Note that the information in some older books may no longer be accurate
or relevant to modern OpenBSD.
- Httpd and Relayd Mastery
- by Michael W. Lucas
- ISBN-10: 1-54675-206-4
- ISBN-13: 978-1-54675-206-6
- May 2017, 232 pp.
"I think we're gonna need a bigger web server."
OpenBSD has a solid reputation for security and stability.
It's well known for the OpenSMTPd mail server, the LibreSSL cryptography
library, and the PF packet filter. But nobody ever talks about the load
balancer, or the web server.
The httpd web server provides a fast, stable, secure environment for your
web applications. The relayd load balancer lets you distribute Internet
application load across multiple hosts. Between the two, you can slash
hundreds of thousands of dollars off the cost of building, deploying,
and managing applications.
- The Book of PF, 3rd Edition
A No-Nonsense Guide to the OpenBSD Firewall
- by Peter N. M. Hansteen
- ISBN-10: 1-59327-589-7
- ISBN-13: 978-1-59327-589-1
- Copyright 2015.
The first sentence of this book is "This is a book about building the
network you need." Taking it from there, Peter walks you through the whys
and the hows of building the high performance, low maintenance network you need,
using OpenBSD tools.
The book covers all bases, from the basic one machine configuration and basic
local area networks, all the way up to configurations with traffic shaping and
load balancing with "self-healing" networks and countermeasures against common
problems such as DoS attempts and spamming. A basic understanding of TCP/IP
and some Unix knowledge is assumed.
The official book website for a sample chapter, table of contents and errata
can be found here.
- SSH Mastery
- by Michael W. Lucas
- ISBN-13: 978-1470069711
- ISBN-10: 1470069717
- February 2012, 145 pp.
- OpenSSH, PuTTY, Tunnels, and Keys
A guide to what you need to know about SSH. This book will help you
eliminate passwords on your network, tunnel unencrypted protocols
through secure channels, build VPNs with OpenSSH, and more. Focuses on
the OpenSSH server, the OpenSSH client, and the PuTTY client.
Michael W. Lucas is the author of Absolute OpenBSD and other BSD books.
The official SSH Mastery website is
- Absolute OpenBSD. 2nd Edition!
- by Michael W. Lucas
- ISBN-13: 978-1-59327-476-4
- April 2013, 536 pp.
Michael W. Lucas brings us the long anticipated second edition of his
wildly successful book about using OpenBSD. This book covers all aspects of
the OpenBSD system for new UNIX and BSD users alike.
The official Absolute OpenBSD 2nd edition website is
Secure Architectures with OpenBSD
- by Brandon Palmer, Jose Nazario.
- ISBN 03-21193-66-0
- April 2004, 520 pp.
A guide for system and network administrators who need to move to a
more secure operating system and a reference for seasoned OpenBSD users
who want to fully exploit every feature of the system. This book
covers all aspects of OpenBSD, including systrace, Kerberos V, IPv6 and
IPsec, and the development environment.
The Design and Implementation of the 4.4BSD Operating System
- by Marshal Kirk McKusick, Keith Bostic, Michael J. Karels, John S. Quarterman
- ISBN-10: 0132317923
- ISBN-13: 978-0132317924
At 549 pages plus an index, this book must be considered comprehensive.
McKusick, Bostic and Karels are well known as prime movers at
Berkeley CSRG (Computer Systems Research Group) during the 4.3/4.4BSD
period. This book covers the 4.4 and 4.4-Lite releases, and discusses
everything you wanted to know about how the system operates. Not
100% applicable, but probably the closest there is to an overall
system internals manual for OpenBSD.
Source Code Secrets: The Basic 386BSD Operating System Reference
(Volume 1 of Operating System Source Code Secrets)
- by L. W. Jolitz, William Jolitz; 1997
The Jolitzes built the first port of BSD to the PC-386 architecture,
and deserve a lot of credit for making BSD portable to this low-cost
architecture. The earliest versions, called "386bsd", were described
in articles in Dr. Dobbs Journal. This book goes beyond the articles,
and provides a comprehensive annotated collection of source code.
Not all of it applies to modern versions of OpenBSD, of course, but
you can still learn a lot from it.
Berkeley Unix: A Simple and Comprehensive Guide
- by James Wilson
Begins with the basic commands and finishes with advanced programming
techniques. Offers strong coverage of systems calls.
An Introduction to Berkeley Unix and ANSI C
- by Jack Hodges
An introduction to the operating system and the programming language. Intended
for self-study, requires no previous knowledge of Unix. Covers the fundamentals
of programming; the correct use of syntax; programming style, debugging, logic,
and system programming with C.
4.4BSD User's Reference Manual (URM)
- published by O'Reilly, 1994
This is just a reprint of the man pages for users.
Your OpenBSD distribution includes the online man pages,
which are specific to OpenBSD, and more up to date. So
you don't need this one: use the man command instead.
4.4BSD System Manager's Manual (SMM)
- published by O'Reilly, 1994
This book details what you need to know to run a BSD system.
Quite a bit of this material is relevant to OpenBSD.
Unfortunately it is currently out of print.
Worse, due to licensing restrictions from AT&T,
the electronic editions of these were not included in the
They are not included with OpenBSD.
BSD mit Methode
- published by C&L Computer- und Literaturverlag GmbH, 1998
A book in German on all
three freenix BSDs covering the essentials of installation, X configuration
and system administration, as well as PERL programming and tips on
LaTeX/Lyx. The book also covers the KDE desktop environment.
Includes older versions of OpenBSD on the two included CD-ROMs.
Lehmann's Online Bookshop.
However, you might want to pick up a more recent version of the CD-ROM.
The OpenBSD PF Packet Filter Book
published by Reed Media Services
August 2006, 193 pp.
This book is an expanded, cross-referenced, indexed, edited, and reformatted
version of the PF User's Guide.
It also covers spamd and introduces the setup and differences of PF
on NetBSD, DragonFly, and FreeBSD.
The official book website with table of contents, index, and
configuration examples can be found at
Unix user guides
- Unix Made Easy
- by John Muster
- A general Unix book that covers all areas of the system.
- UNIX Power Tools
- by Jerry D. Peek, Tim O'Reilly, and Mike Loukides
This book is now in its third edition. It discusses
hundreds of neat tricks, little-known techniques, and add-on utilities.
Be aware that many of the utilities are either included with OpenBSD
or, more commonly, are already available as ports or packages.
So most of section 52.03, complaining about how hard it is to port
software to different UNIXes, can be disregarded if you learn about the
that is part of OpenBSD.
- The Multi-Boot Configuration Handbook
- by Rod Smith
Book explaining techniques for Multi-booting.
- UNIX System Administration Handbook
- by Evi Nemeth, Garth Snyder, Scott Seebass, Trent R. Hein
This is an excellent book on Unix system administration.
- Sudo Mastery
- by Michael W. Lucas
- ISBN-13: 978-1493626205
- ISBN-10: 1493626205
- October 2013, 144pp.
- Access Control for Real People
Unix-like operating systems use a rudimentary access control system:
the root account can do anything, while other users are peasants with
only minimal access. This worked fine in UNIX's youth, but today,
system administration responsibilities are spread among many people
and applications. Different people may need different slices of
root's power. However pros and cons are considered as well.
This book also thoroughly covers sudo's extended features.
The official Sudo Mastery website is
- Essential System Administration
- by Æleen Frisch
This book covers many fundamental tasks in system administration. It includes
examples for a wide range of Unix operating systems, including BSD.
- Unix Systems for Modern Architectures
- by Curt Schimmel
This book leads its reader through all the low-level kernel models for
- Lions' Commentary on UNIX 6th Edition with Source Code
- by John Lions
Although the UNIX described in this book is to BSD as a Model T Ford
is to a 70's Mustang or Thunderbird, UNIX inventor Ken Thompson
claims that "After 20 years, this is still the best exposition
of the workings of a 'real' operating system." Originally circulated
in illicit photocopies, this is the book that most first- and second-generation
UNIX hackers cut their code-teeth on. Recommended as a good introduction
to how a timesharing OS works, if you've not been inside one before.
Substantially shorter than the McKusick book above.
- The Practice of Programming
- by Brian W. Kernighan and Rob Pike
Brian Kernighan had a hand in two other books which we recommend even though they're not UNIX specific, but are useful to programmers on UNIX and elsewhere.
This book covers practical programming considerations for C, C++ and Java.
- The Elements of Programming Style
- by Brian W. Kernighan and P. J. Plauger
This book is similar to The Practice of Programming, but older. The
examples are given in Fortran and PL/I.
- Advanced Programming in the Unix Environment (2nd Edition)
- by W. Richard Stevens, Stephen A. Rago
This is a very detailed and easy to read book. It has several examples
that you can learn from. There is plenty of information about library and
system calls, and associated information so that you can use them.
This book along with the OpenBSD manual pages
make an excellent combination.
- The C Programming Language
- by Brian W. Kernighan and Dennis M. Ritchie
This is a clear and concise guide to the C programming language,
perhaps the only one you will ever need. It focuses strictly on the C language,
not how to use your compiler or anything else.
- C: A Reference Manual
- by Samuel P. Harbison and Guy L. Steele
If you only had two books on C, then along with The C Programming Language, this would be your second one!
This book is not a tutorial (hence the title), it deals with syntax, data types,
ISO C library functions, and C/C++ compatibility.
- The Art of Software Security Assessment
- by Mark Dowd, John McDonald and Justin Schuh
- Covers code auditing, design and operational review, types of
vulnerabilities, privilege models, signals,
interprocess communication, synchronization, networking and more.
Lots of examples and real world code snippets.
- Das SSH-Buch
- by Timo Dotzauer and Tobias Lütticke
- ISBN 3-938626-03-8
- Millin Verlag, December 2006, 600p.
- This book covers the theory behind OpenSSH (protocol, channels, standards
documents) as well as using OpenSSH as an end user.
Although using Linux as a reference OS, many of the examples also have
a description how to get things done under BSD.
In a separate cookbook chapter, several scenarios from daily work are solved
Furthermore, this book is the first German book to cover VPN via OpenSSH.
- DNSSEC Mastery
- by Michael W. Lucas
- ISBN-13: 978-1484924471
- ISBN-10: 1484924479
- May 2013, 130 pp.
- Securing the Domain Name System with BIND
DNS is one of the oldest protocols on the Internet, and was designed
for a network without hostile users. Anyone who wants to break into a
network starts by investigating the target's Domain Name Service.
In addition to providing a manual for BIND, this book thoroughly targets
the extensions which are available in the port net/isc-bind. DNS Security
Extensions, or DNSSEC, harden DNS. But learning DNSSEC requires
wading through years of obsolete tutorials, dead ends, and
inscrutable standards. Strengths and weaknesses of DNSSEC are
The official DNSSEC Mastery website is
- SSH, The Secure Shell.
- by Daniel J. Barrett and Richard Silverman
- The Definitive Guide. OpenSSH is covered in detail.
- TCP/IP Illustrated, Volume 1
- by W. Richard Stevens
"Network administration" is really an inappropriate heading for this book. It
is an encyclopedia of the TCP/IP protocol suite. This book provides information,
and diagrams useful to understand the suite to its lowest level.
Home enthusiasts, developers, and network administrators alike will enjoy this
- Kerberos: A Network Authentication System
- by Brian Tung
A guide for administrators of Kerberos-based networks. Explains concepts of
the Kerberos system, as well as the installation and administration of it.
- IPsec: The New Security Standard for the Internet, Intranets and Virtual
- by Naganand Doraswamy and Dan Harkins
This book explains the IPsec protocol suite. It also describes its relation
to the current deployments, such as VPNs, and future ideas.
- Computer Networks
- by Andy Tanenbaum
This book is an high-level guide to modern computer networking. It presents
a wide range of protocols, concepts, and technologies. It covers technologies
from fiber to wireless, LANs, Mobile IP, and a lot more.
- DNS and BIND
- by Paul Albitz and Cricket Liu
This book is an excellent introduction to DNS and BIND, useful for
anyone who has to implement DNS under OpenBSD.
- by Ted Lemon and Ralph E. Droms
Recommended by the Internet Software Consortium,
which is the organization that produces the DHCP client/server software
included with OpenBSD.
- Managing NFS and NIS
- by Hal Stern
Gives essential information with examples on managing NFS and NIS.
- 802.11 Security
- by Bruce Potter and Bob Fleck
Provides information on the fundamentals of wireless security, including
practical solutions for setting up clients, access points and gateways
under several operating systems. Two chapters are dedicated to OpenBSD 3.1,
covering wi, bridge, pf and altq.
- Applied Cryptography: Protocols, Algorithms, and Source Code in C
- by Bruce Schneier
A comprehensive explanation of Cryptography, with information
about its history, protocols, and algorithms. This book is a great
introduction to cryptography, with the necessary basics
to understand the field. Also, it has a very extensive reference section.
- Handbook of Applied Cryptography
- by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
- A new and detailed look at Cryptography. The authors write:
... Public-key cryptographic techniques
are now in widespread use, especially in the financial services
industry, in the public sector, and by individuals for their personal
privacy, such as in electronic mail. This Handbook will serve as a
valuable reference for the novice as well as for the expert who
needs a wider scope of coverage within the area of cryptography.
It is a necessary and timely guide for professionals who practice
the art of cryptography.
- The entire book is
available for free downloading (for personal use only)
from the book authors' site, in PDF or PostScript.
- SSL and TLS Essentials: Securing the Web
- by Stephen A. Thomas
This book offers introductory coverage of the SSL and TLS protocols, with
examples. The SSL protocol
is currently the basis of secure data transfer and secure transactions
on the Internet. Aside from encryption, this book also covers data
integrity and details the SSL protocol.
- SSL and TLS: Designing and Building Secure Systems
- by Eric Rescorla
This book offers comprehensive information about the SSL and TLS protocols,
covering their operation and security,
together with usage and implementation details.
There are also chapters about HTTP over SSL, and SMTP over TLS (STARTTLS).
Eric Rescorla is the author of ssldump, a utility that can be
used to monitor SSL connections.
He has written several commercial and free SSL implementations.
- Big Book of IPsec RFCs: Internet Security Architecture
- compiled by Pete Loshin
A complete reprint of the IPsec RFCs with an extensive index and