FreeBSD: An Open Source Alternative to Linux

Dru Lavigne

Revision: 45201

FreeBSD is a registered trademark of the FreeBSD Foundation.

Linux is a registered trademark of Linus Torvalds.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the or the ® symbol.

Copyright

Redistribution and use in source (XML DocBook) and 'compiled' forms (XML, HTML, PDF, PostScript, RTF and so forth) with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code (XML DocBook) must retain the above copyright notice, this list of conditions and the following disclaimer as the first lines of this file unmodified.

  2. Redistributions in compiled form (transformed to other DTDs, converted to PDF, PostScript, RTF and other formats) must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

Important:

THIS DOCUMENTATION IS PROVIDED BY THE FREEBSD DOCUMENTATION PROJECT "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD DOCUMENTATION PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Last modified on 2014-07-03 by eadler.
Abstract

The objective of this whitepaper is to explain some of the features and benefits provided by FreeBSD, and where applicable, compare those features to Linux®. This paper provides a starting point for those interested in exploring Open Source alternatives to Linux®.

[ Split HTML / Single HTML ]

Table of Contents
1. Introduction
2. FreeBSD Features
3. Security
4. Support
5. Advantages to Choosing FreeBSD
6. Conclusion

1. Introduction

FreeBSD is a UNIX® like operating system based on the Berkeley Software Distribution. While FreeBSD and Linux® are commonly perceived as being very similar, there are differences:

  1. Linux® itself is a kernel. Distributions (e.g. Red Hat, Debian, Suse and others) provide the installer and the utilities available to the user. http://www.linux.org/dist lists well over 300 distinct distributions. While giving the user maximum flexibility, the existence of so many distributions also increases the difficulty of transferring one's skills from one distribution to another. Distributions don't just differ in ease-of install and available programs; they also differ in directory layout, available shells and window managers, and software installation and patching routines.

    FreeBSD is a complete operating system (kernel and userland) with a well-respected heritage grounded in the roots of Unix development. [1] Since both the kernel and the provided utilities are under the control of the same release engineering team, there is less likelihood of library incompatibilities. Security vulnerabilities can also be addressed quickly by the security team. When new utilities or kernel features are added, the user simply needs to read one file, the Release Notes, which is publicly available on the main page of the FreeBSD website.

  2. FreeBSD has a large and well organized programming base which ensures changes are implemented quickly and in a controlled manner. There are several thousand programmers who contribute code on a regular basis but only about 300 of these have what is known as a commit bit and can actually commit changes to the kernel, utilities and official documentation. A release engineering team provides quality control and a security officer team is responsible for responding to security incidents. In addition, there is an elected core group of 8 senior committers who set the overall direction of the Project.

    In contrast, changes to the Linux kernel ultimately have to wait until they pass through the maintainer of kernel source, Linus Torvalds. How changes to distributions occur can vary widely, depending upon the size of each particular distribution's programming base and organizational method.

  3. While both FreeBSD and Linux® use an Open Source licensing model, the actual licenses used differ. The Linux kernel is under the GPL license while FreeBSD uses the BSD license. These, and other Open Source licenses, are described in more detail at the website of the Open Source Initiative.

    The driving philosophy behind the GPL is to ensure that code remains Open Source; it does this by placing restrictions on the distribution of GPLd code. In contrast, the BSD license places no such restrictions, which gives you the flexibility of keeping the code Open Source or closing the code for a proprietary commercial product. [2] Having stable and reliable code under the attractive BSD license means that many operating systems, such as Apple OS X are based on FreeBSD code. It also means that if you choose to use BSD licensed code in your own projects, you can do so without threat of future legal liability.

2. FreeBSD Features

2.1. Supported Platforms

FreeBSD has gained a reputation as a secure, stable, operating system for the Intel® (i386™) platform. However, FreeBSD also supports the following architectures:

  • amd64
  • i386
  • pc98
  • SPARC64®

In addition, there is ongoing development to port FreeBSD to the following architectures:

  • ARM®
  • MIPS®
  • PowerPC®

Up-to-date hardware lists are maintained for each architecture so you can tell at a glance if your hardware is supported. For servers, there is excellent hardware RAID and network interface support.

FreeBSD also makes a great workstation and laptop operating system! It supports the X Window System, the same one used in Linux® distributions to provide a desktop user interface. It also supports over 13,000 easy to install third-party applications, [3] including KDE, Gnome, and OpenOffice.

Several projects are available to ease the installation of FreeBSD as a desktop. The most notable are:

  • DesktopBSD which aims at being a stable and powerful operating system for desktop users.

  • FreeSBIE which provides a LiveCD of FreeBSD.

  • PC-BSD which provides an easy-to-use GUI installer for FreeBSD aimed at the desktop user.

2.2. Extensible Frameworks

FreeBSD provides many extensible frameworks to easily allow you to customize the FreeBSD environment to your particular needs. Some of the major frameworks are:

Netgraph

Netgraph is a modular networking subsystem that can be used to supplement the existing kernel networking infrastructure. Hooks are provided to allow developers to derive their own modules. As a result, rapid prototyping and production deployment of enhanced network services can be performed far more easily and with fewer bugs. Many existing operational modules ship with FreeBSD and include support for:

  • PPPoE

  • ATM

  • ISDN

  • Bluetooth

  • HDLC

  • EtherChannel

  • Frame Relay

  • L2TP, just to name a few.

GEOM

GEOM is a modular disk I/O request transformation framework. Since it is a pluggable storage layer, it permits new storage services to be quickly developed and cleanly integrated into the FreeBSD storage subsystem. Some examples where this can be useful are:

  • Creating RAID solutions.

  • Providing full-blown cryptographic protection of stored data.

Newer versions of FreeBSD provide many administrative utilities to use the existing GEOM modules. For example, one can create a disk mirror using gmirror(8), a stripe using gstripe(8), and a shared secret device using gshsec(8).

GBDE

GBDE, or GEOM Based Disk Encryption, provides strong cryptographic protection and can protect file systems, swap devices, and other uses of storage media. In addition, GBDE transparently encrypts entire file systems, not just individual files. No cleartext ever touches the hard drive's platter.

MAC

MAC, or Mandatory Access Control, provides fine-tuned access to files and is meant to augment traditional operating system authorization provided by file permissions. Since MAC is implemented as a modular framework, a FreeBSD system can be configured for any required policy varying from HIPAA compliance to the needs of a military-grade system.

FreeBSD ships with modules to implement the following policies; however the framework allows you to develop any required policy:

  • Biba integrity model

  • Port ACLs

  • MLS or Multi-Level Security confidentiality policy

  • LOMAC or Low-watermark Mandatory Access Control data integrity policy

  • Process partition policy

PAM

Like Linux®, FreeBSD provides support for PAM, Pluggable Authentication Modules. This allows an administrator to augment the traditional UNIX® username/password authentication model. FreeBSD provides modules to integrate into many authentication mechanisms, including:

  • Kerberos 5

  • OPIE

  • RADIUS

  • TACACS+

It also allows the administrator to define policies to control authentication issues such as the quality of user-chosen passwords.

3. Security

Security is very important to the FreeBSD Release Engineering Team. This manifests itself in several concrete areas:

  • All security incidents and fixes pass through the Security Team and are issued as publicly available Advisories. The Security Team has a reputation for quickly resolving known security issues. Full information regarding FreeBSD's security handling procedures and where to find security information is available at http://www.FreeBSD.org/security/.

  • One of the problems associated with Open Source software is the sheer volume of available applications. There are literally tens of thousands of Open Source application projects each with varying levels of responsiveness to security incidents. FreeBSD has met this challenge head-on with VuXML. All software shipped with the FreeBSD operating system as well any software available in the Ports Collection is compared to a database of known, unresolved vulnerabilities. An administrator can use the portaudit(1) utility to quickly determine if any software on a FreeBSD system is vulnerable, and if so, receive a description of the problem and an URL containing a more detailed vulnerability description.

FreeBSD also provides many mechanisms which allow an administrator to tune the operating system to meet his security needs:

  • The jail(8) utility allows an administrator to imprison a process; this is ideal for applications which don't provide their own chroot environment.

  • The chflags(1) utility augments the security provided by traditional Unix permissions. It can, for example, prevent specified files from being modified or deleted by even the superuser.

  • FreeBSD provides 3 built-in stateful, NAT-aware firewalls, allowing the flexibility of choosing the ruleset most appropriate to one's security needs.

  • The FreeBSD kernel is easily modified, allowing an administrator to strip out unneeded functionality. FreeBSD also supports kernel loadable modules and provides utilities to view, load and unload kernel modules.

  • The sysctl mechanism allows an administrator to view and change kernel state on-the-fly without requiring a reboot.

4. Support

Like Linux®, FreeBSD offers many venues for support, both freely available and commercial.

4.1. Free Offerings

  • FreeBSD is one of the best documented operating systems, and the documentation is available both as part of the operating system and on the Internet. Manual pages are clear, concise and provide working examples. The FreeBSD Handbook provides background information and configuration examples for nearly every task one would wish to complete using FreeBSD.

  • FreeBSD provides many support mailing lists. where answers are archived and fully searchable. If you have a question that wasn't addressed by the Handbook, it most likely has already been answered on a mailing list. The Handbook and mailing lists are also available in several languages, all of which are easily accessible from http://www.FreeBSD.org.

  • There are many FreeBSD IRC channels, forums and user groups. See http://www.FreeBSD.org/support.html for a selection.

If you're looking for a FreeBSD administrator, developer or support personnel, send a job description which includes geographic location to .

4.2. Commercial Offerings

There are many vendors who provide commercial FreeBSD support. Resources for finding a vendor near you include:

There is also an initiative to provide certification of BSD system administrators. http://www.bsdcertification.org.

If your project requires Common Criteria certification, FreeBSD includes the TrustedBSD MAC framework to ease the certification process.

5. Advantages to Choosing FreeBSD

There are many advantages to including FreeBSD solutions in your IT infrastructure:

  • FreeBSD is well documented and follows many standards. This allows your existing intermediate and advanced system administrators to quickly transfer their existing Linux and Unix skillsets to FreeBSD administration.

  • In-house developers have full access to all FreeBSD code [4] for all releases going back to the original FreeBSD release. Included with the code are all of the log messages which provide context to changes and bug fixes. Additionally, a developer can easily replicate any release by simply checking out the code with the desired label. In contrast, Linux® traditionally didn't follow this model, but has recently adopted a more mature development model. [5]

  • In-house developers also have full access to FreeBSD's bug-tracking database. They are able to query and track existing bugs as well as submit their own patches for approval and possible committal into the FreeBSD base code. http://www.FreeBSD.org/support.html#gnats

  • The BSD license allows you to freely modify the code to suit your business purposes. Unlike the GPL, there are no restrictions on how you choose to distribute the resulting software.

6. Conclusion

FreeBSD is a mature UNIX®-like operating system which includes many of the features one would expect in a modern UNIX® system. For those wishing to incorporate an Open Source solution in their existing infrastructure, FreeBSD is an excellent choice indeed.



[2] For a fairly unbiased view of the merits of each license, see http://en.wikipedia.org/wiki/BSD_and_GPL_licensing.

[3] Using FreeBSD's ports collection: software installation is as easy as pkg install application_name.

[4] In addition, all code is browsable through a web-interface: http://www.FreeBSD.org/cgi/cvsweb.cgi/.

[5] An interesting overview of the evolving Linux development model can be found at http://linuxdevices.com/articles/AT4155251624.html.