 |
Title: Full list of services offered by a default OpenBSD installation |
|
Author: Solène |
|
Date: 16 February 2021 |
|
Tags: openbsd70 openbsd unix |
|
Description: |
|
|
|
# Introduction |
|
|
|
This article is about giving a short description of EVERY service |
|
available as part of an OpenBSD default installation (= no package |
|
installed). |
|
|
|
From all this list, the following list is started by default: cron, |
|
dhcpleased, pflogd, sndiod, openssh, ntpd, slaacd, resolvd, sshd, |
|
spamlogd, syslogd and smtpd. Network related daemons smtpd (localhost |
|
only), openssh and ntpd (as a client) are running. |
|
|
|
# Service list |
|
|
|
I extracted the list of base install services by looking at |
|
/etc/rc.conf. |
|
|
|
```shell command starting with a dollar sign meaning it should be run by a regu… |
|
$ grep _flags /etc/rc.conf | cut -d '_' -f 1 |
|
``` |
|
|
|
## amd |
|
|
|
This daemon is used to automatically mount a remote NFS server when |
|
someone wants to access it, it can provide a replacement in case the |
|
file system is not reachable. More information using "info amd". |
|
|
 |
amd man page |
|
|
|
## apmd |
|
|
|
This is the daemon responsible for frequency scaling. It is important |
|
to run it on workstation and especially on laptop, it can also trigger |
|
automatic suspend or hibernate in case of low battery. |
|
|
|
apmd man page |
|
apm man page |
|
|
|
## bgpd |
|
|
|
This is a BGP daemon that is used by network routers to exchanges about |
|
routes with others routers. This is mainly what makes the Internet |
|
work, every hosting company announces their IP ranges and how to reach |
|
them, in returns they also receive the paths to connect to all others |
|
addresses. |
|
|
|
OpenBGPD website |
|
|
|
## bootparamd |
|
|
|
This daemon is used for diskless setups on a network, it provides |
|
information about the client such as which NFS mount point to use for |
|
swap or root devices. |
|
|
|
Information about a diskless setup |
|
|
|
## cron |
|
|
|
This is a daemon that will read from each user cron tabs and the system |
|
crontabs to run scheduled commands. User cron tabs are modified using |
|
crontab command. |
|
|
|
Cron man page |
|
Crontab command |
|
Crontab format |
|
|
|
## dhcpd |
|
|
|
This is a DHCP server used to automatically provide IPv4 addresses on |
|
an network for systems using a DHCP client. |
|
|
|
## dhcpleased |
|
|
|
This is the new default DHCPv4 client service. It monitors multiples |
|
interfaces and is able to handle more complicated setup than dhclient. |
|
|
|
dhcpleased man page |
|
|
|
## dhcrelay |
|
|
|
This is a DHCP requests relay, used to on a network interface to relay |
|
the requests to another interface. |
|
|
|
## dvmrpd |
|
|
|
This daemon is a multicast routing daemon, in case you need multicast |
|
spanning to deploy it outside of your local LAN. This is mostly |
|
replaced by PIM nowadays. |
|
|
|
## eigrpd |
|
|
|
This daemon is an Internal gateway link-state routing protocol, it is |
|
like OSPF but compatible with CISCO. |
|
|
|
## ftpd |
|
|
|
This is a FTP server providing many features. While FTP is getting |
|
abandoned and obsolete (certainly because it doesn't really play well |
|
with NAT) it could be used to provide read/write anonymous access on a |
|
directory (and many other things). |
|
|
|
ftpd man page |
|
|
|
## ftpproxy |
|
|
|
This is a FTP proxy daemon that one is supposed to run on a NAT system, |
|
this will automatically add PF rules to connect an incoming request to |
|
the server behind the NAT. This is part of the FTP madness. |
|
|
|
## ftpproxy6 |
|
|
|
Same as above but for IPv6. Using IPv6 behind a NAT make no sense. |
|
|
|
## hostapd |
|
|
|
This is the daemon that turns OpenBSD into a WiFi access point. |
|
|
|
hostapd man page |
|
hostapd configuration file man page |
|
|
|
## hotplugd |
|
|
|
hotplugd is an amazing daemon that will trigger actions when devices |
|
are connected or disconnected. This could be scripted to automatically |
|
run a backup if some conditions are met like an usb disk inserted |
|
matching a known name or mounting a drive. |
|
|
|
hotplugd man page |
|
|
|
## httpd |
|
|
|
httpd is a HTTP(s) daemon which supports a few features like fastcgi |
|
support, rewrite and SNI. While it doesn't have all the features a web |
|
server like nginx has, it is able to host some PHP programs such as |
|
nextcloud, roundcube mail or mediawiki. |
|
|
|
httpd man page |
|
httpd configuration file man page |
|
|
|
## identd |
|
|
|
Identd is a daemon for the Identification Protocol which returns the |
|
login name of a user who initiatied a connection, this can be used on |
|
IRC to authenticate which user started an IRC connection. |
|
|
|
## ifstated |
|
|
|
This is a daemon monitoring the state of network interfaces and which |
|
can take actions upon changes. This can be used to trigger changes in |
|
case of an interface losing connectivity. I used it to trigger a route |
|
change to a 4G device in case a ping over uplink interface was failing. |
|
|
|
ifstated man page |
|
ifstated configuration file man page |
|
|
|
## iked |
|
|
|
This daemon is used to provide IKEv2 authentication for IPSec tunnel |
|
establishment. |
|
|
|
OpenBSD FAQ about VPN |
|
|
|
## inetd |
|
|
|
This daemon is often forgotten but is very useful. Inetd can listen on |
|
TCP or UDP port and will run a command upon connection on the related |
|
port, incoming data will be passed as standard input of the program and |
|
program standard output will be returned to the client. This is an |
|
easy way to turn a program into a network program, it is not widely |
|
used because it doesn't scale well as the whole process of running a |
|
new program upon every connection can push a system to its limit. |
|
|
|
inetd man page |
|
|
|
## isakmpd |
|
|
|
This daemon is used to provide IKEv1 authentication for IPSec tunnel |
|
establishment. |
|
|
|
## iscsid |
|
|
|
This daemon is an iSCSI initator which will connect to an iSCSI target |
|
(let's call it a network block device) and expose it locally as a |
|
/dev/vcsi device. OpenBSD doesn't provide a target iSCSI daemon in its |
|
base system but there is one in ports. |
|
|
|
## ldapd |
|
|
|
This is a light LDAP server, offering version 3 of the protocol. |
|
|
|
ldap client man page |
|
ldapd daemon man page |
|
ldapd daemon configuration file man page |
|
|
|
## ldattach |
|
|
|
This daemon allows to configure programs that are exposed as a serial |
|
port, such as gps devices. |
|
|
|
## ldomd |
|
|
|
This daemon is specific to the sparc64 platform and provide services |
|
for dom feature. |
|
|
|
## lockd |
|
|
|
This daemon is used as part of a NFS environment to support file |
|
locking. |
|
|
|
## ldpd |
|
|
|
This daemon is used by MPLS routers to get labels. |
|
|
|
## lpd |
|
|
|
This daemon is used to manage print access to a line printer. |
|
|
|
## mountd |
|
|
|
This daemon is used by remote NFS client to give them information about |
|
what the system is currently offering. The command showmount can be |
|
used to see what mountd is currently exposing. |
|
|
|
mountd man page |
|
showmount man page |
|
|
|
## mopd |
|
|
|
This daemon is used to distribute MOP images, which seem related to |
|
alpha and VAX architectures. |
|
|
|
## mrouted |
|
|
|
Similar to dvmrpd. |
|
|
|
## nfsd |
|
|
|
This server is used to service the NFS requests from NFS client. |
|
Statistics about NFS (client or server) can be obtained from the |
|
nfsstat command. |
|
|
|
nfsd man page |
|
nfsstat man page |
|
|
|
## npppd |
|
|
|
This daemon is used to establish connection using PPP but also to |
|
create tunnels with L2TP, PPTP and PPPoE. PPP is used by some modems |
|
to connect to the Internet. |
|
|
|
## nsd |
|
|
|
This daemon is an authoritative DNS nameserver, which mean it is |
|
holding all information about a domain name and about the subdomains. |
|
It receive queries from recursive servers such as unbound / unwind |
|
etc... If you own a domain name and you want to manage it from your |
|
system, this is what you want. |
|
|
|
nsd man page |
|
nsd configuration file man page |
|
|
|
## ntpd |
|
|
|
This daemon is a NTP service that keep the system clock at the correct |
|
time, it can use ntp servers or sensors (like GPS) as time source but |
|
also support using remote servers to challenge the time sources. It |
|
can acts a daemon to provide time to other NTP client. |
|
|
|
ntpd man page |
|
|
|
## ospfd |
|
|
|
It is a daemon for the OSPF routing protocol (Open Shortest Path |
|
First). |
|
|
|
## ospf6d |
|
|
|
Same as above for IPv6. |
|
|
|
## pflogd |
|
|
|
This daemon is receiving packets from PF matching rules with a "log" |
|
keyword and will store the data into a logfile that can be reused with |
|
tcpdump later. Every packet in the logfile contains information about |
|
which rule triggered it so it is very practical for analysis. |
|
|
|
pflogd man page |
|
tcpdump |
|
|
|
## portmap |
|
|
|
This daemon is used as part of a NFS environment. |
|
|
|
## rad |
|
|
|
This daemon is used on IPv6 routers to advertise routes so client can |
|
automatically pick up routes. |
|
|
|
## radiusd |
|
|
|
This daemon is used to offer RADIUS protocol authentication. |
|
|
|
## rarpd |
|
|
|
This daemon is used for diskless setups in which it will help |
|
associating an ARP address to an IP and hostname. |
|
|
|
Information about a diskless setup |
|
|
|
## rbootd |
|
|
|
Per the man page, it says « rbootd services boot requests from |
|
Hewlett-Packard workstation over LAN ». |
|
|
|
## relayd |
|
|
|
This daemon is used to accept incoming connections and distribute them |
|
to backend. It supports many protocols and can act transparently, its |
|
purpose is to have a front end that will dispatch connections to a list |
|
of backend but also verify backend status. It has many uses and can |
|
also be used in addition to httpd to add HTTP headers to a request, or |
|
apply conditions on HTTP request headers to choose a backend. |
|
|
|
relayd man page |
|
relayd control tool man page |
|
relayd configuration file man page |
|
|
|
## resolvd |
|
|
|
This daemon is used to manipulate the file /etc/resolv.conf depending |
|
on multiple factors like configured DNS or stragegy change in unwind. |
|
|
|
resolvd man page |
|
|
|
## ripd |
|
|
|
This is a routing daemon using an old protocol but widely supported. |
|
|
|
## route6d |
|
|
|
Same as above but for IPv6. |
|
|
|
## sasyncd |
|
|
|
This daemon is used to keep IPSec gateways synchronized in case of a |
|
fallback required. This can be used with carp devices. |
|
|
|
## sensorsd |
|
|
|
This daemon gathers monitoring information from the hardware like |
|
temperature or disk status. If a check exceeds a threshold, a command |
|
can be run. |
|
|
|
sensorsd man page |
|
sensorsd configuration file man page |
|
|
|
## slaacd |
|
|
|
This service is a daemon that will automatically pick up auto IPv6 |
|
configuration on the network. |
|
|
|
## slowcgi |
|
|
|
This daemon is used to expose a CGI program as a fastcgi service, |
|
allowing httpd HTTP server to run CGI. This is an equivalent of inetd |
|
but for fastcgi. |
|
|
|
slowcgi man page |
|
|
|
## smtpd |
|
|
|
This daemon is the SMTP server that will be used to deliver mails |
|
locally or to remote email server. |
|
|
|
smtpd man page |
|
smtpd configuration file man page |
|
smtpd control command man page |
|
|
|
## sndiod |
|
|
|
This is the daemon handling sound from various sources. It also |
|
support sending local sound to a remote sndiod server. |
|
|
|
sndiod man page |
|
sndiod control command man page |
|
mixerctl man page to control an audio device |
|
OpenBSD FAQ about multimedia devices |
|
|
|
## snmpd |
|
|
|
This daemon is a SNMP server exposing some system metrics to SNMP |
|
client. |
|
|
|
snmpd man page |
|
snmpd configuration file man page |
|
|
|
## spamd |
|
|
|
This daemon acts as a fake server that will delay or block or pass |
|
emails depending on some rules. This can be used to add IP to a block |
|
list if they try to send an email to a specific address (like a |
|
honeypot), pass emails from servers within an accept list or delay |
|
connections for unknown servers (grey list) to make them and reconnect |
|
a few times before passing the email to the SMTP server. This is a |
|
quite effective way to prevent spam but it becomes less relevant as |
|
sender use whole ranges of IP to send emails, meaning that if you want |
|
to receive an email from a big email server, you will block server |
|
X.Y.Z.1 but then X.Y.Z.2 will retry and so on, so none will pass the |
|
grey list. |
|
|
|
## spamlogd |
|
|
|
This daemon is dedicated to the update of spamd whitelist. |
|
|
|
## sshd |
|
|
|
This is the well known ssh server. Allow secure connections to a shell |
|
from remote client. It has many features that would gain from being |
|
more well known, such as restrict commands per public key in the |
|
~/.ssh/authorized_keys files or SFTP only chrooted accesses. |
|
|
|
sshd man page |
|
sshd configuration file man page |
|
|
|
## statd |
|
|
|
This daemon is used in NFS environment using lockd in order to check if |
|
remote hosts are still alive. |
|
|
|
## switchd |
|
|
|
This daemon is used to control a switch pseudo device. |
|
|
|
switch pseudo device man page |
|
|
|
## syslogd |
|
|
|
This is the logging server that receives messages from local programs |
|
and store them in the according logfile. It can be configured to pipe |
|
some messages to command, program like sshlockout uses this method to |
|
learn about IP that must be blocked, but can also listen on the network |
|
to aggregates logs from other machines. The program newsyslog is used |
|
to rotate files (move a file, compress it and allow a new file to be |
|
created and remove too old archives). Script can use the command |
|
logger to send text to syslog. |
|
|
|
syslogd man page |
|
syslogd configuration file man page |
|
newsyslog man page |
|
logger man page |
|
|
|
## tftpd |
|
|
|
This daemon is a TFTP server, used to provide kernels over the network |
|
for diskless machines or push files to appliances. |
|
|
|
Information about a diskless setup |
|
|
|
## tftpproxy |
|
|
|
This daemon is used to manipulate the firewall PF to relay TFTP |
|
requests to a TFTP server. |
|
|
|
## unbound |
|
|
|
This daemon is a recursive DNS server, this is the kind of server |
|
listed in /etc/resolv.conf whose responsibility is to translate a fully |
|
qualified domain name into the IP address behind, asking one server at |
|
a time, for example, to ask www.dataswamp.org server, it is required |
|
to ask the .org authoritative server where is the authoritative server |
|
for dataswamp (within .org top domain), then dataswamp.org DNS server |
|
will be asked what is the address of www.dataswamp.org. It can also |
|
keep queries in cache and validates the queries and replies, it is a |
|
good idea to have such a server on a LAN with many client to share the |
|
queries cache. |
|
|
|
unbound man page |
|
unbound configuration file man page |
|
|
|
## unwind |
|
|
|
This daemon is a local recursive DNS server that will make its best to |
|
give valid replies, it is designed for nomad users that may encounter |
|
hostile environments like captive portals or dhcp offered DNS server |
|
preventing DNSSEC to work etc.. Unwind polls a few DNS sources |
|
(recursive from root servers, provided by dns, stub or DNS over TLS |
|
server from configuration file) regularly and choose the fastest. It |
|
will also act as a local cache and can't listen on the network to be |
|
used by other clients. It also supports a list of blocked domains as |
|
input. |
|
|
|
unwind man page |
|
unwind configuration file man page |
|
unwind control command man page |
|
|
|
## vmd |
|
|
|
This is the daemon that allow to run virtual machines using vmm. As of |
|
OpenBSD 6.9 it is capable of running OpenBSD and Linux guests without |
|
graphical interface and only one core. |
|
|
|
vmd man page |
|
vmd configuration file man page |
|
vmd control command man page |
|
vmm driver man page |
|
OpenBSD FAQ about virtualization |
|
|
|
## watchdogd |
|
|
|
This daemon is used to trigger watchdog timer devices if any. |
|
|
|
## wsmoused |
|
|
|
This daemon is used to provide a mouse support to the console. |
|
|
|
## xenodm |
|
|
|
This daemon is used to start the X server and allow users to |
|
authenticate themselves and log in their session. |
|
|
|
xenodm man page |
|
|
|
## ypbind |
|
|
|
This daemon is used with a Yellow Page (YP) server to keep and maintain |
|
a binding information file. |
|
|
|
## ypldap |
|
|
|
This daemon offers a YP service using a LDAP backend. |
|
|
|
## ypserv |
|
|
|
This daemon is a YP server. |
