OpenBSD Books

Note that the information in some older books may no longer be accurate or relevant to modern OpenBSD.

OpenBSD-specific books

Httpd and Relayd Mastery
by Michael W. Lucas
ISBN-10: 1-54675-206-4
ISBN-13: 978-1-54675-206-6
May 2017, 232 pp.

"I think we're gonna need a bigger web server."

OpenBSD has a solid reputation for security and stability. It's well known for the OpenSMTPd mail server, the LibreSSL cryptography library, and the PF packet filter. But nobody ever talks about the load balancer, or the web server.

Until now.

The httpd web server provides a fast, stable, secure environment for your web applications. The relayd load balancer lets you distribute Internet application load across multiple hosts. Between the two, you can slash hundreds of thousands of dollars off the cost of building, deploying, and managing applications.

The Book of PF, 3rd Edition
A No-Nonsense Guide to the OpenBSD Firewall
by Peter N. M. Hansteen
ISBN-10: 1-59327-589-7
ISBN-13: 978-1-59327-589-1
October 2014, 248 pp.

The first sentence of this book is "This is a book about building the network you need." Taking it from there, Peter walks you through the whys and the hows of building the high performance, low maintenance network you need, using OpenBSD tools. The book covers all bases, from the basic one machine configuration and basic local area networks, all the way up to configurations with traffic shaping and load balancing with "self-healing" networks and countermeasures against common problems such as DoS attempts and spamming. A basic understanding of TCP/IP and some Unix knowledge is assumed. The official book website for a sample chapter, table of contents and errata can be found here.

SSH Mastery, 2nd Edition
OpenSSH, PuTTY, Tunnels and Keys
by Michael W. Lucas
ISBN-10: 1642350028
ISBN-13: 978-1642350029
February 2018, 242 pp.

A guide to what you need to know about SSH. This book will help you eliminate passwords on your network, tunnel unencrypted protocols through secure channels, build VPNs with OpenSSH, and more. Focuses on the OpenSSH server, the OpenSSH client, and the PuTTY client. Michael W. Lucas is the author of Absolute OpenBSD and other BSD books. The official SSH Mastery 2nd edition website is here.

Absolute OpenBSD. 2nd Edition!
by Michael W. Lucas
ISBN-10: 1593274769
ISBN-13: 978-1-59327-476-4
April 2013, 536 pp.

Michael W. Lucas brings us the long anticipated second edition of his wildly successful book about using OpenBSD. This book covers all aspects of the OpenBSD system for new UNIX and BSD users alike. The official Absolute OpenBSD 2nd edition website is here.

Secure Architectures with OpenBSD
by Brandon Palmer, Jose Nazario.
ISBN 03-21193-66-0
April 2004, 520 pp.

A guide for system and network administrators who need to move to a more secure operating system and a reference for seasoned OpenBSD users who want to fully exploit every feature of the system. This book covers all aspects of OpenBSD, including systrace, Kerberos V, IPv6 and IPsec, and the development environment.

BSD-specific books

The Design and Implementation of the 4.4BSD Operating System
by Marshal Kirk McKusick, Keith Bostic, Michael J. Karels, John S. Quarterman
ISBN-10: 0132317923
ISBN-13: 978-0132317924
At 549 pages plus an index, this book must be considered comprehensive. McKusick, Bostic and Karels are well known as prime movers at Berkeley CSRG (Computer Systems Research Group) during the 4.3/4.4BSD period. This book covers the 4.4 and 4.4-Lite releases, and discusses everything you wanted to know about how the system operates. Not 100% applicable, but probably the closest there is to an overall system internals manual for OpenBSD.

Source Code Secrets: The Basic 386BSD Operating System Reference (Volume 1 of Operating System Source Code Secrets)
by L. W. Jolitz, William Jolitz; 1997
The Jolitzes built the first port of BSD to the PC-386 architecture, and deserve a lot of credit for making BSD portable to this low-cost architecture. The earliest versions, called "386bsd", were described in articles in Dr. Dobbs Journal. This book goes beyond the articles, and provides a comprehensive annotated collection of source code. Not all of it applies to modern versions of OpenBSD, of course, but you can still learn a lot from it.

Berkeley Unix: A Simple and Comprehensive Guide
by James Wilson
Begins with the basic commands and finishes with advanced programming techniques. Offers strong coverage of systems calls.

An Introduction to Berkeley Unix and ANSI C
by Jack Hodges
An introduction to the operating system and the programming language. Intended for self-study, requires no previous knowledge of Unix. Covers the fundamentals of programming; the correct use of syntax; programming style, debugging, logic, and system programming with C.

4.4BSD User's Reference Manual (URM)
published by O'Reilly, 1994
This is just a reprint of the man pages for users. Your OpenBSD distribution includes the online man pages, which are specific to OpenBSD, and more up to date. So you don't need this one: use the man command instead.

4.4BSD System Manager's Manual (SMM)
published by O'Reilly, 1994
This book details what you need to know to run a BSD system. Quite a bit of this material is relevant to OpenBSD. Unfortunately it is currently out of print. Worse, due to licensing restrictions from AT&T, the electronic editions of these were not included in the 4.4BSD distributions. They are not included with OpenBSD.

BSD mit Methode
published by C&L Computer- und Literaturverlag GmbH, 1998
A book in German on all three freenix BSDs covering the essentials of installation, X configuration and system administration, as well as PERL programming and tips on LaTeX/Lyx. The book also covers the KDE desktop environment.
Includes older versions of OpenBSD on the two included CD-ROMs.
Lehmann's Online Bookshop. However, you might want to pick up a more recent version of the CD-ROM.

The OpenBSD PF Packet Filter Book
published by Reed Media Services
August 2006, 193 pp.
This book is an expanded, cross-referenced, indexed, edited, and reformatted version of the PF User's Guide. It also covers spamd and introduces the setup and differences of PF on NetBSD, DragonFly, and FreeBSD.
The official book website with table of contents, index, and configuration examples can be found at

Unix user guides

Unix Made Easy
by John Muster
A general Unix book that covers all areas of the system.

UNIX Power Tools
by Jerry D. Peek, Tim O'Reilly, and Mike Loukides
This book is now in its third edition. It discusses hundreds of neat tricks, little-known techniques, and add-on utilities. Be aware that many of the utilities are either included with OpenBSD or, more commonly, are already available as ports or packages. So most of section 52.03, complaining about how hard it is to port software to different UNIXes, can be disregarded if you learn about the Ports System that is part of OpenBSD.

The Multi-Boot Configuration Handbook
by Rod Smith
Book explaining techniques for Multi-booting.

Unix administration

UNIX System Administration Handbook
by Evi Nemeth, Garth Snyder, Scott Seebass, Trent R. Hein
This is an excellent book on Unix system administration.

Sudo Mastery
by Michael W. Lucas
ISBN-13: 978-1493626205
ISBN-10: 1493626205
October 2013, 144pp.
Access Control for Real People

Unix-like operating systems use a rudimentary access control system: the root account can do anything, while other users are peasants with only minimal access. This worked fine in UNIX's youth, but today, system administration responsibilities are spread among many people and applications. Different people may need different slices of root's power. However pros and cons are considered as well. This book also thoroughly covers sudo's extended features. The official Sudo Mastery website is here.

Essential System Administration
by Æleen Frisch
This book covers many fundamental tasks in system administration. It includes examples for a wide range of Unix operating systems, including BSD.

Unix programming

Unix Systems for Modern Architectures
by Curt Schimmel
This book leads its reader through all the low-level kernel models for multi-processing architectures.

Lions' Commentary on UNIX 6th Edition with Source Code
by John Lions
Although the UNIX described in this book is to BSD as a Model T Ford is to a 70's Mustang or Thunderbird, UNIX inventor Ken Thompson claims that "After 20 years, this is still the best exposition of the workings of a 'real' operating system." Originally circulated in illicit photocopies, this is the book that most first- and second-generation UNIX hackers cut their code-teeth on. Recommended as a good introduction to how a timesharing OS works, if you've not been inside one before. Substantially shorter than the McKusick book above.

The Practice of Programming
by Brian W. Kernighan and Rob Pike
Brian Kernighan had a hand in two other books which we recommend even though they're not UNIX specific, but are useful to programmers on UNIX and elsewhere. This book covers practical programming considerations for C, C++ and Java. Highly recommended.

The Elements of Programming Style
by Brian W. Kernighan and P. J. Plauger
This book is similar to The Practice of Programming, but older. The examples are given in Fortran and PL/I.

Advanced Programming in the Unix Environment (3rd Edition)
by W. Richard Stevens, Stephen A. Rago
This is a very detailed and easy to read book. It has several examples that you can learn from. There is plenty of information about library and system calls, and associated information so that you can use them. This book along with the OpenBSD manual pages make an excellent combination.

The C Programming Language
by Brian W. Kernighan and Dennis M. Ritchie
This is a clear and concise guide to the C programming language, perhaps the only one you will ever need. It focuses strictly on the C language, not how to use your compiler or anything else.

C: A Reference Manual
by Samuel P. Harbison and Guy L. Steele
If you only had two books on C, then along with The C Programming Language, this would be your second one! This book is not a tutorial (hence the title), it deals with syntax, data types, ISO C library functions, and C/C++ compatibility.

The Art of Software Security Assessment
by Mark Dowd, John McDonald and Justin Schuh
Covers code auditing, design and operational review, types of vulnerabilities, privilege models, signals, interprocess communication, synchronization, networking and more. Lots of examples and real world code snippets.

Network administration

Das SSH-Buch (German)
by Timo Dotzauer and Tobias Lütticke
ISBN 3-938626-03-8
Millin Verlag, December 2006, 600p.
This book covers the theory behind OpenSSH (protocol, channels, standards documents) as well as using OpenSSH as an end user. Although using Linux as a reference OS, many of the examples also have a description how to get things done under BSD. In a separate cookbook chapter, several scenarios from daily work are solved using OpenSSH. Furthermore, this book is the first German book to cover VPN via OpenSSH.

DNSSEC Mastery
by Michael W. Lucas
ISBN-13: 978-1484924471
ISBN-10: 1484924479
May 2013, 130 pp.
Securing the Domain Name System with BIND

DNS is one of the oldest protocols on the Internet, and was designed for a network without hostile users. Anyone who wants to break into a network starts by investigating the target's Domain Name Service.

In addition to providing a manual for BIND, this book thoroughly targets the extensions which are available in the port net/isc-bind. DNS Security Extensions, or DNSSEC, harden DNS. But learning DNSSEC requires wading through years of obsolete tutorials, dead ends, and inscrutable standards. Strengths and weaknesses of DNSSEC are discussed.

The official DNSSEC Mastery website is here.

SSH, The Secure Shell.
by Daniel J. Barrett and Richard Silverman
The Definitive Guide. OpenSSH is covered in detail.

TCP/IP Illustrated, Volume 1
by W. Richard Stevens
"Network administration" is really an inappropriate heading for this book. It is an encyclopedia of the TCP/IP protocol suite. This book provides information, and diagrams useful to understand the suite to its lowest level. Home enthusiasts, developers, and network administrators alike will enjoy this book.

Kerberos: A Network Authentication System
by Brian Tung
A guide for administrators of Kerberos-based networks. Explains concepts of the Kerberos system, as well as the installation and administration of it.

IPsec: The New Security Standard for the Internet, Intranets and Virtual Private Networks
by Naganand Doraswamy and Dan Harkins
This book explains the IPsec protocol suite. It also describes its relation to the current deployments, such as VPNs, and future ideas.

Computer Networks
by Andy Tanenbaum
This book is an high-level guide to modern computer networking. It presents a wide range of protocols, concepts, and technologies. It covers technologies from fiber to wireless, LANs, Mobile IP, and a lot more.

by Paul Albitz and Cricket Liu
This book is an excellent introduction to DNS and BIND, useful for anyone who has to implement DNS under OpenBSD.

by Ted Lemon and Ralph E. Droms
Recommended by the Internet Software Consortium, which is the organization that produces the DHCP client/server software included with OpenBSD.

Managing NFS and NIS
by Hal Stern
Gives essential information with examples on managing NFS and NIS.

802.11 Security
by Bruce Potter and Bob Fleck
Provides information on the fundamentals of wireless security, including practical solutions for setting up clients, access points and gateways under several operating systems. Two chapters are dedicated to OpenBSD 3.1, covering wi, bridge, pf and altq.


Applied Cryptography: Protocols, Algorithms, and Source Code in C
by Bruce Schneier
A comprehensive explanation of Cryptography, with information about its history, protocols, and algorithms. This book is a great introduction to cryptography, with the necessary basics to understand the field. Also, it has a very extensive reference section.

Handbook of Applied Cryptography
by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
A new and detailed look at Cryptography. The authors write:
... Public-key cryptographic techniques are now in widespread use, especially in the financial services industry, in the public sector, and by individuals for their personal privacy, such as in electronic mail. This Handbook will serve as a valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography. It is a necessary and timely guide for professionals who practice the art of cryptography.
The entire book is available for free downloading (for personal use only) from the book authors' site, in PDF or PostScript.

SSL and TLS Essentials: Securing the Web
by Stephen A. Thomas
This book offers introductory coverage of the SSL and TLS protocols, with examples. The SSL protocol is currently the basis of secure data transfer and secure transactions on the Internet. Aside from encryption, this book also covers data integrity and details the SSL protocol.

SSL and TLS: Designing and Building Secure Systems
by Eric Rescorla
This book offers comprehensive information about the SSL and TLS protocols, covering their operation and security, together with usage and implementation details. There are also chapters about HTTP over SSL, and SMTP over TLS (STARTTLS). Eric Rescorla is the author of ssldump, a utility that can be used to monitor SSL connections. He has written several commercial and free SSL implementations.

Big Book of IPsec RFCs: Internet Security Architecture
compiled by Pete Loshin
A complete reprint of the IPsec RFCs with an extensive index and glossary.