Table of Contents



OpenBSD is a great OS to install for a system that relies on security, such as a public web server. Some positive reasons for using OpenBSD are that it is proactively audited for security, it partitions the filesystem into different directories to limit access and permissions, it runs Apache 1.3 and nginx in a chroot, the system binaries are statically-linked, which makes setting up a root jail very simple.

As of this writing, OpenBSD 5.5 is the latest version available.

Installation is simple – download the install55.iso as the main CD, and boot off it. Use the defaults for each step.

I'd recommend giving the filesystem at least 24 GB of HDD space so that there's enough room for applications and some basic hosted services. On a virtual machine, you can always add space later, if that's a consideration, but it's going to make life much simpler if you let the installer deal with modifying partitions and mount points.

First Boot

After initial boot, there's some basics to go through: setting up networking, the shell parameters, and package management.


The OpenBSD installer will use DHCP by default for the primary network device, so you shouldn't need to worry there.

The next step is to set the hostname for the server:

echo > /etc/myname

Then add the entries to /etc/hosts as well.


OpenBSD uses the ksh shell by default. It is comparable to bash when it comes to features.

On login, the shell will read the ~/.profile file. It will not read the ~/.kshrc file by default – the profile file must be updated.

Add this to the file:

ENV=$HOME/.kshrc; export ENV

Package Management

The preferred and recommended way to install packages on OpenBSD is through the binary packages. Don't use the ports system – you'll quickly use up all your space across the various partitions, and it's not worth it. The packages are of good quality and have everything you'd need to get up and running. Admittedly, the only drawback is that it's difficult finding which packages are available.

The .kshrc file above will set the proper PKG_PATH variable so that the next step is to simply use pkg_add to install packages. For the sake of verbosity, here is the command repeated again:

export PKG_PATH=`uname -r`/packages/`uname -p`

From there, you can start installing some base packages.

There are two guis you can use to browse the tree and see what's installed: webmin and pkg_mgr. Webmin has to be installed traditionally, but you will need the SSLeay perl module first:

pkg_add p5-Net-SSLeay

The second option is pkg_mgr, which is a nice ncurses frontend to browse / search / install packages.

pkg_add pkg_mgr


System Services

All modifications from the defaults in /etc/rc.conf need to go into /etc/rc.conf.local. Do not edit the default rc.conf file.

Add any manual scripts to run in /etc/rc.local.


Run adduser, an interactive script to create new users.

Run rmuser to delete a user. This will also delete their home directory, and any crontab entries.


Cron logs are located at /var/cron/log

Initial Setup

These docs will follow the method of using the -stable branch, by rebuilding the sources with updates.

  • RELEASE: What is on the CD.
  • STABLE: Release, plus security and reliability enhancements.
  • CURRENT: The development version of OpenBSD.

IDE drives are named starting with /dev/wd0. SCSI drives are named starting with /dev/sd0.