2 FreeBSD Features

2.1 Supported Platforms

FreeBSD has gained a reputation as a secure, stable, operating system for the Intel® (i386™) platform. However, FreeBSD also supports the following architectures:

In addition, there is ongoing development to port FreeBSD to the following architectures:

Up-to-date hardware lists are maintained for each architecture so you can tell at a glance if your hardware is supported. For servers, there is excellent hardware RAID and network interface support.

FreeBSD also makes a great workstation and laptop operating system! It supports the X Window System, the same one used in Linux® distributions to provide a desktop user interface. It also supports over 13,000 easy to install third-party applications,[3] including KDE, Gnome, and OpenOffice.

Several projects are available to ease the installation of FreeBSD as a desktop. The most notable are:

2.2 Extensible Frameworks

FreeBSD provides many extensible frameworks to easily allow you to customize the FreeBSD environment to your particular needs. Some of the major frameworks are:

Netgraph

Netgraph is a modular networking subsystem that can be used to supplement the existing kernel networking infrastructure. Hooks are provided to allow developers to derive their own modules. As a result, rapid prototyping and production deployment of enhanced network services can be performed far more easily and with fewer bugs. Many existing operational modules ship with FreeBSD and include support for:

  • PPPoE

  • ATM

  • ISDN

  • Bluetooth

  • HDLC

  • EtherChannel

  • Frame Relay

  • L2TP, just to name a few.

GEOM

GEOM is a modular disk I/O request transformation framework. Since it is a pluggable storage layer, it permits new storage services to be quickly developed and cleanly integrated into the FreeBSD storage subsystem. Some examples where this can be useful are:

  • Creating RAID solutions.

  • Providing full-blown cryptographic protection of stored data.

Newer versions of FreeBSD provide many administrative utilities to use the existing GEOM modules. For example, one can create a disk mirror using gmirror(8), a stripe using gstripe(8), and a shared secret device using gshsec(8).

GBDE

GBDE, or GEOM Based Disk Encryption, provides strong cryptographic protection and can protect file systems, swap devices, and other uses of storage media. In addition, GBDE transparently encrypts entire file systems, not just individual files. No cleartext ever touches the hard drive's platter.

MAC

MAC, or Mandatory Access Control, provides fine-tuned access to files and is meant to augment traditional operating system authorization provided by file permissions. Since MAC is implemented as a modular framework, a FreeBSD system can be configured for any required policy varying from HIPAA compliance to the needs of a military-grade system.

FreeBSD ships with modules to implement the following policies; however the framework allows you to develop any required policy:

  • Biba integrity model

  • Port ACLs

  • MLS or Multi-Level Security confidentiality policy

  • LOMAC or Low-watermark Mandatory Access Control data integrity policy

  • Process partition policy

PAM

Like Linux, FreeBSD provides support for PAM, Pluggable Authentication Modules. This allows an administrator to augment the traditional UNIX® username/password authentication model. FreeBSD provides modules to integrate into many authentication mechanisms, including:

  • Kerberos 5

  • OPIE

  • RADIUS

  • TACACS+

It also allows the administrator to define policies to control authentication issues such as the quality of user-chosen passwords.

This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.