- at first glance the title may lead you to believe it's about securing OpenBSD - it's not. It is about using an inherently secure operating system, OpenBSD, to its best advantage.
- you will need to be an experienced UNIX or Linux (or ideally OpenBSD) system admin to get the most out of the content.
- it is intended to be used in conjunction with OpenBSD man pages; as noted by another reviewer this book aggregates a lot of OpenBSD documentation, making it a convenient reference.
Because OpenBSD is more than a little different from other *NIX variants, and because it is cantankerous with respect to installation and configuration, the material in this book will save a lot of time and reduce the learning curve for anyone migrating to the OpenBSD environment. Reasons for this migration include the enhanced security by default and the inherent stability of this operating system.
Chapters 3, 4 and 5 are good places to start to get up-to-speed in OpenBSD because they thoroughly cover installation, basic use (especially with respect to the not-so-standard filesystem layout), and basic default services. All of Section II is essential reading for those new to OpenBSD. Among the topics covered are user admin (almost identical to other *NIX variants), pre-compiled third party software packages (unique to OpenBSD, especially with respect to ports tree), and other administrative tasks and operations. Section III, advanced features, is also essential and will greatly reduce the learning curve.
Overall this is an exceptionally well-written book that covers everything you need to know about OpenBSD from installation, and administration maintenance perspectives.
My favorite aspect of SAWO is its coverage of the internal workings of certain aspects of OpenBSD. Ch 4 features an enlightening walk-through of the /etc/rc script. Ch 13 not only describes how to use the ports tree, it explains how that system of software installation works. In some cases the authors reach beyond subjects strictly associated with OpenBSD, such as compilers (ch 21) and CVS (appendix A and elsewhere). As OpenBSD relies heavily on widely-used open source tools for standard administration, I welcome these discussions.
I also congratulate the authors' decision to focus on practical aspects of OpenBSD administration or functionality. Ch 3 gives installation advice for non-i386 hardware users. Ch 17 explains how to enable STARTTLS. Ch 22 shows why Pf is superior to many or most commercial firewalls. Some of the material can even be applied to the other BSDs, like the coverage of mergemaster in ch 31 or the advice on using IPv6 in tandem with IPv4 in ch 28.
I only have a few critiques of SAWO. Ch 27 (VPNs) was a little terse and hard to follow. I didn't think the authors needed to address applications like Snort (ch 30), when entire best-selling books are written about that very topic. I did not see a single diagram in the whole book. A picture speaks a thousand words, especially when explaining IPSec modes!
The second edition of SAWO will have plenty to add, including coverage of spamd, Common Address Redundancy Protocol (CARP), and pfsync. I suggest BSD users of all types take a close look at SAWO and consider supporting the OpenBSD project by purchasing books like this and official OpenBSD CDs.