failing to do this step before building the rest of the tree will likely leave your src tree in bad shape.
Make sure all the appropriate directories are created.
# cd /usr/src/etc && env DESTDIR=/ make distrib-dirs

# cd /usr/src
# rm -r /usr/obj/*
# make obj && make build
Popular commands
OpenBSD man pages
OpenBSD Packages
Patching
You need to check http://www.openbsd.org/errata.html often for any security patches. You can get all the patch in on tar file from:

Example
Wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/016_openssl.patch
Apply by doing:
        cd /usr/src
        patch -p0 < 016_openssl.patch

And then rebuild and install OpenSSL:
        cd lib/libssl
        make obj
        make depend
        make
        make install
2. Personalize
Changing Console Display
This can be done automatically at boot by adding the following lines to the end of your rc.local file:
wsfontload -h 8 -e ibm /usr/share/misc/pcvtfonts/vt220l.808
wsconscfg -dF 5
wsconscfg -t 80x50 5
Changing /etc files
Note that the /etc/motd file is modified by /etc/rc whenever the system is booted.  To keep any custom message intact, ensure that you leave two blank lines at the top, or your message will be overwritten.
Make a backup copy of all files in /etc/.

Check for any local changes needed in the files /etc/rc.conf,  /etc/rc.local, /etc/rc.securelevel, and /etc/rc.shutdown.
Installing X
When you installed OpenBSD you have the choise to install X if you have done so the next step is to configure your X windows.
Two programs are recommended for creating your XF86Config file: xf86cfg and xf86config.
xf86cfg configuration is confusing if you are not used to, alternately it offers a text-mode configuration 'xf86cfg -textmode'
I suggest you using XF86Config it help the process if you can connect from another computer 'ssh' and execute the installation sequence so you can more easily review error output, which is logged in /var/log/XFree86.0.log.
$ tail -f /var/log/XFree86.0.log

A starting point on a new machine with no idea about the video card, is to use XFree86 -configure option.
$ XFree86 -configure
Your XF86Config file is /root/XF86Config.new
To test the server, run:
$ XFree86 -xf86config /root/XF86Config.new

If the graphic screen worked well, use this Configuration as a basis for your X environment.
Copy the /root/XF86Config.new file to the standard location for your machine (usually at /etc/X11)
Note: make backups of any existing files before you copy anything
$ cp /etc/X11/XF86Config /etc/X11/XF86Config.org
$ cp /root/XF86Config.new /etc/X11/XF86Config

Starting:
# /usr/X11R6/bin/startx 

To start X Window using 256 color mode:
# startx -- -bbp 8
To start X Window in true colour mode, use the following command
# startx -- -bbp 32
'startx' is a script to initialise services for the X Window environment which in the default OpenBSD configuration starts up a simple 'window manager' and a number of 'xterm' connections.

X won't start
If you have X completely set up and you are using an XF86Config that you know works then the problem most likely lies in the machdep.allowaperture. You also need to make sure that:
option APERTURE
Then you need to edit /etc/sysctl.conf and set machdep.allowaperture=2. This will allow X to access the aperture driver. This would already be set if you said that you would be running X when asked during the install. OpenBSD requires for all X servers that the aperture driver be set, because it controls access to the I/O ports on video boards.

Stopping:
To exit out of X, use Ctrl+Alt+Backspace
Printers
Edit /etc/printcap and /etc/hosts.lpd to get any printers set up.
Personalize ksh
The command prompt of ksh can easily be changed to something providing more information than the default "$ " by setting the PS1 variable. For example, inserting the following line:
    export PS1='$PWD $ '
in your /etc/profile produces the following command prompt:
    /home/nick $
See the file /etc/ksh.kshrc, which includes many useful features and examples, and may be invoked in your user's .profile.
Starting with OpenBSD 3.7, ksh has been enhanced:
    \e - Insert an ASCII escape character.
    \h - The hostname, minus domain name.
    \H - The full hostname, including domain name.
    \n - Insert a newline character.
    \t - The current time, in 24-hour HH:MM:SS format.
    \u - The current user's username.
    \w - The current working directory. $HOME is abbreviated as `~'.
    \W - The basename of the current working directory.
One could use the following command:
export PS1="\n\u@\H\n\w $ "

http://www.openbsd.org/faq/faq10.html#httpdchroot
Tuning your monitor resolution under X
Getting an X server working at an acceptable resolution with many multi-sync monitors is possible. If anyone has tried to do this with the standard xorgconfig or XF86Setup utilities, they probably didn't get the best possible results.
One of the more painful aspects is simply getting your monitor running with your preferred resolution, and then getting the vertical scan rate set to at least 72-75 Hz, a rate where the screen flicker is much less visible to humans.
The X server has a mechanism which allows you to describe in detail the video mode you want to use, this is the ModeLine. A ModeLine has four sections, a single number for the pixel clock, four numbers for horizontal timings, four numbers for vertical timings, and an optional section with a list of flags specifying other characteristics of the mode.

Generating a ModeLine is a black art... Luckily, there are several scripts which can do this for you. One is Colas XFree86 ModeLine Generator http://koala.ilog.fr/ftp/pub/Klone/. Another is The XFree86 Modeline Generator.
Before you can use these ModeLine generators, you need the vertical and horizontal sync limits for your monitor

Once you have your ModeLines, put them into your /etc/X11/xorg.conf file.
Comment out the old ModeLines, so that you can use them again if the new ones don't work. Next, choose what resolution you actually want to run at.
Find out if X is running in accelerated mode (which it does with most video cards), so you know which "Screen" section of the xorg.conf to modify. Or, just modify all of the Screen sections.

Section "Screen"
   Driver          "Accel"
   Device          "Primary Card"
   Monitor         "Primary Monitor"
   DefaultColorDepth 32
   SubSection "Display"
      Depth        32
      Modes        "1280x1024" "1024x768"
   EndSubSection

The first resolution you see after the "Modes" keyword is the resolution that X is going to start in.
By pressing CTRL-ALT-KEYPAD MINUS, or CTRL-ALT-KEYPAD PLUS, you can switch between any resolutions that you list here.
According to the section above, X will try to start in 32-bit color mode (via the DefaultColorDepth directive, without it X will start in 8-bit color mode.) The first resolution it will try to use is 1280x1024 (it follows the order of the Modes line.) Note that "1280x1024" is just a label for the values in the ModeLine.

Note that the ModeLine generator script has options to relax its timings for older or smaller monitors, and also has the ability to provide ModeLines for specific resolutions. Depending on the type of hardware you have, it may not be very easy to use with the default options. If the picture is too tall, too wide, or too small, or is shifted horizontally or vertically, and the controls of the monitor aren't enough to correct its appearance, one can use xvidtune to adjust the ModeLine to better fit with the monitor's timings.
On most modern monitors, there is no fixed limit on the bandwidth, thus they are often not listed anymore in the specs. What happens is that the more you go up in bandwidth, the fuzzier the screen image becomes.
You can download the Colas XFree86 ModeLine Generator script at: http://koala.ilog.fr/ftp/pub/Klone/. You need to grab the Klone interpreter, and compile it. It is in the ports as lang/klone. The scripts exist under the scripts directory in the Klone distribution. (The port installs them to /usr/local/lib/klone/scripts.)
To install Klone:
  * get the KloneXXX.tar.gz file in this directory (XXX = version number)
  * unarchive somewhere
  * compile by "make SYSTEM", where SYSTEM is linux, solaris, alpha, win32...
  * install libs (see README, basically copy kl/ somewhere and make the env
    var KLONEPATH points to it)
  * put the klone executable, and scripts ypu want to use from the scripts/
    dir somewhere

http://www.openbsd.org/faq/faq11.html#XF86
Ports Tree
This should be done before using ports tree.
# cd /usr; tar xzf /mnt/ports.tar.gz

Update the tree with a command like:
      # cd [portsdir]/; cvs -d anoncvsserver.openbsd.org:/cvs update -Pd -rOPENBSD_3_8

Searching the ports tree
$ cd /usr/ports
$ make search key=fetchmail
Straightforward installation
$ cd /usr/ports/mail/fetchmail
$ make install

You probably want to clean the port's default working directory after you have built the package and installed it.
    $ make clean
In addition, you can also clean the working directories of all dependencies of the port with this make target:
    $ make clean=depends
If you wish to remove the source distribution set(s) of the port, you would use
    $ make clean=dist
In case you have been compiling multiple flavors of the same port, you can clear the working directories of all these flavors at once using
    $ make clean=flavors

To see the different flavors of a certain port, you would change to its subdirectory and issue
    $ make show=FLAVORS
To list the different subpackages available for a port, use
    $ make show=MULTI_PACKAGES


Uninstalling a port's package
$ make uninstall
Package Management
  • pkg_add(1) - a utility for installing and upgrading software packages.
  • pkg_delete(1) - a utility for deleting previously installed software packages.
  • pkg_info(1) - a utility for displaying information about software packages.
  • pkg_create(1) - a utility for creating software packages.

You can make things really easy by using the PKG_PATH environment variable. Just point it to your favorite location, and pkg_add(1) will automatically look there for any package you specify, and also fetch and install the necessary dependencies of this package automatically.

Example 1: fetching from your CDROM, assuming you mounted it on /mnt/cdrom
$ export PKG_PATH=/mnt/cdrom/3.8/packages/`machine -a`/
Example 2: fetching from a nearby FTP mirror http://www.openbsd.org/ftp.html
$ export PKG_PATH=ftp://your.ftp.mirror/pub/OpenBSD/3.8/packages/`machine -a`/
Add a line similar to the above examples to your ~/.profile. As with the classic PATH variable, you can specify multiple locations, separated by colons. HOWEVER, every path in the PKG_PATH variable MUST end in a slash (/).


Installing new packages
$ sudo pkg_add -v packagename
$ sudo pkg_add ghostscript-fonts-6.0
$ sudo pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/`machine -a`/screen-  4.0.2.tgz
App Install
Installing tcsh
TCSH is an extended C-shell with many useful features like filename completion, history editing, etc.
# cd /usr/ports/shells/tcsh && make install clean
edit /etc/shells and add /usr/local/bin/tcsh

Adding Aliases: Do this after installing tcsh. Edit the file ~/.cshrc or ~/.tcshrc and add
set prompt = "-- %T %n %~ -- \n$ "
alias   updb '/usr/libexec/locate.updatedb'
updb will help you updating the database used by locate to find file easier.
Installing Nano
nano is a small, free and friendly editor which aims to replace Pico, the default editor included in the non-free Pine package. Rather than just copying Pico's look and feel, nano also implements some missing (or disabled by default) features in Pico, such as "search and replace" and "goto line number".
# cd /usr/ports/editors/nano && make install clean
Installing wget
Retrieve files from the 'net via HTTP and FTP.
# cd /usr/ports/net/wget && make install clean
The wget configuration file is located in /etc/wgetrc
Installing curl
$ cd /usr/ports/net/curl && make install clean
$ /usr/local/bin/curl

cURL is a tool for getting files from FTP, HTTP, HTTPS, Gopher and DICT servers, with URL syntax support. cURL supports HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, user+password authentication and a busload of other useful tricks.
Installing nmap
Nmap is a utility for port scanning large networks, although it works fine for single hosts.
# cd /usr/ports/net/nmap && make install clean

nmap –sS –P0 –vv localhost
nmap -sS -P0 -O -vv -T 1 192.168.1.1-254
nmap -sS -P0 -O -vv -T 1 -oN "scanout.txt" 192.168.1.10-13
nmap -sS -P0 -O -vv -T 2 -oN "scanout.txt" 192.168.1.10-13
nmap -sS -P0  -p 80,8080 -O -vv -T 2 -oN "scan_192.168.1.txt" 192.168.1.10-13

Stateless Firewalls & Source Port Scanning
nmap -sS -P0 -g 80 -p 139 192.168.1.1

Installing Nmap From Source
# bzip2 -cd nmap-3.50.tar.bz2 | tar xvf -
# cd nmap-3.50
# ./configure --without-nmapfe
# make
# make install
Installing hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired by the ping(8) unix command, but hping isn't just for sending ICMP echo requests.
A subset of the stuff you can do using hping:

- Firewall testing Advanced port scanning
- Network testing, using different protocols, TOS, fragmentation
- Manual path MTU discovery
- Advanced traceroute, under all the supported protocols
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stacks auditing

# cd /usr/ports/net/hping && make install clean
# /usr/local/sbin/hping
# /usr/local/sbin/hping 192.168.1.100 -c2 -S -p139 -n
# hping 10.10.1.1 -c2 -S -p80 -n
Installing firewalk
# cd /usr/ports/net/firewalk && make install clean
# /usr/local/sbin/firewalk
# firewalk -n -P1-8 -pTCP 10.0.0.1 10.0.0.20
# firewalk -n -oscan1 -t5 -s5555 -pudp -P50 –ixl0 r2 -T1 -S7-25,137-139 192.168.1.103 192.168.1.100
Installing ipaudit
IPaudit is a software package to record and display network activity. It includes ipaudit, which stores counts of bytes and packets for every combination of host/port pairs and protocol.
The utilities total and ipstrings can be used to investigate network traffic records from the command line.
# cd /usr/ports/net/ipaudit && make install clean
Installing Nitko
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2600 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
# tar -zxvf nikto-current.tar.gz
# more config.txt

To run it
# ./nikto.pl -Cgidirs all -host youriphere -nolookup > ~/outfile.txt

To update nikto
# ./nikto.pl -update
Installing Nessus
Before installing nessus we need to install bison and libnet packages.
# cd /usr/ports/devel/bison
# make install
# make clean
Or
# pkg_add /usr/ports/packages/i386/all/ bison-1.35p1.tgz
Or
# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/bison- 1.35p1.tgz
We need to install libnet package
# pkg_add /usr/ports/packages/i386/all/ libnet-1.1.2.1.tgz
Or
# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/libnet- 1.1.2.1.tgz

To install Nessus, you need to download the latest distribution available at:
# lynx -source http://install.nessus.org | sh
Or
# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/nessus- core- 2.2.5p0.tgz
Or
# ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/nessus-core- 2.2.5p0- no_x11.tgz
Follow the screen instruction.
$ /usr/local/sbin/nessus-mkcert

CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]: CA
Your state or province name [none]: QC
Your location (e.g. town) [Paris]: Montreal
Your organization [Nessus Users United]: Adonis a.K.a NtWaK0

$ /usr/local/sbin/nessus-adduser

Login : scanthem
Authentication (pass/cert) [pass] :
Login password : [ScanThem]

hit ctrl-D once you are done :

Login             : scanthem
Password          : [ScanThem]
DN                :
Rules             :

Is that ok ? (y/n) [y] y
user added.

$ /usr/local/sbin/nessus-update-plugins
Installing Nessus from the tar file
Get the files :
Compiling the files
You must compile them in this order.
Compiling nessus-libraries
cd nessus-libraries
./configure
make
make install

<