From deraadt@do-not-reply.openbsd.org Tue Dec  1 04:50:00 MDT 1999
Return-Path: root
Date: Tue Dec  1 04:50:00 MDT 1999
From: deraadt@do-not-reply.openbsd.org (Theo de Raadt)
To: root
Subject: Welcome to OpenBSD 2.6!  Secure by Default!

This message attempts to describe the most basic initial questions that a
system administrator of an OpenBSD box might have.  You are urged to save
this message for later reference.

For more information on how to setup your OpenBSD system, refer to the
"afterboot" man page (ie. after you exit the mail subsystem, type
"man afterboot" ).  If you are not familiar with how to read man pages, type
"man man" at a shell prompt and read the entire thing.  Pay specific
attention to the "man -k keyword" option, which will permit you to find the
man page you are looking for easier.  The GNU "info" subsystem is also
installed with further documentation resources; to read info pages type "info".
(The info subsystem behaves like the popular emacs editor).

If you have installed the X11 packages during the install process, you can find
further information regarding configuration in the file /usr/X11R6/README.

Several popular binary packages (pre-compiled applications) are available
for most architectures.  If you installed from a CD-ROM the packages
are on the same CD-ROM you installed from in the directory 2.6/packages.

CD-ROM Space permitted us to include the following packages for the most common
architectures:

    Xaw3d-1.5.tgz	    aalib-1.2.tgz	autoconf-2.13.tgz
    bash-2.03.tgz	    bison-1.27.tgz	bzip2-0.9.5d.tgz
    compface-1.0.tgz	    emacs-20.3.tgz	enscript-1.6.1.tgz
    ethereal-0.7.4.tgz	    fetchmail-5.1.0.tgz	gettext-0.10.35.tgz
    ghostscript-5.10.tgz    gimp-1.1.9.tgz	glib-1.2.4.tgz
    gmake-3.77.tgz	    gnuplot-3.7.tgz	gtk+-1.2.4.tgz
    gv-3.5.8.tgz	    id-utils-3.2d.tgz	iozone-3.9.tgz
    jpeg-6b.tgz		    m4-1.4.tgz		ircii-2.8.2-epic3.004.tgz
    metamail-2.7.tgz	    mm-1.0.11.tgz	mpeg_lib-1.2.1.tgz
    nmh-1.0.tgz		    pine-4.10.tgz	netpipes-4.1.1-export.tgz
    png-1.0.3.tgz	    screen-3.7.6.tgz	sharutils-4.2.tgz
    sniffit-0.3.5.tgz	    tar-1.13.tgz	tcl-8.0.5.tgz
    tcsh-6.09.00.tgz	    tiff-3.4b37.tgz	tk-8.0.5.tgz
    unzip-5.40.tgz	    wget-1.5.3.tgz	xcolors-1.3.tgz
    xntp3-5.93e-export.tgz	

These and many other packages are also available via ftp at
	ftp://ftp.openbsd.org/pub/OpenBSD/2.6/packages/
If you do not find a package you want on the CD, please go look at your
nearest FTP mirror site.

Select your architecture and download the tarballs of your choice.  For example
to install the emacs package for i386, execute
  # mount /dev/cd0a /cdrom
  # pkg_add /cdrom/2.6/packages/i386/emacs-20.3.tgz
or alternatively install them via FTP thus
  # pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/2.6/packages/i386/emacs-20.3.tgz

Other important packages which are not permitted on the CD (due to patents) are
available on our FTP servers (as described above).  In particular, we provide
the USA and international versions of PGP.  The filenames are:
	pgp-intl-2.6.3-tgz
	pgp-usa-2.6.3-tgz

Two OpenBSD libraries (libssl and libcrypto, based on OpenSSL) implement many
cryptographic functions which are used by OpenBSD programs like ssh, httpd, and
isakmpd.  Due to patent licensing reasons, full versions of those libraries may
not be included on the CD -- instead the base distribution contains libraries
which have had a few troublesome routines removed -- the programs listed above
will not be fully functional as a result.  Libraries which _include_ the
troublesome routines are available and can be FTP installed, as long as you meet
the follow (legal) criteria:
  (1) Outside the USA, no restrictions apply. Use ssl26.tar.gz.
  (2) Inside the USA, non-commercial entities may install sslUSA26.tar.gz.
  (3) Commercial entities in the USA are left in the cold, due to how the
      licences work.  (This is how the USA crypto export policy feels to the
      rest of the world.)
If you did not install the ssl package yet, it is easily installed at any time
(see the afterboot(8) and ssl(8) manual pages).

You are STRONGLY urged to use ssh instead of telnet, rlogin, or rsh!

ssh is included in OpenBSD systems which have shared libraries (i386, sparc,
mips, m68k), and relies on the ssl26.tar.gz package, which contains the
patented RSA code.  This package is available on all our FTP servers, but NOT
included on the CD. During the system install, this package was probably
already installed (use pkg_info(1) to see if ssl26 or sslUSA26 are installed).

On non-shared library systems (powerpc, m88k, alpha) you should install one
of the ssh packages provided on the FTP sites:
	ssh-intl-1.2.27.tgz
	ssh-usa-1.2.27.tgz

Significant efforts were made to centralize all system configuration in the
/etc directory.  You should be able to find each of the configuration files
you seek there, lightly documented.  In particular, much of the configuration
has been centralized in the file /etc/rc.conf.  You should not need to ever
edit the file /etc/rc.   The files /etc/rc.securelevel and /etc/rc.local exist
for this purpose; the first is run before the system has gone into secure
mode; the second is run afterwards (if in doubt, add your tools to rc.local).

Please refer to our web pages for any other questions you might have.
	http://www.OpenBSD.org

OpenBSD is free software.  You can do with it as you like, subject to very few
conditions (described at www.OpenBSD.org/policy.html).  But free software isn't
written without money.  Network links, hardware costs, release engineering
and testing work; all these things take money and significant effort on the
part of those who have made this OpenBSD release what it is.  Please reward the
developers who have made OpenBSD what it is, and thus make it possible for this
wonderful process to continue.  For more information on how you can help,
please see www.OpenBSD.org/goals.html and visit www.OpenBSD.org/donations.html
to see a list of those who have donated money, equipment, or other resources
to ensure OpenBSD continues.  (Thus far, most of those who have donated have
been developers themselves).

If you wish to ensure that OpenBSD runs better on your machines, please do us
a favor (after you have your mail system setup!) and type
	dmesg | mail dmesg@openbsd.org
so that we can see what kinds of configurations people are running.  We will
use this information to improve device driver support in future releases.
(Please do this using the supplied GENERIC kernel, not for a custom compiled 
kernel, unless you're unable to boot the GENERIC kernel).  The device driver 
information we get from this helps us fix existing drivers. Thank you!

(If you used 'mail' to read this message and it scrolled by too quickly,
type "more ."  If you wish to save it, use the "x" command.)