dataswamp.org

Title: Full list of services offered by a default OpenBSD installation
Author: Solène
Date: 16 February 2021
Tags: openbsd70 openbsd unix
Description:

# Introduction

This article is about giving a short description of EVERY service
available as part of an OpenBSD default installation (= no package
installed).

From all this list, the following list is started by default: cron,
dhcpleased, pflogd, sndiod, openssh, ntpd, slaacd, resolvd, sshd,
spamlogd, syslogd and smtpd. Network related daemons smtpd (localhost
only), openssh and ntpd (as a client) are running.

# Service list

I extracted the list of base install services by looking at
/etc/rc.conf.

```shell command starting with a dollar sign meaning it should be run by a regular user
$ grep _flags /etc/rc.conf | cut -d '_' -f 1
```

## amd

This daemon is used to automatically mount a remote NFS server when
someone wants to access it, it can provide a replacement in case the
file system is not reachable. More information using "info amd".

(HTM) amd man page

## apmd

This is the daemon responsible for frequency scaling. It is important
to run it on workstation and especially on laptop, it can also trigger
automatic suspend or hibernate in case of low battery.

(HTM) apmd man page
(HTM) apm man page

## bgpd

This is a BGP daemon that is used by network routers to exchanges about
routes with others routers. This is mainly what makes the Internet
work, every hosting company announces their IP ranges and how to reach
them, in returns they also receive the paths to connect to all others
addresses.

(HTM) OpenBGPD website

## bootparamd

This daemon is used for diskless setups on a network, it provides
information about the client such as which NFS mount point to use for
swap or root devices.

(HTM) Information about a diskless setup

## cron

This is a daemon that will read from each user cron tabs and the system
crontabs to run scheduled commands. User cron tabs are modified using
crontab command.

(HTM) Cron man page
(HTM) Crontab command
(HTM) Crontab format

## dhcpd

This is a DHCP server used to automatically provide IPv4 addresses on
an network for systems using a DHCP client.

## dhcpleased

This is the new default DHCPv4 client service. It monitors multiples
interfaces and is able to handle more complicated setup than dhclient.

(HTM) dhcpleased man page

## dhcrelay

This is a DHCP requests relay, used to on a network interface to relay
the requests to another interface.

## dvmrpd

This daemon is a multicast routing daemon, in case you need multicast
spanning to deploy it outside of your local LAN. This is mostly
replaced by PIM nowadays.

## eigrpd

This daemon is an Internal gateway link-state routing protocol, it is
like OSPF but compatible with CISCO.

## ftpd

This is a FTP server providing many features. While FTP is getting
abandoned and obsolete (certainly because it doesn't really play well
with NAT) it could be used to provide read/write anonymous access on a
directory (and many other things).

(HTM) ftpd man page

## ftpproxy

This is a FTP proxy daemon that one is supposed to run on a NAT system,
this will automatically add PF rules to connect an incoming request to
the server behind the NAT. This is part of the FTP madness.

## ftpproxy6

Same as above but for IPv6. Using IPv6 behind a NAT make no sense.

## hostapd

This is the daemon that turns OpenBSD into a WiFi access point.

(HTM) hostapd man page
(HTM) hostapd configuration file man page

## hotplugd

hotplugd is an amazing daemon that will trigger actions when devices
are connected or disconnected. This could be scripted to automatically
run a backup if some conditions are met like an usb disk inserted
matching a known name or mounting a drive.

(HTM) hotplugd man page

## httpd

httpd is a HTTP(s) daemon which supports a few features like fastcgi
support, rewrite and SNI. While it doesn't have all the features a web
server like nginx has, it is able to host some PHP programs such as
nextcloud, roundcube mail or mediawiki.

(HTM) httpd man page
(HTM) httpd configuration file man page

## identd

Identd is a daemon for the Identification Protocol which returns the
login name of a user who initiatied a connection, this can be used on
IRC to authenticate which user started an IRC connection.

## ifstated

This is a daemon monitoring the state of network interfaces and which
can take actions upon changes. This can be used to trigger changes in
case of an interface losing connectivity. I used it to trigger a route
change to a 4G device in case a ping over uplink interface was failing.

(HTM) ifstated man page
(HTM) ifstated configuration file man page

## iked

This daemon is used to provide IKEv2 authentication for IPSec tunnel
establishment.

(HTM) OpenBSD FAQ about VPN

## inetd

This daemon is often forgotten but is very useful. Inetd can listen on
TCP or UDP port and will run a command upon connection on the related
port, incoming data will be passed as standard input of the program and
program standard output will be returned to the client. This is an
easy way to turn a program into a network program, it is not widely
used because it doesn't scale well as the whole process of running a
new program upon every connection can push a system to its limit.

(HTM) inetd man page

## isakmpd

This daemon is used to provide IKEv1 authentication for IPSec tunnel
establishment.

## iscsid

This daemon is an iSCSI initator which will connect to an iSCSI target
(let's call it a network block device) and expose it locally as a
/dev/vcsi device. OpenBSD doesn't provide a target iSCSI daemon in its
base system but there is one in ports.

## ldapd

This is a light LDAP server, offering version 3 of the protocol.

(HTM) ldap client man page
(HTM) ldapd daemon man page
(HTM) ldapd daemon configuration file man page

## ldattach

This daemon allows to configure programs that are exposed as a serial
port, such as gps devices.

## ldomd

This daemon is specific to the sparc64 platform and provide services
for dom feature.

## lockd

This daemon is used as part of a NFS environment to support file
locking.

## ldpd

This daemon is used by MPLS routers to get labels.

## lpd

This daemon is used to manage print access to a line printer.

## mountd

This daemon is used by remote NFS client to give them information about
what the system is currently offering. The command showmount can be
used to see what mountd is currently exposing.

(HTM) mountd man page
(HTM) showmount man page

## mopd

This daemon is used to distribute MOP images, which seem related to
alpha and VAX architectures.

## mrouted

Similar to dvmrpd.

## nfsd

This server is used to service the NFS requests from NFS client.
Statistics about NFS (client or server) can be obtained from the
nfsstat command.

(HTM) nfsd man page
(HTM) nfsstat man page

## npppd

This daemon is used to establish connection using PPP but also to
create tunnels with L2TP, PPTP and PPPoE. PPP is used by some modems
to connect to the Internet.

## nsd

This daemon is an authoritative DNS nameserver, which mean it is
holding all information about a domain name and about the subdomains.
It receive queries from recursive servers such as unbound / unwind
etc... If you own a domain name and you want to manage it from your
system, this is what you want.

(HTM) nsd man page
(HTM) nsd configuration file man page

## ntpd

This daemon is a NTP service that keep the system clock at the correct
time, it can use ntp servers or sensors (like GPS) as time source but
also support using remote servers to challenge the time sources. It
can acts a daemon to provide time to other NTP client.

(HTM) ntpd man page

## ospfd

It is a daemon for the OSPF routing protocol (Open Shortest Path
First).

## ospf6d

Same as above for IPv6.

## pflogd

This daemon is receiving packets from PF matching rules with a "log"
keyword and will store the data into a logfile that can be reused with
tcpdump later. Every packet in the logfile contains information about
which rule triggered it so it is very practical for analysis.

(HTM) pflogd man page
(HTM) tcpdump

## portmap

This daemon is used as part of a NFS environment.

## rad

This daemon is used on IPv6 routers to advertise routes so client can
automatically pick up routes.

## radiusd

This daemon is used to offer RADIUS protocol authentication.

## rarpd

This daemon is used for diskless setups in which it will help
associating an ARP address to an IP and hostname.

(HTM) Information about a diskless setup

## rbootd

Per the man page, it says « rbootd services boot requests from
Hewlett-Packard workstation over LAN ».

## relayd

This daemon is used to accept incoming connections and distribute them
to backend. It supports many protocols and can act transparently, its
purpose is to have a front end that will dispatch connections to a list
of backend but also verify backend status. It has many uses and can
also be used in addition to httpd to add HTTP headers to a request, or
apply conditions on HTTP request headers to choose a backend.

(HTM) relayd man page
(HTM) relayd control tool man page
(HTM) relayd configuration file man page

## resolvd

This daemon is used to manipulate the file /etc/resolv.conf depending
on multiple factors like configured DNS or stragegy change in unwind.

(HTM) resolvd man page

## ripd

This is a routing daemon using an old protocol but widely supported.

## route6d

Same as above but for IPv6.

## sasyncd

This daemon is used to keep IPSec gateways synchronized in case of a
fallback required. This can be used with carp devices.

## sensorsd

This daemon gathers monitoring information from the hardware like
temperature or disk status. If a check exceeds a threshold, a command
can be run.

(HTM) sensorsd man page
(HTM) sensorsd configuration file man page

## slaacd

This service is a daemon that will automatically pick up auto IPv6
configuration on the network.

## slowcgi

This daemon is used to expose a CGI program as a fastcgi service,
allowing httpd HTTP server to run CGI. This is an equivalent of inetd
but for fastcgi.

(HTM) slowcgi man page

## smtpd

This daemon is the SMTP server that will be used to deliver mails
locally or to remote email server.

(HTM) smtpd man page
(HTM) smtpd configuration file man page
(HTM) smtpd control command man page

## sndiod

This is the daemon handling sound from various sources. It also
support sending local sound to a remote sndiod server.

(HTM) sndiod man page
(HTM) sndiod control command man page
(HTM) mixerctl man page to control an audio device
(HTM) OpenBSD FAQ about multimedia devices

## snmpd

This daemon is a SNMP server exposing some system metrics to SNMP
client.

(HTM) snmpd man page
(HTM) snmpd configuration file man page

## spamd

This daemon acts as a fake server that will delay or block or pass
emails depending on some rules. This can be used to add IP to a block
list if they try to send an email to a specific address (like a
honeypot), pass emails from servers within an accept list or delay
connections for unknown servers (grey list) to make them and reconnect
a few times before passing the email to the SMTP server. This is a
quite effective way to prevent spam but it becomes less relevant as
sender use whole ranges of IP to send emails, meaning that if you want
to receive an email from a big email server, you will block server
X.Y.Z.1 but then X.Y.Z.2 will retry and so on, so none will pass the
grey list.

## spamlogd

This daemon is dedicated to the update of spamd whitelist.

## sshd

This is the well known ssh server. Allow secure connections to a shell
from remote client. It has many features that would gain from being
more well known, such as restrict commands per public key in the
~/.ssh/authorized_keys files or SFTP only chrooted accesses.

(HTM) sshd man page
(HTM) sshd configuration file man page

## statd

This daemon is used in NFS environment using lockd in order to check if
remote hosts are still alive.

## switchd

This daemon is used to control a switch pseudo device.

(HTM) switch pseudo device man page

## syslogd

This is the logging server that receives messages from local programs
and store them in the according logfile. It can be configured to pipe
some messages to command, program like sshlockout uses this method to
learn about IP that must be blocked, but can also listen on the network
to aggregates logs from other machines. The program newsyslog is used
to rotate files (move a file, compress it and allow a new file to be
created and remove too old archives). Script can use the command
logger to send text to syslog.

(HTM) syslogd man page
(HTM) syslogd configuration file man page
(HTM) newsyslog man page
(HTM) logger man page

## tftpd

This daemon is a TFTP server, used to provide kernels over the network
for diskless machines or push files to appliances.

(HTM) Information about a diskless setup

## tftpproxy

This daemon is used to manipulate the firewall PF to relay TFTP
requests to a TFTP server.

## unbound

This daemon is a recursive DNS server, this is the kind of server
listed in /etc/resolv.conf whose responsibility is to translate a fully
qualified domain name into the IP address behind, asking one server at
a time, for example, to ask www.dataswamp.org server, it is required
to ask the .org authoritative server where is the authoritative server
for dataswamp (within .org top domain), then dataswamp.org DNS server
will be asked what is the address of www.dataswamp.org. It can also
keep queries in cache and validates the queries and replies, it is a
good idea to have such a server on a LAN with many client to share the
queries cache.

(HTM) unbound man page
(HTM) unbound configuration file man page

## unwind

This daemon is a local recursive DNS server that will make its best to
give valid replies, it is designed for nomad users that may encounter
hostile environments like captive portals or dhcp offered DNS server
preventing DNSSEC to work etc.. Unwind polls a few DNS sources
(recursive from root servers, provided by dns, stub or DNS over TLS
server from configuration file) regularly and choose the fastest. It
will also act as a local cache and can't listen on the network to be
used by other clients. It also supports a list of blocked domains as
input.

(HTM) unwind man page
(HTM) unwind configuration file man page
(HTM) unwind control command man page

## vmd

This is the daemon that allow to run virtual machines using vmm. As of
OpenBSD 6.9 it is capable of running OpenBSD and Linux guests without
graphical interface and only one core.

(HTM) vmd man page
(HTM) vmd configuration file man page
(HTM) vmd control command man page
(HTM) vmm driver man page
(HTM) OpenBSD FAQ about virtualization

## watchdogd

This daemon is used to trigger watchdog timer devices if any.

## wsmoused

This daemon is used to provide a mouse support to the console.

## xenodm

This daemon is used to start the X server and allow users to
authenticate themselves and log in their session.

(HTM) xenodm man page

## ypbind

This daemon is used with a Yellow Page (YP) server to keep and maintain
a binding information file.

## ypldap

This daemon offers a YP service using a LDAP backend.

## ypserv

This daemon is a YP server.