                  FreeBSD: An Open Source Alternative to Linux

  Dru Lavigne

   <dru@isecom.org>

   Revision: 43126

   Copyright (c) 2005 Dru Lavigne

   FreeBSD is a registered trademark of the FreeBSD Foundation.

   Linux is a registered trademark of Linus Torvalds.

   UNIX is a registered trademark of The Open Group in the United States and
   other countries.

   Many of the designations used by manufacturers and sellers to distinguish
   their products are claimed as trademarks. Where those designations appear
   in this document, and the FreeBSD Project was aware of the trademark
   claim, the designations have been followed by the "(TM)" or the "(R)"
   symbol.

   Copyright

   Redistribution and use in source (XML DocBook) and 'compiled' forms (XML,
   HTML, PDF, PostScript, RTF and so forth) with or without modification, are
   permitted provided that the following conditions are met:

    1. Redistributions of source code (XML DocBook) must retain the above
       copyright notice, this list of conditions and the following disclaimer
       as the first lines of this file unmodified.

    2. Redistributions in compiled form (transformed to other DTDs, converted
       to PDF, PostScript, RTF and other formats) must reproduce the above
       copyright notice, this list of conditions and the following disclaimer
       in the documentation and/or other materials provided with the
       distribution.

  Important:

   THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION PROJECT "AS
   IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD DOCUMENTATION
   PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
   DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

   Last modified on 2013-11-07 by gabor.
   Abstract

   The objective of this whitepaper is to explain some of the features and
   benefits provided by FreeBSD, and where applicable, compare those features
   to Linux(R). This paper provides a starting point for those interested in
   exploring Open Source alternatives to Linux(R).

     ----------------------------------------------------------------------

   Table of Contents

   1. Introduction

   2. FreeBSD Features

   3. Security

   4. Support

   5. Advantages to Choosing FreeBSD

   6. Conclusion

1. Introduction

   FreeBSD is a UNIX(R) like operating system based on the Berkeley Software
   Distribution. While FreeBSD and Linux(R) are commonly perceived as being
   very similar, there are differences:

    1. Linux(R) itself is a kernel. Distributions (e.g. Red Hat, Debian, Suse
       and others) provide the installer and the utilities available to the
       user. http://www.linux.org/dist lists well over 300 distinct
       distributions. While giving the user maximum flexibility, the
       existence of so many distributions also increases the difficulty of
       transferring one's skills from one distribution to another.
       Distributions don't just differ in ease-of install and available
       programs; they also differ in directory layout, available shells and
       window managers, and software installation and patching routines.

       FreeBSD is a complete operating system (kernel and userland) with a
       well-respected heritage grounded in the roots of Unix development. [1]
       Since both the kernel and the provided utilities are under the control
       of the same release engineering team, there is less likelihood of
       library incompatibilities. Security vulnerabilities can also be
       addressed quickly by the security team. When new utilities or kernel
       features are added, the user simply needs to read one file, the
       Release Notes, which is publicly available on the main page of the
       FreeBSD website.

    2. FreeBSD has a large and well organized programming base which ensures
       changes are implemented quickly and in a controlled manner. There are
       several thousand programmers who contribute code on a regular basis
       but only about 300 of these have what is known as a commit bit and can
       actually commit changes to the kernel, utilities and official
       documentation. A release engineering team provides quality control and
       a security officer team is responsible for responding to security
       incidents. In addition, there is an elected core group of 8 senior
       committers who set the overall direction of the Project.

       In contrast, changes to the Linux kernel ultimately have to wait until
       they pass through the maintainer of kernel source, Linus Torvalds. How
       changes to distributions occur can vary widely, depending upon the
       size of each particular distribution's programming base and
       organizational method.

    3. While both FreeBSD and Linux(R) use an Open Source licensing model,
       the actual licenses used differ. The Linux kernel is under the GPL
       license while FreeBSD uses the BSD license. These, and other Open
       Source licenses, are described in more detail at the website of the
       Open Source Initiative.

       The driving philosophy behind the GPL is to ensure that code remains
       Open Source; it does this by placing restrictions on the distribution
       of GPLd code. In contrast, the BSD license places no such
       restrictions, which gives you the flexibility of keeping the code Open
       Source or closing the code for a proprietary commercial product. [2]
       Having stable and reliable code under the attractive BSD license means
       that many operating systems, such as Apple OS X are based on FreeBSD
       code. It also means that if you choose to use BSD licensed code in
       your own projects, you can do so without threat of future legal
       liability.

2. FreeBSD Features

  2.1. Supported Platforms

   FreeBSD has gained a reputation as a secure, stable, operating system for
   the Intel(R) (i386(TM)) platform. However, FreeBSD also supports the
   following architectures:

     * amd64
     * ia64
     * i386(TM)
     * pc98
     * SPARC64(R)

   In addition, there is ongoing development to port FreeBSD to the following
   architectures:

     * ARM(R)
     * MIPS(R)
     * PowerPC(R)

   Up-to-date hardware lists are maintained for each architecture so you can
   tell at a glance if your hardware is supported. For servers, there is
   excellent hardware RAID and network interface support.

   FreeBSD also makes a great workstation and laptop operating system! It
   supports the X Window System, the same one used in Linux(R) distributions
   to provide a desktop user interface. It also supports over 13,000 easy to
   install third-party applications, [3] including KDE, Gnome, and
   OpenOffice.

   Several projects are available to ease the installation of FreeBSD as a
   desktop. The most notable are:

     * DesktopBSD which aims at being a stable and powerful operating system
       for desktop users.

     * FreeSBIE which provides a LiveCD of FreeBSD.

     * PC-BSD which provides an easy-to-use GUI installer for FreeBSD aimed
       at the desktop user.

  2.2. Extensible Frameworks

   FreeBSD provides many extensible frameworks to easily allow you to
   customize the FreeBSD environment to your particular needs. Some of the
   major frameworks are:

   Netgraph

           Netgraph is a modular networking subsystem that can be used to
           supplement the existing kernel networking infrastructure. Hooks
           are provided to allow developers to derive their own modules. As a
           result, rapid prototyping and production deployment of enhanced
           network services can be performed far more easily and with fewer
           bugs. Many existing operational modules ship with FreeBSD and
           include support for:

              * PPPoE

              * ATM

              * ISDN

              * Bluetooth

              * HDLC

              * EtherChannel

              * Frame Relay

              * L2TP, just to name a few.

   GEOM

           GEOM is a modular disk I/O request transformation framework. Since
           it is a pluggable storage layer, it permits new storage services
           to be quickly developed and cleanly integrated into the FreeBSD
           storage subsystem. Some examples where this can be useful are:

              * Creating RAID solutions.

              * Providing full-blown cryptographic protection of stored data.

           Newer versions of FreeBSD provide many administrative utilities to
           use the existing GEOM modules. For example, one can create a disk
           mirror using gmirror(8), a stripe using gstripe(8), and a shared
           secret device using gshsec(8).

   GBDE

           GBDE, or GEOM Based Disk Encryption, provides strong cryptographic
           protection and can protect file systems, swap devices, and other
           uses of storage media. In addition, GBDE transparently encrypts
           entire file systems, not just individual files. No cleartext ever
           touches the hard drive's platter.

   MAC

           MAC, or Mandatory Access Control, provides fine-tuned access to
           files and is meant to augment traditional operating system
           authorization provided by file permissions. Since MAC is
           implemented as a modular framework, a FreeBSD system can be
           configured for any required policy varying from HIPAA compliance
           to the needs of a military-grade system.

           FreeBSD ships with modules to implement the following policies;
           however the framework allows you to develop any required policy:

              * Biba integrity model

              * Port ACLs

              * MLS or Multi-Level Security confidentiality policy

              * LOMAC or Low-watermark Mandatory Access Control data
                integrity policy

              * Process partition policy

   PAM

           Like Linux(R), FreeBSD provides support for PAM, Pluggable
           Authentication Modules. This allows an administrator to augment
           the traditional UNIX(R) username/password authentication model.
           FreeBSD provides modules to integrate into many authentication
           mechanisms, including:

              * Kerberos 5

              * OPIE

              * RADIUS

              * TACACS+

           It also allows the administrator to define policies to control
           authentication issues such as the quality of user-chosen
           passwords.

3. Security

   Security is very important to the FreeBSD Release Engineering Team. This
   manifests itself in several concrete areas:

     * All security incidents and fixes pass through the Security Team and
       are issued as publicly available Advisories. The Security Team has a
       reputation for quickly resolving known security issues. Full
       information regarding FreeBSD's security handling procedures and where
       to find security information is available at
       http://www.FreeBSD.org/security/.

     * One of the problems associated with Open Source software is the sheer
       volume of available applications. There are literally tens of
       thousands of Open Source application projects each with varying levels
       of responsiveness to security incidents. FreeBSD has met this
       challenge head-on with VuXML. All software shipped with the FreeBSD
       operating system as well any software available in the Ports
       Collection is compared to a database of known, unresolved
       vulnerabilities. An administrator can use the portaudit(1) utility to
       quickly determine if any software on a FreeBSD system is vulnerable,
       and if so, receive a description of the problem and an URL containing
       a more detailed vulnerability description.

   FreeBSD also provides many mechanisms which allow an administrator to tune
   the operating system to meet his security needs:

     * The jail(8) utility allows an administrator to imprison a process;
       this is ideal for applications which don't provide their own chroot
       environment.

     * The chflags(1) utility augments the security provided by traditional
       Unix permissions. It can, for example, prevent specified files from
       being modified or deleted by even the superuser.

     * FreeBSD provides 3 built-in stateful, NAT-aware firewalls, allowing
       the flexibility of choosing the ruleset most appropriate to one's
       security needs.

     * The FreeBSD kernel is easily modified, allowing an administrator to
       strip out unneeded functionality. FreeBSD also supports kernel
       loadable modules and provides utilities to view, load and unload
       kernel modules.

     * The sysctl mechanism allows an administrator to view and change kernel
       state on-the-fly without requiring a reboot.

4. Support

   Like Linux(R), FreeBSD offers many venues for support, both freely
   available and commercial.

  4.1. Free Offerings

     * FreeBSD is one of the best documented operating systems, and the
       documentation is available both as part of the operating system and on
       the Internet. Manual pages are clear, concise and provide working
       examples. The FreeBSD Handbook provides background information and
       configuration examples for nearly every task one would wish to
       complete using FreeBSD.

     * FreeBSD provides many support mailing lists. where answers are
       archived and fully searchable. If you have a question that wasn't
       addressed by the Handbook, it most likely has already been answered on
       a mailing list. The Handbook and mailing lists are also available in
       several languages, all of which are easily accessible from
       http://www.FreeBSD.org.

     * There are many FreeBSD IRC channels, forums and user groups. See
       http://www.FreeBSD.org/support.html for a selection.

   If you're looking for a FreeBSD administrator, developer or support
   personnel, send a job description which includes geographic location to
   <freebsd-jobs@FreeBSD.org>.

  4.2. Commercial Offerings

   There are many vendors who provide commercial FreeBSD support. Resources
   for finding a vendor near you include:

     * The Commercial Vendors page at the FreeBSD site:
       http://www.FreeBSD.org/commercial/

     * FreeBSDMall, who have been selling support contracts for nearly 10
       years. http://www.freebsdmall.com

     * The BSDTracker Database at:
       http://www.nycbug.org/index.php?NAV=BSDTracker

   There is also an initiative to provide certification of BSD system
   administrators. http://www.bsdcertification.org.

   If your project requires Common Criteria certification, FreeBSD includes
   the TrustedBSD MAC framework to ease the certification process.

5. Advantages to Choosing FreeBSD

   There are many advantages to including FreeBSD solutions in your IT
   infrastructure:

     * FreeBSD is well documented and follows many standards. This allows
       your existing intermediate and advanced system administrators to
       quickly transfer their existing Linux and Unix skillsets to FreeBSD
       administration.

     * In-house developers have full access to all FreeBSD code [4] for all
       releases going back to the original FreeBSD release. Included with the
       code are all of the log messages which provide context to changes and
       bug fixes. Additionally, a developer can easily replicate any release
       by simply checking out the code with the desired label. In contrast,
       Linux(R) traditionally didn't follow this model, but has recently
       adopted a more mature development model. [5]

     * In-house developers also have full access to FreeBSD's GNATS
       bug-tracking database. They are able to query and track existing bugs
       as well as submit their own patches for approval and possible
       committal into the FreeBSD base code.
       http://www.FreeBSD.org/support.html#gnats

     * The BSD license allows you to freely modify the code to suit your
       business purposes. Unlike the GPL, there are no restrictions on how
       you choose to distribute the resulting software.

6. Conclusion

   FreeBSD is a mature UNIX(R)-like operating system which includes many of
   the features one would expect in a modern UNIX(R) system. For those
   wishing to incorporate an Open Source solution in their existing
   infrastructure, FreeBSD is an excellent choice indeed.

     ----------------------------------------------------------------------

   [1] See also http://www.oreilly.com/catalog/opensources/book/kirkmck.html
   for a brief history.

   [2] For a fairly unbiased view of the merits of each license, see
   http://en.wikipedia.org/wiki/BSD_and_GPL_licensing.

   [3] Using FreeBSD's ports collection: software installation is as easy as
   pkg_add -r application_name.

   [4] In addition, all code is browsable through a web-interface:
   http://www.FreeBSD.org/cgi/cvsweb.cgi/.

   [5] An interesting overview of the evolving Linux development model can be
   found at http://linuxdevices.com/articles/AT4155251624.html.
