Errata
Books are not perfect, and Absolute OpenBSD is no exception. Here
you will find corrections for various errors that crept into the book.
If you find an error that is not listed here, please contact the
author at errata@AbsoluteOpenBSD.com.
(This email address is only for errata, so they can be noted and
(hopefully) be corrected in a future printing rather than getting lost
in the author's deluge of regular mail.)
Please accept the author's apologies for these errors.
Chapter 1
Page 29, footnote: delete the last three sentences.
Chapter 2
Page 35, under Finding OpenBSD on the Net, second
paragraph, the third sentence should read "The disk images of the
official install CD-ROMs are copyrighted by Theo de Raadt."
Page 38, under Distribution Sets, third paragraph,
the last two sentences should read "For example, one distribution set
of OpenBSD in release 3.3 is base33.tgz. In the next
release, these same tools will be called base34.tgz."
Page 40, the second header should read "xfontsXX.tgz"
instead of "xshareXX.tgz".
Chapter 3
Page 49, under Creating Floppies on UNIX, last
paragraph, the last word of the last sentence (driver) should
be removed.
Page 53, under Creating OpenBSD Partitions, third
paragraph, the last sentence should read "We can use all but the first
63 sectors.
Page 58, under "Writing a Label to the Disk", first paragraph,
second sentence should read "If you don't like your work, you can hit
"x" to quit disklabel without writing any changes.
Page 63, first paragraph, second sentence begin with "Network
interfaces that are not plugged in or that have failed for some other
reason will have a "status" line that says "no carrier," ..."
Chapter 4
Page 77, under Reading MBR Partitions, last paragraph,
first sentence should read "At the end of the line, we have the
(9)partition type in clear English."
Chapter 5
Page 90, first paragraph, the first sentence should end with
"... letting OpenBSD figure out its own broadcast address, you
would use the following entry in /etc/hostname.fxp1."
Page 94, under named_flags, third line: "Note that
OpenBSD includes BIND version 9."
Chapter 6
Page 103, first example: The command should be "boot
/bsd.old -s".
Page 107, under Multiuser Startup, the last sentence
should read "The /etc/rc system actually has seven associated
files: /etc/rc, /etc/rc.conf, /etc/netstart, /etc/rc.securelevel,
/etc/rc.local, /etc/rc.conf.local, and /etc/rc.shutdown."
Chapter 7
Page 140, under Command Aliases. The two examples
should have spaces in them, like such.
Cmnd_Alias BACKUPS = /bin/mnt,/sbin/restore,/sbin/dump
Cmnd_Alias DBCOMMANDS = /usr/home/dbuser/bin/*
Page 140, under Using Aliases in /etc/sudoers, last
paragraph, the second sentence should read: "We have already given the
APPADMIN run as alias operator privileges, ..."
Page 140, the last example should read:
phil ALL = (APPADMIN) DBCOMMANDS, (APPADMIN) BACKUPS
Chapter 8
Page 151, first paragraph, the second sentence should end with
"the number as seen by the computer."
Page 161, paragraph 3 should have a close parenthesis at the
end.
Page 161, paragraph 5, sentence three should begin with "You
can get a full list of valid media types by running..."
Page 163, paragraph 4, the last sentence should begin "If the
packet is going to an IP address not in the 172.16.0.0/24
network,..."
Page 164, under Viewing Routes, second paragraph, the
third sentence should be "The gateway is the place where the system
should send the packet to get to that destination."
Chapter 9
Page 175, the first word should be thin.
Page 175, the last sentence should end with "all hosts that the
system has recently communicated with on the local network."
Chapter 10
Page 180, under "Script Kiddies", first paragraph, last
sentence should end with "Fortunately, script kiddies are particularly
easy to defend against; ..."
Page 187, fourth bullet point from top, the second sentence
should start with "While OpenBSD does support kernel modules,
..."
Page 189, under Systrace Policies, fifth paragraph, the
first sentence should begin with "While you could simply
"permit" or "deny" this system call, ..."
Page 190, under Using Match Comparisons, second
paragraph, sixth sentence should begin with "If an attacker had an
exploit to make named(8) offer a command prompt on a
high-numbered port, ..."
Page 191, under "Using re Comparisons", first paragraph, the
third sentence should end with "if the command name ends with
the string "make"."
Chapter 11
Page 210, under "Editing the Kernel with config", first
paragraph, the second sentence should end with "none of the examples
in this section will work if you omit that flag."
Chapter 13
Page 253, under What the Port Install Does, last
paragraph, the last sentence should begin with "You will see various
chunks of FTP output where the ports system downloads the file,
..."
Page 254, in the first example, the lines should be numbered
1-4, not 1,2,3, and 5.
Page 258, under Make Package, the beginning of the last
sentence should read "You can then install this port on other
machines of the same architecture, ..."
Page 259, under Port Flavors, last paragraph, the first
sentence should read "Whenever a port builds, it looks for flavors in
the environment variable FLAVOR."
Page 261, second paragraph, the first sentence should begin
with "Each port Makefile contains a definition for
MASTER_SITES, ..."
Chapter 14
Page 287, under /etc/security, the first sentence should
read "The /etc/security file is a straightforward shell script run
each day by /etc/daily."
Page 291, under Logging by Program Name, the last
sentence should read "For example, to log the output of
chat(8), you would use this entry:"
Page 292, under Terminal Types, third paragraph, the
first sentence should end with "... another device with a serial
port."
Chapter 15
Page 306, under Using Foreign Mounts, second paragraph,
delete the last sentence.
Page 315, under Mounting Disk Images, first paragraph,
the fourth sentence should read "First, you need to attach the
disk image to a device node."
Page 318, under Unclean Shutdown, first paragraph, the
third sentence should start with "Unfortunately, the system will not
fsck(8) ..."
Chapter 16
Page 329, under Uninstall Programs, the second sentence should
end with "... recommends changing /var/cron and removing the
binaries and man pages when upgrading from 3.1."
Page 331, fourth paragraph, the second sentence should read
"Now you can tell the upgrade program where to find the
upgrades you want to install."
Page 339, under Dependencies in Updated Packages, second
paragraph, the third sentence should end with "but this will destroy
the entire /var/db/pkg entry, including the +REQUIRED_BY file."
Page 344, under CVSup Setup, the seventh line of the
example should read:
*default tag=OPENBSD_3_2
Chapter 17
Page 350, under Firewalls, the first sentence of the
second paragraph should start with "What differentiates
firewalls are ..."
Page 351, under Enabling PF, the last paragraph should
start with "If you want to stop and start..."
Page 352, the last sentence should read "While UDP and ICMP
have no state, telling PF to expect certain types of replies
with these protocols is also called stateful inspection.
Page 353, second paragraph, the last sentence should begin with
"On the other hand, if you are sitting out on the Internet,
..."
Page 353, under /etc/pf.conf, the third sentence should
end with "whose format vary with the features they configure."
Page 356, second paragraph, the first sentence should end with
"only to port numbers and UIDs."
Page 356, third paragraph, first sentence should read
"Similarly, you could prevent anyone with a UID 1100 or greater
from making outbound connections."
Page 360, under Table Attributes, third paragraph, the
last sentence should read "You can tell PF to keep these tables even
when no rules refer to them by using the persist
keyword."
Page 363, under Blocked Packet Policy, third paragraph,
the second sentence should begin with "If your firewall
silently drops the traffic, ..."
Page 368, last paragraph, the last sentence should read
"Getting this wrong is an excellent way to announce that you
have a misconfigured firewall, ..."
Page 374, the first sentence should read "Simple flag-based
packet filtering helps manage multi-interface firewalls.
Page 377, first paragraph, the second sentence should end with
"..., the label also shows up as "any.""
Page 377, fourth paragraph, delete the last two words of the
second sentence.
Page 381, under Filtering Spoofed Packets, the last
sentence should begin with "This statement automatically adds rules
that block IP addresses on the Ethernet network ..."
Chapter 18
Page 384, under Network Address Translation, the fourth
paragraph should read "PF rewrites outbound packets to give them a
source IP of 10.0.5.4 and keeps a state table of outgoing
connections.
Page 384, under Network Address Translation, the fourth
paragraph, second sentence should end with "... and sends them
back to the client.
Page 384, under Network Address Translation, the last
paragraph, first sentence should begin with "As a NAT device
supports many different devices sharing ..."
Page 387, under Connection Redirection, the first
example should read:
"rdr on external-interface proto protocol from source-ip to public-ip port public-port -> destination-ip port real-destination-port"
Page 395, the example should read:
"rdr on fxp1 proto tcp from any to 60.80.60.21 port 80 ->
192.168.1.4/30 source-hash"
Page 403, under Rule Optimization, example rule 5 should read:
(5) block in on fxp0
Appendix A
Page 424, under option I*_CPU, first paragraph, the
second sentence should end "... some of which OpenBSD will take
advantage of."
Page 447, under option KERNFS, the last sentence should
read "If you don't want to use this, you don't need it in
your configuration."
Appendix B
Page 455, third paragraph, the first sentence should end in
"... are available from http://www.AbsoluteOpenBSD.com."
Return to the main page.