<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook XML V4.5-Based Extension//EN"
"../../../share/xml/freebsd45.dtd">
<!--
Copyright (c) 2005 Dru Lavigne
Redistribution and use in source (SGML DocBook) and 'compiled' forms
(SGML, HTML, PDF, PostScript, RTF and so forth) with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code (SGML DocBook) must retain the above
copyright notice, this list of conditions and the following
disclaimer as the first lines of this file unmodified.
2. Redistributions in compiled form (transformed to other DTDs,
converted to PDF, PostScript, RTF and other formats) must reproduce
the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials
provided with the distribution.
THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION PROJECT "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NIK CLAYTON BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
$FreeBSD$
-->
<article lang='en'>
<articleinfo>
<title>FreeBSD: An Open Source Alternative to Linux</title>
<author>
<firstname>Dru</firstname>
<surname>Lavigne</surname>
<affiliation>
<address><email>dru@isecom.org</email></address>
</affiliation>
</author>
<copyright>
<year>2005</year>
<holder role="mailto:dru@isecom.org">Dru Lavigne</holder>
</copyright>
<pubdate>$FreeBSD$</pubdate>
<releaseinfo>$FreeBSD$</releaseinfo>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.linux;
&tm-attrib.unix;
&tm-attrib.general;
</legalnotice>
&legalnotice;
<abstract>
<para>The objective of this whitepaper is to explain some of the
features and benefits provided by &os;, and where
applicable, compare those features to &linux;. This paper
provides a starting point for those interested in exploring
Open Source alternatives to &linux;.</para>
</abstract>
</articleinfo>
<sect1 id="introduction">
<title>Introduction</title>
<para>&os; is a &unix; like operating system based on the
Berkeley Software Distribution. While &os; and &linux; are
commonly perceived as being very similar, there are differences:</para>
<orderedlist>
<listitem>
<para>&linux; itself is a kernel. Distributions (e.g. Red Hat,
Debian, Suse and others) provide the installer and the
utilities available to the user. http://www.linux.org/dist
lists well over 300 distinct distributions. While giving
the user maximum flexibility, the existence of so many
distributions also increases the difficulty of transferring
one's skills from one distribution to another. Distributions
don't just differ in ease-of install and available programs;
they also differ in directory layout, available shells and
window managers, and software installation and patching
routines.</para>
<para>&os; is a complete operating system (kernel and
userland) with a well-respected heritage grounded in the
roots of Unix development.
<footnote>
<para>See also <ulink
url="http://www.oreilly.com/catalog/opensources/book/kirkmck.html"></ulink>
for a brief history.</para>
</footnote>
Since both the kernel and the
provided utilities are under the control of the same release
engineering team, there is less likelihood of library
incompatibilities. Security vulnerabilities can also be
addressed quickly by the security team. When new utilities
or kernel features are added, the user simply needs to read
one file, the Release Notes, which is publicly available on
the main page of the <ulink
url="http://www.FreeBSD.org">&os; website</ulink>.</para>
</listitem>
<listitem>
<para>&os; has a large and well organized programming base
which ensures changes are implemented quickly and in a
controlled manner. There are several thousand programmers
who contribute code on a regular basis but only about 300 of
these have what is known as a commit bit and can actually
commit changes to the kernel, utilities and official
documentation. A release engineering team provides quality
control and a security officer team is responsible for
responding to security incidents. In addition, there is an
elected core group of 8 senior committers who set the
overall direction of the Project.</para>
<para>In contrast, changes to the Linux kernel ultimately have
to wait until they pass through the maintainer of kernel
source, Linus Torvalds. How changes to distributions occur
can vary widely, depending upon the size of each particular
distribution's programming base and organizational method.</para>
</listitem>
<listitem>
<para>While both &os; and &linux; use an Open Source
licensing model, the actual licenses used differ. The Linux
kernel is under the <ulink url="http://www.opensource.org/licenses/gpl-license.php">GPL license</ulink> while
&os; uses the <ulink url="http://www.opensource.org/licenses/bsd-license.php">BSD license</ulink>. These,
and other Open Source licenses, are described in more detail
at the website of the <ulink url="http://www.opensource.org/licenses/">Open Source
Initiative</ulink>.</para>
<para>The driving philosophy behind the GPL is to ensure that
code remains Open Source; it does this by placing
restrictions on the distribution of GPLd code. In contrast,
the BSD license places no such restrictions, which gives you
the flexibility of keeping the code Open Source or closing
the code for a proprietary commercial product.
<footnote>
<para>For a fairly unbiased view of the merits of each
license, see <ulink
url="http://en.wikipedia.org/wiki/BSD_and_GPL_licensing"></ulink>.</para>
</footnote>
Having
stable and reliable code under the attractive BSD license
means that many operating systems, such as <ulink url="http://developer.apple.com/darwin/projects/darwin/faq.html">Apple OS X</ulink>
are based on FreeBSD code. It also means that if you choose
to use BSD licensed code in your own projects, you can do so
without threat of future legal liability.</para>
</listitem>
</orderedlist>
</sect1>
<sect1 id="freebsd-features">
<title>&os; Features</title>
<sect2 id="freebsd-features-platforms">
<title>Supported Platforms</title>
<para>&os; has gained a reputation as a secure, stable,
operating system for the &intel; (&i386;) platform. However,
&os; also supports the following architectures:</para>
<itemizedlist>
<listitem><simpara>alpha</simpara></listitem>
<listitem><simpara>amd64</simpara></listitem>
<listitem><simpara>ia64</simpara></listitem>
<listitem><simpara>&i386;</simpara></listitem>
<listitem><simpara>pc98</simpara></listitem>
<listitem><simpara>&sparc64;</simpara></listitem>
</itemizedlist>
<para>In addition, there is ongoing development to port &os;
to the following architectures:</para>
<itemizedlist>
<listitem><simpara>&arm;</simpara></listitem>
<listitem><simpara>&mips;</simpara></listitem>
<listitem><simpara>&powerpc;</simpara></listitem>
</itemizedlist>
<para>Up-to-date hardware lists are maintained for each
architecture so you can tell at a glance if your hardware is
supported. For servers, there is excellent hardware RAID and
network interface support.</para>
<para>&os; also makes a great workstation and laptop
operating system! It supports the X Window System, the same
one used in &linux; distributions to provide a desktop user
interface. It also supports over 13,000 easy to install
third-party applications,
<footnote>
<para>Using <ulink url="&url.base;/ports">FreeBSD's ports
collection</ulink>: software installation is as easy as
<command>pkg_add -r application_name</command>.</para>
</footnote>
including KDE, Gnome, and
OpenOffice.</para>
<para>Several projects are available to ease the installation of
&os; as a desktop. The most notable are:</para>
<itemizedlist>
<listitem><para><ulink
url="http://www.desktopbsd.net">DesktopBSD</ulink> which
aims at being a stable and powerful operating system for
desktop users.</para></listitem>
<listitem><para><ulink
url="http://www.freesbie.org">FreeSBIE</ulink> which
provides a LiveCD of &os;.</para></listitem>
<listitem><para><ulink
url="http://www.pcbsd.com">PC-BSD</ulink> which provides an
easy-to-use GUI installer for &os; aimed at the desktop
user.</para></listitem>
</itemizedlist>
</sect2>
<sect2 id="freebsd-features-frameworks">
<title>Extensible Frameworks</title>
<para>&os; provides many extensible frameworks to easily
allow you to customize the FreeBSD environment to your
particular needs. Some of the major frameworks are:</para>
<variablelist>
<varlistentry>
<term>Netgraph</term>
<listitem><para>Netgraph is a modular networking subsystem that
can be used to supplement the existing kernel networking
infrastructure. Hooks are provided to allow developers to
derive their own modules. As a result, rapid prototyping and
production deployment of enhanced network services can be
performed far more easily and with fewer bugs. Many existing
operational modules ship with FreeBSD and include support for:</para>
<itemizedlist>
<listitem><para>PPPoE</para></listitem>
<listitem><para>ATM</para></listitem>
<listitem><para>ISDN</para></listitem>
<listitem><para>Bluetooth</para></listitem>
<listitem><para>HDLC</para></listitem>
<listitem><para>EtherChannel</para></listitem>
<listitem><para>Frame Relay</para></listitem>
<listitem><para>L2TP, just to name a few.</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>GEOM</term>
<listitem><para>GEOM is a modular disk I/O request
transformation framework. Since it is a pluggable storage
layer, it permits new storage services to be quickly developed
and cleanly integrated into the FreeBSD storage
subsystem. Some examples where this can be useful are:</para>
<itemizedlist>
<listitem><para>Creating RAID solutions.</para></listitem>
<listitem><para>Providing full-blown cryptographic protection of stored data.</para></listitem>
</itemizedlist>
<para>Newer versions of FreeBSD provide many administrative
utilities to use the existing GEOM modules. For example, one
can create a disk mirror using &man.gmirror.8;, a stripe
using &man.gstripe.8;, and a shared secret device using
&man.gshsec.8;.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>GBDE</term>
<listitem><para>GBDE, or GEOM Based Disk Encryption, provides
strong cryptographic protection and can protect file systems,
swap devices, and other uses of storage media. In addition,
GBDE transparently encrypts entire file systems, not just
individual files. No cleartext ever touches the hard drive's
platter.</para></listitem>
</varlistentry>
<varlistentry>
<term>MAC</term>
<listitem><para><ulink url="&url.base;/doc/en_US.ISO8859-1/books/handbook/mac.html">MAC</ulink>,
or Mandatory Access Control, provides fine-tuned access to
files and is meant to augment traditional operating system
authorization provided by file permissions. Since MAC is
implemented as a modular framework, a FreeBSD system can be
configured for any required policy varying from HIPAA
compliance to the needs of a military-grade system.</para>
<para>&os; ships with modules to implement the following
policies; however the framework allows you to develop any
required policy:</para>
<itemizedlist>
<listitem><para>Biba integrity model</para></listitem>
<listitem><para>Port ACLs</para></listitem>
<listitem><para>MLS or Multi-Level Security confidentiality policy</para></listitem>
<listitem><para>LOMAC or Low-watermark Mandatory Access Control data integrity policy</para></listitem>
<listitem><para>Process partition policy</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM</term>
<listitem><para>Like &linux;, &os; provides support for <ulink url="&url.base;/doc/en_US.ISO8859-1/articles/pam/">PAM</ulink>,
Pluggable Authentication Modules. This allows an administrator
to augment the traditional &unix; username/password
authentication model. &os; provides modules to integrate
into many authentication mechanisms, including:</para>
<itemizedlist>
<listitem><para>Kerberos 5</para></listitem>
<listitem><para>OPIE</para></listitem>
<listitem><para>RADIUS</para></listitem>
<listitem><para>TACACS+</para></listitem>
</itemizedlist>
<para>It also allows the administrator to define policies to
control authentication issues such as the quality of
user-chosen passwords.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
<sect1 id="freebsd-security">
<title>Security</title>
<para>Security is very important to the <ulink
url="&url.base;/doc/en_US.ISO8859-1/articles/releng/">FreeBSD
Release
Engineering Team</ulink>. This
manifests itself in several concrete areas:</para>
<itemizedlist>
<listitem><para>All security incidents and fixes pass through the
Security Team and are issued as publicly available
Advisories. The Security Team has a reputation for quickly
resolving known security issues. Full information regarding
FreeBSD's security handling procedures and where to find
security information is available at
<ulink url="http://www.FreeBSD.org/security/"></ulink>.</para></listitem>
<listitem><para>One of the problems associated with Open Source
software is the sheer volume of available applications. There
are literally tens of thousands of Open Source application projects
each with varying levels of responsiveness to security
incidents. &os; has met this challenge head-on with <ulink
url="http://www.vuxml.org/freebsd/">VuXML</ulink>. All software
shipped with the FreeBSD operating system as well any software
available in the <ulink
url="&url.base;/ports/">Ports Collection</ulink>
is compared to a database of known, unresolved
vulnerabilities. An administrator can use the &man.portaudit.1;
utility to quickly determine if any software on a &os;
system is vulnerable, and if so, receive a description of the
problem and an URL containing a more detailed vulnerability
description.</para></listitem>
</itemizedlist>
<para>&os; also provides many mechanisms which allow an
administrator to tune the operating system to meet his security
needs:</para>
<itemizedlist>
<listitem><para>The &man.jail.8; utility allows an administrator
to imprison a process; this is ideal for applications which
don't provide their own chroot environment.</para></listitem>
<listitem><para>The &man.chflags.1; utility augments the
security provided by traditional Unix permissions. It can, for
example, prevent specified files from being modified or
deleted by even the superuser.</para></listitem>
<listitem><para>&os; provides 3 built-in stateful, NAT-aware
firewalls, allowing the flexibility of choosing the ruleset
most appropriate to one's security needs.</para></listitem>
<listitem><para>The &os; kernel is easily modified, allowing an
administrator to strip out unneeded functionality. &os;
also supports kernel loadable modules and provides utilities
to view, load and unload kernel modules.</para></listitem>
<listitem><para>The sysctl mechanism allows an administrator to view
and change kernel state on-the-fly without requiring a
reboot.</para></listitem>
</itemizedlist>
</sect1>
<sect1 id="freebsd-support">
<title>Support</title>
<para>Like &linux;, &os; offers many venues for support, both
freely available and commercial.</para>
<sect2 id="freebsd-support-free">
<title>Free Offerings</title>
<itemizedlist>
<listitem><para>&os; is one of the best documented
operating systems, and the documentation is available both
as part of the operating system and on the Internet. Manual
pages are clear, concise and provide working
examples. <ulink
url="&url.base;/doc/en_US.ISO8859-1/books/handbook/">
The FreeBSD Handbook</ulink>
provides background information and configuration examples
for nearly every task one would wish to complete using
&os;.</para></listitem>
<listitem><para>&os; provides many support <ulink
url="&url.base;/doc/en_US.ISO8859-1/books/handbook/eresources.html#ERESOURCES-MAIL">mailing
lists</ulink>.
where answers are archived and fully searchable. If you have
a question that wasn't addressed by the Handbook, it most
likely has already been answered on a mailing list. The
Handbook and mailing lists are also available in several
languages, all of which are easily accessible from
<ulink url="http://www.FreeBSD.org"></ulink>.</para></listitem>
<listitem><para>There are many FreeBSD IRC channels, forums
and user groups. See <ulink
url="http://www.FreeBSD.org/support.html"></ulink> for a
selection.</para></listitem>
</itemizedlist>
<para>If you're looking for a &os; administrator, developer
or support personnel, send a job description which includes
geographic location to <email>freebsd-jobs@FreeBSD.org</email>.</para>
</sect2>
<sect2 id="freebsd-support-commercial">
<title>Commercial Offerings</title>
<para>There are many vendors who provide commercial &os;
support. Resources for finding a vendor near you
include:</para>
<itemizedlist>
<listitem><para>The Commercial Vendors page at the &os;
site: <ulink
url="http://www.FreeBSD.org/commercial/"></ulink></para></listitem>
<listitem><para>FreeBSDMall, who have been selling support contracts
for nearly 10 years.
<ulink url="http://www.freebsdmall.com"></ulink></para></listitem>
<listitem><para>The BSDTracker Database at: <ulink
url="http://www.nycbug.org/index.php?NAV=BSDTracker"></ulink></para></listitem>
</itemizedlist>
<para>There is also an initiative to provide certification of BSD
system administrators. <ulink
url="http://www.bsdcertification.org"></ulink>.</para>
<para>If your project requires Common Criteria certification,
&os; includes the <ulink
url="http://www.trustedbsd.org">TrustedBSD</ulink> MAC
framework to ease the certification process.</para>
</sect2>
</sect1>
<sect1 id="freebsd-advantages">
<title>Advantages to Choosing &os;</title>
<para>There are many advantages to including &os; solutions in
your IT infrastructure:</para>
<itemizedlist>
<listitem><para>&os; is well documented and follows many
standards. This allows your existing intermediate and advanced
system administrators to quickly transfer their existing Linux
and Unix skillsets to FreeBSD administration.</para></listitem>
<listitem><para>In-house developers have full access to all
FreeBSD code
<footnote>
<para>In addition, all code is browsable through a
web-interface: <ulink
url="http://www.FreeBSD.org/cgi/cvsweb.cgi/"></ulink>.</para>
</footnote>
for all releases going back to the original
&os; release. Included with the code are all of the log
messages which provide context to changes and
bug fixes. Additionally, a developer can easily replicate any
release by simply checking out the code with the desired
label. In contrast, &linux; traditionally didn't follow this
model, but has recently adopted a more mature development
model.
<footnote>
<para>An interesting overview of the evolving Linux
development model can be found at <ulink
url="http://linuxdevices.com/articles/AT4155251624.html"></ulink>.</para>
</footnote>
</para></listitem>
<listitem><para>In-house developers also have full access to
FreeBSD's <ulink
url="http://www.gnu.org/software/gnats/">GNATS</ulink>
bug-tracking database. They are able to query and track
existing bugs as well as submit their own patches for approval
and possible committal into the FreeBSD base code.
<ulink url="http://www.FreeBSD.org/support.html#gnats"></ulink></para></listitem>
<listitem><para>The BSD license allows you to freely modify the
code to suit your business purposes. Unlike the GPL, there are
no restrictions on how you choose to distribute the resulting
software.</para></listitem>
</itemizedlist>
</sect1>
<sect1 id="freebsd-conclusion">
<title>Conclusion</title>
<para>&os; is a mature &unix;-like operating system which
includes many of the features one would expect in a modern &unix;
system. For those wishing to incorporate an Open Source solution
in their existing infrastructure, &os; is an excellent choice
indeed.</para>
</sect1>
</article>
