Title: Full list of services offered by a default OpenBSD installation
Author: Solène
Date: 16 February 2021
Tags: openbsd70 openbsd unix
Description:
# Introduction
This article is about giving a short description of EVERY service
available as part of an OpenBSD default installation (= no package
installed).
From all this list, the following list is started by default: cron,
dhcpleased, pflogd, sndiod, openssh, ntpd, slaacd, resolvd, sshd,
spamlogd, syslogd and smtpd. Network related daemons smtpd (localhost
only), openssh and ntpd (as a client) are running.
# Service list
I extracted the list of base install services by looking at
/etc/rc.conf.
```shell command starting with a dollar sign meaning it should be run by a regular user
$ grep _flags /etc/rc.conf | cut -d '_' -f 1
```
## amd
This daemon is used to automatically mount a remote NFS server when
someone wants to access it, it can provide a replacement in case the
file system is not reachable. More information using "info amd".
HTML amd man page
## apmd
This is the daemon responsible for frequency scaling. It is important
to run it on workstation and especially on laptop, it can also trigger
automatic suspend or hibernate in case of low battery.
HTML apmd man page
HTML apm man page
## bgpd
This is a BGP daemon that is used by network routers to exchanges about
routes with others routers. This is mainly what makes the Internet
work, every hosting company announces their IP ranges and how to reach
them, in returns they also receive the paths to connect to all others
addresses.
HTML OpenBGPD website
## bootparamd
This daemon is used for diskless setups on a network, it provides
information about the client such as which NFS mount point to use for
swap or root devices.
HTML Information about a diskless setup
## cron
This is a daemon that will read from each user cron tabs and the system
crontabs to run scheduled commands. User cron tabs are modified using
crontab command.
HTML Cron man page
HTML Crontab command
HTML Crontab format
## dhcpd
This is a DHCP server used to automatically provide IPv4 addresses on
an network for systems using a DHCP client.
## dhcpleased
This is the new default DHCPv4 client service. It monitors multiples
interfaces and is able to handle more complicated setup than dhclient.
HTML dhcpleased man page
## dhcrelay
This is a DHCP requests relay, used to on a network interface to relay
the requests to another interface.
## dvmrpd
This daemon is a multicast routing daemon, in case you need multicast
spanning to deploy it outside of your local LAN. This is mostly
replaced by PIM nowadays.
## eigrpd
This daemon is an Internal gateway link-state routing protocol, it is
like OSPF but compatible with CISCO.
## ftpd
This is a FTP server providing many features. While FTP is getting
abandoned and obsolete (certainly because it doesn't really play well
with NAT) it could be used to provide read/write anonymous access on a
directory (and many other things).
HTML ftpd man page
## ftpproxy
This is a FTP proxy daemon that one is supposed to run on a NAT system,
this will automatically add PF rules to connect an incoming request to
the server behind the NAT. This is part of the FTP madness.
## ftpproxy6
Same as above but for IPv6. Using IPv6 behind a NAT make no sense.
## hostapd
This is the daemon that turns OpenBSD into a WiFi access point.
HTML hostapd man page
HTML hostapd configuration file man page
## hotplugd
hotplugd is an amazing daemon that will trigger actions when devices
are connected or disconnected. This could be scripted to automatically
run a backup if some conditions are met like an usb disk inserted
matching a known name or mounting a drive.
HTML hotplugd man page
## httpd
httpd is a HTTP(s) daemon which supports a few features like fastcgi
support, rewrite and SNI. While it doesn't have all the features a web
server like nginx has, it is able to host some PHP programs such as
nextcloud, roundcube mail or mediawiki.
HTML httpd man page
HTML httpd configuration file man page
## identd
Identd is a daemon for the Identification Protocol which returns the
login name of a user who initiatied a connection, this can be used on
IRC to authenticate which user started an IRC connection.
## ifstated
This is a daemon monitoring the state of network interfaces and which
can take actions upon changes. This can be used to trigger changes in
case of an interface losing connectivity. I used it to trigger a route
change to a 4G device in case a ping over uplink interface was failing.
HTML ifstated man page
HTML ifstated configuration file man page
## iked
This daemon is used to provide IKEv2 authentication for IPSec tunnel
establishment.
HTML OpenBSD FAQ about VPN
## inetd
This daemon is often forgotten but is very useful. Inetd can listen on
TCP or UDP port and will run a command upon connection on the related
port, incoming data will be passed as standard input of the program and
program standard output will be returned to the client. This is an
easy way to turn a program into a network program, it is not widely
used because it doesn't scale well as the whole process of running a
new program upon every connection can push a system to its limit.
HTML inetd man page
## isakmpd
This daemon is used to provide IKEv1 authentication for IPSec tunnel
establishment.
## iscsid
This daemon is an iSCSI initator which will connect to an iSCSI target
(let's call it a network block device) and expose it locally as a
/dev/vcsi device. OpenBSD doesn't provide a target iSCSI daemon in its
base system but there is one in ports.
## ldapd
This is a light LDAP server, offering version 3 of the protocol.
HTML ldap client man page
HTML ldapd daemon man page
HTML ldapd daemon configuration file man page
## ldattach
This daemon allows to configure programs that are exposed as a serial
port, such as gps devices.
## ldomd
This daemon is specific to the sparc64 platform and provide services
for dom feature.
## lockd
This daemon is used as part of a NFS environment to support file
locking.
## ldpd
This daemon is used by MPLS routers to get labels.
## lpd
This daemon is used to manage print access to a line printer.
## mountd
This daemon is used by remote NFS client to give them information about
what the system is currently offering. The command showmount can be
used to see what mountd is currently exposing.
HTML mountd man page
HTML showmount man page
## mopd
This daemon is used to distribute MOP images, which seem related to
alpha and VAX architectures.
## mrouted
Similar to dvmrpd.
## nfsd
This server is used to service the NFS requests from NFS client.
Statistics about NFS (client or server) can be obtained from the
nfsstat command.
HTML nfsd man page
HTML nfsstat man page
## npppd
This daemon is used to establish connection using PPP but also to
create tunnels with L2TP, PPTP and PPPoE. PPP is used by some modems
to connect to the Internet.
## nsd
This daemon is an authoritative DNS nameserver, which mean it is
holding all information about a domain name and about the subdomains.
It receive queries from recursive servers such as unbound / unwind
etc... If you own a domain name and you want to manage it from your
system, this is what you want.
HTML nsd man page
HTML nsd configuration file man page
## ntpd
This daemon is a NTP service that keep the system clock at the correct
time, it can use ntp servers or sensors (like GPS) as time source but
also support using remote servers to challenge the time sources. It
can acts a daemon to provide time to other NTP client.
HTML ntpd man page
## ospfd
It is a daemon for the OSPF routing protocol (Open Shortest Path
First).
## ospf6d
Same as above for IPv6.
## pflogd
This daemon is receiving packets from PF matching rules with a "log"
keyword and will store the data into a logfile that can be reused with
tcpdump later. Every packet in the logfile contains information about
which rule triggered it so it is very practical for analysis.
HTML pflogd man page
HTML tcpdump
## portmap
This daemon is used as part of a NFS environment.
## rad
This daemon is used on IPv6 routers to advertise routes so client can
automatically pick up routes.
## radiusd
This daemon is used to offer RADIUS protocol authentication.
## rarpd
This daemon is used for diskless setups in which it will help
associating an ARP address to an IP and hostname.
HTML Information about a diskless setup
## rbootd
Per the man page, it says « rbootd services boot requests from
Hewlett-Packard workstation over LAN ».
## relayd
This daemon is used to accept incoming connections and distribute them
to backend. It supports many protocols and can act transparently, its
purpose is to have a front end that will dispatch connections to a list
of backend but also verify backend status. It has many uses and can
also be used in addition to httpd to add HTTP headers to a request, or
apply conditions on HTTP request headers to choose a backend.
HTML relayd man page
HTML relayd control tool man page
HTML relayd configuration file man page
## resolvd
This daemon is used to manipulate the file /etc/resolv.conf depending
on multiple factors like configured DNS or stragegy change in unwind.
HTML resolvd man page
## ripd
This is a routing daemon using an old protocol but widely supported.
## route6d
Same as above but for IPv6.
## sasyncd
This daemon is used to keep IPSec gateways synchronized in case of a
fallback required. This can be used with carp devices.
## sensorsd
This daemon gathers monitoring information from the hardware like
temperature or disk status. If a check exceeds a threshold, a command
can be run.
HTML sensorsd man page
HTML sensorsd configuration file man page
## slaacd
This service is a daemon that will automatically pick up auto IPv6
configuration on the network.
## slowcgi
This daemon is used to expose a CGI program as a fastcgi service,
allowing httpd HTTP server to run CGI. This is an equivalent of inetd
but for fastcgi.
HTML slowcgi man page
## smtpd
This daemon is the SMTP server that will be used to deliver mails
locally or to remote email server.
HTML smtpd man page
HTML smtpd configuration file man page
HTML smtpd control command man page
## sndiod
This is the daemon handling sound from various sources. It also
support sending local sound to a remote sndiod server.
HTML sndiod man page
HTML sndiod control command man page
HTML mixerctl man page to control an audio device
HTML OpenBSD FAQ about multimedia devices
## snmpd
This daemon is a SNMP server exposing some system metrics to SNMP
client.
HTML snmpd man page
HTML snmpd configuration file man page
## spamd
This daemon acts as a fake server that will delay or block or pass
emails depending on some rules. This can be used to add IP to a block
list if they try to send an email to a specific address (like a
honeypot), pass emails from servers within an accept list or delay
connections for unknown servers (grey list) to make them and reconnect
a few times before passing the email to the SMTP server. This is a
quite effective way to prevent spam but it becomes less relevant as
sender use whole ranges of IP to send emails, meaning that if you want
to receive an email from a big email server, you will block server
X.Y.Z.1 but then X.Y.Z.2 will retry and so on, so none will pass the
grey list.
## spamlogd
This daemon is dedicated to the update of spamd whitelist.
## sshd
This is the well known ssh server. Allow secure connections to a shell
from remote client. It has many features that would gain from being
more well known, such as restrict commands per public key in the
~/.ssh/authorized_keys files or SFTP only chrooted accesses.
HTML sshd man page
HTML sshd configuration file man page
## statd
This daemon is used in NFS environment using lockd in order to check if
remote hosts are still alive.
## switchd
This daemon is used to control a switch pseudo device.
HTML switch pseudo device man page
## syslogd
This is the logging server that receives messages from local programs
and store them in the according logfile. It can be configured to pipe
some messages to command, program like sshlockout uses this method to
learn about IP that must be blocked, but can also listen on the network
to aggregates logs from other machines. The program newsyslog is used
to rotate files (move a file, compress it and allow a new file to be
created and remove too old archives). Script can use the command
logger to send text to syslog.
HTML syslogd man page
HTML syslogd configuration file man page
HTML newsyslog man page
HTML logger man page
## tftpd
This daemon is a TFTP server, used to provide kernels over the network
for diskless machines or push files to appliances.
HTML Information about a diskless setup
## tftpproxy
This daemon is used to manipulate the firewall PF to relay TFTP
requests to a TFTP server.
## unbound
This daemon is a recursive DNS server, this is the kind of server
listed in /etc/resolv.conf whose responsibility is to translate a fully
qualified domain name into the IP address behind, asking one server at
a time, for example, to ask www.dataswamp.org server, it is required
to ask the .org authoritative server where is the authoritative server
for dataswamp (within .org top domain), then dataswamp.org DNS server
will be asked what is the address of www.dataswamp.org. It can also
keep queries in cache and validates the queries and replies, it is a
good idea to have such a server on a LAN with many client to share the
queries cache.
HTML unbound man page
HTML unbound configuration file man page
## unwind
This daemon is a local recursive DNS server that will make its best to
give valid replies, it is designed for nomad users that may encounter
hostile environments like captive portals or dhcp offered DNS server
preventing DNSSEC to work etc.. Unwind polls a few DNS sources
(recursive from root servers, provided by dns, stub or DNS over TLS
server from configuration file) regularly and choose the fastest. It
will also act as a local cache and can't listen on the network to be
used by other clients. It also supports a list of blocked domains as
input.
HTML unwind man page
HTML unwind configuration file man page
HTML unwind control command man page
## vmd
This is the daemon that allow to run virtual machines using vmm. As of
OpenBSD 6.9 it is capable of running OpenBSD and Linux guests without
graphical interface and only one core.
HTML vmd man page
HTML vmd configuration file man page
HTML vmd control command man page
HTML vmm driver man page
HTML OpenBSD FAQ about virtualization
## watchdogd
This daemon is used to trigger watchdog timer devices if any.
## wsmoused
This daemon is used to provide a mouse support to the console.
## xenodm
This daemon is used to start the X server and allow users to
authenticate themselves and log in their session.
HTML xenodm man page
## ypbind
This daemon is used with a Yellow Page (YP) server to keep and maintain
a binding information file.
## ypldap
This daemon offers a YP service using a LDAP backend.
## ypserv
This daemon is a YP server.