| News || |
Copyright © 2005 Dru Lavigne
The objective of this whitepaper is to explain some of the features and benefits
provided by FreeBSD, and where applicable, compare those features to Linux. This paper
provides a starting point for those interested in exploring Open Source alternatives to
FreeBSD is a UNIX® like operating system based on
the Berkeley Software Distribution. While FreeBSD and Linux are commonly perceived as
being very similar, there are differences:
Linux itself is a kernel. Distributions (e.g. Red Hat, Debian, Suse and others)
provide the installer and the utilities available to the user. http://www.linux.org/dist
lists well over 300 distinct distributions. While giving the user maximum flexibility,
the existence of so many distributions also increases the difficulty of transferring
one's skills from one distribution to another. Distributions don't just differ in ease-of
install and available programs; they also differ in directory layout, available shells
and window managers, and software installation and patching routines.
FreeBSD is a complete operating system (kernel and userland) with a well-respected
heritage grounded in the roots of Unix development. Since both the kernel and the
provided utilities are under the control of the same release engineering team, there is
less likelihood of library incompatibilities. Security vulnerabilities can also be
addressed quickly by the security team. When new utilities or kernel features are added,
the user simply needs to read one file, the Release Notes, which is publicly available on
the main page of the FreeBSD
FreeBSD has a large and well organized programming base which ensures changes are
implemented quickly and in a controlled manner. There are several thousand programmers
who contribute code on a regular basis but only about 300 of these have what is known as
a commit bit and can actually commit changes to the kernel, utilities and official
documentation. A release engineering team provides quality control and a security officer
team is responsible for responding to security incidents. In addition, there is an
elected core group of 8 senior committers who set the overall direction of the
In contrast, changes to the Linux kernel ultimately have to wait until they pass
through the maintainer of kernel source, Linus Torvalds. How changes to distributions
occur can vary widely, depending upon the size of each particular distribution's
programming base and organizational method.
While both FreeBSD and Linux use an Open Source licensing model, the actual licenses
used differ. The Linux kernel is under the GPL license
while FreeBSD uses the BSD license. These, and other Open Source licenses, are described in
more detail at the website of the Open Source Initiative.
The driving philosophy behind the GPL is to ensure that code remains Open Source; it
does this by placing restrictions on the distribution of GPLd code. In contrast, the BSD
license places no such restrictions, which gives you the flexibility of keeping the code
Open Source or closing the code for a proprietary commercial product. Having stable
and reliable code under the attractive BSD license means that many operating systems,
such as Apple OS X are based on FreeBSD code. It also means that if you choose
to use BSD licensed code in your own projects, you can do so without threat of future
FreeBSD has gained a reputation as a secure, stable, operating system for the Intel
(i386) platform, However, FreeBSD also supports the following architectures:
In addition, there is ongoing development to port FreeBSD to the following
Up-to-date hardware lists are maintained for each architecture so you can tell at a
glance if your hardware is supported. For servers, there is excellent hardware RAID and
network interface support.
FreeBSD also makes a great workstation and laptop operating system! It supports the X
Window System, the same one used in Linux distributions to provide a desktop user
interface. It also supports over 13,000 easy to install third-party applications,
including KDE, Gnome, and OpenOffice.
Several projects are available to ease the installation of FreeBSD as a desktop. The
most notable are:
FreeBSD provides many extensible frameworks to easily allow you to customize the
FreeBSD environment to your particular needs. Some of the major frameworks are:
Netgraph is a modular networking subsystem that can be used to supplement the existing
kernel networking infrastructure. Hooks are provided to allow developers to derive their
own modules. As a result, rapid prototyping and production deployment of enhanced network
services can be performed far more easily and with fewer bugs. Many existing operational
modules ship with FreeBSD and include support for:
GEOM is a modular disk I/O request transformation framework. Since it is a pluggable
storage layer, it permits new storage services to be quickly developed and cleanly
integrated into the FreeBSD storage subsystem. Some examples where this can be useful
Newer versions of FreeBSD provide many administrative utilities to use the existing
GEOM modules. For example, one can create a disk mirror using gmirror(8), a stripe
using gstripe(8), and a
shared secret device using gshsec(8).
GBDE, or GEOM Based Disk Encryption, provides strong cryptographic protection and can
protect file systems, swap devices, and other uses of storage media. In addition, GBDE
transparently encrypts entire file systems, not just individual files. No cleartext ever
touches the hard drive's platter.
MAC, or Mandatory Access Control, provides fine-tuned access to files
and is meant to augment traditional operating system authorization provided by file
permissions. Since MAC is implemented as a modular framework, a FreeBSD system can be
configured for any required policy varying from HIPAA compliance to the needs of a
FreeBSD ships with modules to implement the following policies; however the framework
allows you to develop any required policy:
Like Linux, FreeBSD provides support for PAM,
Pluggable Authentication Modules. This allows an administrator to augment the traditional
Unix username/password authentication model. FreeBSD provides modules to integrate into
many authentication mechanisms, including:
It also allows the administrator to define policies to control authentication issues
such as the quality of user-chosen passwords.
Security is very important to the FreeBSD
Release Engineering Team. This manifests itself in several concrete areas:
All security incidents and fixes pass through the Security Team and are issued as
publicly available Advisories. The Security Team has a reputation for quickly resolving
known security issues. Full information regarding FreeBSD's security handling procedures
and where to find security information is available at http://www.freebsd.org/security/.
One of the problems associated with Open Source software is the sheer volume of
available applications. There are literally 10s of 1000s of Open Source application
projects each with varying levels of responsiveness to security incidents. FreeBSD has
met this challenge head-on with VuXML. All software shipped with the FreeBSD operating system as well
any software available in the Ports
Collection is compared to a database of known, unresolved vulnerabilities. An
administrator can use the portaudit utility to quickly determine if any software on a
FreeBSD system is vulnerable, and if so, receive a description of the problem and an URL
containing a more detailed vulnerability description.
FreeBSD also provides many mechanisms which allow an administrator to tune the
operating system to meet his security needs:
The jail(8) utility allows
an administrator to imprison a process; this is ideal for applications which don't
provide their own chroot environment.
The chflags(1) utility
augments the security provided by traditional Unix permissions. It can, for example,
prevent specified files from being modified or deleted by even the superuser.
FreeBSD provides 3 built-in stateful, NAT-aware firewalls, allowing the flexibility of
choosing the ruleset most appropriate to one's security needs.
The FreeBSD kernel is easily modified, allowing an administrator to strip out unneeded
functionality. FreeBSD also supports kernel loadable modules and provides utilities to
view, load and unload kernel modules.
The sysctl mechanism allows an administrator to view and change kernel state
on-the-fly without requiring a reboot.
Like Linux, FreeBSD offers many venues for support, both freely available and
FreeBSD is one of the best documented operating systems, and the documentation is
available both as part of the operating system and on the Internet. Manual pages are
clear, concise and provide working examples. The
FreeBSD Handbook provides background information and configuration examples for
nearly every task one would wish to complete using FreeBSD.
FreeBSD provides many support mailing lists. where answers are archived and fully searchable. If you
have a question that wasn't addressed by the Handbook, it most likely has already been
answered on a mailing list. The Handbook and mailing lists are also available in several
languages, all of which are easily accessible from http://www.freebsd.org.
There are many FreeBSD IRC channels, forums and user groups. See http://www.freebsd.org/support.html for a selection.
If you're looking for a FreeBSD administrator, developer or support personnel, send a
job description which includes geographic location to freebsd-jobs@FreeBSD.org.
There are many vendors who provide commercial FreeBSD support. Resources for finding a
vendor near you include:
There is also an initiative to provide certification of BSD system administrators. http://www.bsdcertification.org.
If your project requires Common Criteria certification, FreeBSD includes the TrustedBSD MAC framework to ease the
There are many advantages to including FreeBSD solutions in your IT
FreeBSD is well documented and follows many standards. This allows your existing
intermediate and advanced system administrators to quickly transfer their existing Linux
and Unix skillsets to FreeBSD administration.
In-house developers have full access to all FreeBSD code for all releases going
back to the original FreeBSD release. Included with the code are all of the log messages
which provide context to changes and bugfixes. Additionally, a developer can easily
replicate any release by simply checking out the code with the desired label. In
contrast, Linux traditionally didn't follow this model, but has recently adopted a more
mature development model. 
In-house developers also have full access to FreeBSD's GNATS bug-tracking database.
They are able to query and track existing bugs as well as submit their own patches for
approval and possible committal into the FreeBSD base code. http://www.freebsd.org/support.html#gnats
The BSD license allows you to freely modify the code to suit your business purposes.
Unlike the GPL, there are no restrictions on how you choose to distribute the resulting
FreeBSD is a mature Unix-like operating system which includes many of the features one
would expect in a modern Unix system. For those wishing to incorporate an Open Source
solution in their existing infrastructure, FreeBSD is an excellent choice indeed.