NetBSD

NetBSD is a free, open-source, UNIX-like operating system known for its portability across a wide range of hardware platforms. Launched in 1993 by Chris Demetriou, Theo de Raadt, Adam Glass, and Charles Hannum, NetBSD's cross-platform support makes it suitable for diverse applications, from embedded systems to high-performance servers.

• Latest Version: 10.0
• Previous Version: 9.4
• Release Cycle: ~ 18 months
• Primary Focus: Portability

Objectives of this document

Get an overview of NetBSD, starting with version 9.4:

• Configuring network
• Installing nginx
• Configuring the firewall
• Updating the system
• Upgrading the system to 10.0

Context

• Virtual Machine Setup: MS Hyper-V ...What?! 😅
• Resources: 5GB storage, 1GB RAM
• Network Configuration:
  • NETWORK: 192.168.1.0/24
  • GATEWAY: 192.168.1.1
  • DNS: 8.8.8.8, 8.8.4.4

Installation release (9.4)

ISO: https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.4/images/NetBSD-9.4-amd64.iso (495 MB)

Installation Note

• Installer: sysinst, a C program that is menu-based, suitable for installing or upgrading NetBSD. The source code is available at http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/sysinst

• Installation: without X11

• Disk Layout: sd0, using the auto-layout option for simplified disk partitioning

• Hostname: netbsd.local

• Network Interface: hvn0, configured via DHCP

• Root: password set

• SSH: Enabled

Shutdown the box

Type:shutdown -p now

Configuring the network

The hostname

Create|Edit the file /etc/myname :netbsd.lab.local

Apply now:hostname -s netbsd.lab.localorservice network restart

For a Static IP Address (IP: 192.168.1.26)

Set the static IP address modifying the file /etc/ifconfig.hvn0 :inet 192.168.1.26 255.255.255.0

Set the gateway IP address modifying the file /etc/mygate :192.168.1.1

Resolving DNS, change the file /etc/resolv.conf:nameserver 8.8.8.8
nameserver 8.8.4.4
lookup file bind

Let's disable DHCP changing the file /etc/rc.conf :dhcpcd=NO


Restart the network stack to apply the changes:service network restart

DHCP Configuration:

Remove the static configuration:rm /etc/ifconfig.hvn0
rm /etc/mygate

Let's change the file /etc/rc.conf :dhcpcd=YES
dhcpcd_flags="-qM hvn0"

Please, reboot to apply.

Don't forget to update your /etc/hosts file.

And finally, check the result with: ifconfig hvn0

You can also check your Internet connection with: ping yahoo.fr

Adding a User

You can interactively use the command:adduser

The hard way:

To add a user named admin:useradd -m admin

Allow admin to use su for administration:usermod -G wheel admin

Assign a password to admin:passwd admin

Check the results with: id admin

You can now use ssh to administrate the box remotely:ssh admin@IP_ADDRESS

Sudo?

NetBSD does not include sudo by default. However, you can install it using pkgin install sudo.

Before being able to do that, you need to enable the installation of binary packages using sysinst (choose the f, e, and x options). You will need to be root, so use su.

Installing nginx

While NetBSD includes bozohttpd(8) by default, this tutorial will focus on installing Nginx to demonstrate how to install a package in NetBSD.

Let's install nginx:pkgin install nginx

The configuration file is here: /usr/pkg/etc/nginx/nginx.conf

No need to tune it. It is enough for our test.

By default the root web directory is /usr/pkg/share/examples/nginx/html.

Configuring Daemons

Let's create the rc.d script:ln -sf /usr/pkg/share/examples/rc.d/nginx /etc/rc.d/nginx

Enable nginx at startup, editing /etc/rc.conf:nginx=YES

Start nginx: service nginx start

Creating an HTML File

cd /usr/pkg/share/examples/nginx/html
mv index.html index.html.backup
echo '<h1>It works!</h1>' > index.html

You can now browse the test page from another computer by navigating to http://<IP_ADDRESS>.

Configuring the Firewall

NetBSD comes with npf(7) as the default firewall and also includes ipf(8).

Enable the NetBSD packet filter in /etc/rc.conf:npf=YES

Change the file /etc/npf.conf (allow only ping/ssh/www from anywhere):$ext_if = "hvn0"

procedure "log" {
  log: npflog0
}

group "services" on $ext_if {
  pass stateful in final proto icmp all
  pass stateful in final proto tcp to any port ssh
  pass stateful in final proto tcp to any port www
  pass stateful out final all
}

group default {
  pass final on lo0 all
  block all apply "log"
}


Let's enable NPF!service npf start
# You will lost your ssh connection

Updating the System, get Stable

You can find the patches for the base system at https://www.netbsd.org/support/security/patches-9.4.html.

Read each security advisory carefully and apply the patches as instructed.

Alternatively, you could use sysupgrade to download the latest binary with the following command:pkgin install sysupgrade
sysupgrade auto http://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/amd64
reboot

Update binary packages with pkgin update.

Upgrading NetBSD

To upgrade from version 9.4 to 10.0:

When upgrading between major releases (e.g. between NetBSD 9.4 and 10.0), take care to first upgrade the kernel and modules:sysupgrade fetch https://cdn.NetBSD.org/pub/NetBSD/NetBSD-10.0/amd64
sysupgrade kernel
sysupgrade modules
rebootsysupgrade sets
sysupgrade etcupdate
sysupgrade postinstall
sysupgrade clean
reboot

If you re running NetBSD 9.3 and wish to upgrade to 9.4:sysupgrade auto https://cdn.NetBSD.org/pub/NetBSD/NetBSD-9.4/amd64
reboot

You can check your version, using: uname -a

Disk usage (sample)

Type: df -hThe results:Filesystem Size Used Avail %Cap Mounted on
/dev/sd0a 3.9G 1.3G 2.3G 36% /
tmpfs 256M 0B 256M 0% /tmp
kernfs 1.0K 1.0K 0B 100% /kern
ptyfs 1.0K 1.0K 0B 100% /dev/pts
procfs 4.0K 4.0K 0B 100% /proc
tmpfs 256M 0B 256M 0% /var/shm

What else?

The kernel: /netbsd

Hypervisor: nvmm(4)

Default MTA: Postfix

Pros vs. Cons

Pros

• sysinst(8) to manage the system
• Compatibility with a wide variety of hardware platforms
• Installation is pretty straightforward

Cons

• Not easy to apply security patches
• No container technologies
• ZFS support but not in installer