Installing more software

Related resources
  • Informational
  • (Other) resources that may provide inspirational ideas on what other softare may be nice to have:
    • installing common software (may mention some more ideas)
    • Stretch zone may mention some? (Maybe mentions all those at Environment Standard/Default Settings?)
    • FreeExe (may be inspiration for some ideas)
    • Tutorial on customing a Microsoft Windows installation
      • and other resources for Microsoft Windows:
        • Sysinternals
        • Nirsoft
    • ideas from /
      • Despite the name, is actually a great resource for professional technicians to be familiar with, to learn about software that can be used to help increase security.
    • TOOGAM's Software Archive
      • A lot of that is software for DOS and MSWin9x (e.g., Microsoft Windows 98 Second Edition), but if you're looking for ideas of more types of software that could be useful, that could provide some inspiration...
    • Logs
      • Did you create logs the last time you installed a new computer? Maybe consider reviewing such logged information and determine what else could be a good idea?

Note: Installing little might also be useful to keep parent images small, so that they can be re-created easily. (Discussion of that may be in some of the resources just mentioned.)

You may wish to start by viewing what packages are already installed, so you're not re-installing stuff that is already installed.

pkg_info -m

Then, the following variable is set so that the later examples will work.

export CMDNWPKG="sudo -i pkg_add -ivv"


${CMDNWPKG} nano
echo ${?}
pkg_info -M nano

${CMDNWPKG} curl
echo ${?}
pkg_info -M curl

echo ${?}
pkg_info -M pv

${CMDNWPKG} p7zip-rar
echo ${?}
pkg_info -M p7zip-rar

...and so on. Here is a more abbreviated list of commands, although people are encouraged to be more thorough than this. (If you really have a lot of packages, you may wish to place all of these commands into a single command. That can be done fairly easily using a script file, although there are probably some other slick ways to do that too. (Possibly using export and/or alias?)

${CMDNWPKG} aide
${CMDNWPKG} integrit
${CMDNWPKG} clamav
${CMDNWPKG} e2fsprogs
${CMDNWPKG} sharity-light
${CMDNWPKG} memtester
${CMDNWPKG} smartmontools

If cURL is unavailable, snag wget instead. If the system does not come with tmux, install tmux unless doing so is rather inconvenient. In that case, if screen is not pre-installed, and screen is readily available, then install screen.

Note that some software may commonly have multiple packages available. As an example, the “ytalk” package may default to trying to use some libraries from X11, but also have a no_x11 variation. (Presumably the X11 version has some sort of benefit, possibly simply by being smaller?)

${CMDNWPKG} ytalk

Here is a fuller transcript, from OpenBSD 5.7:

$ ${CMDNWPKG} ytalk
Update candidates: quirks-2.54 -> quirks-2.54
quirks-2.54 signed on 2015-03-08T12:33:05Z
No change in quirks-2.54
file:/media/opnbsdcd/#.#/packages/amd64/ is empty
Ambiguous: choose package for ytalk
a       0: <None>
        1: ytalk-3.1.1p2
        2: ytalk-3.1.1p2-no_x11
Your choice: 2
parsing ytalk-3.1.1p2-no_x11
installed /etc/ytalkrc from /usr/local/share/examples/ytalk/ytalkrc-sample
ytalk-3.1.1p2-no_x11: ok
Running /usr/sbin/makewhatis -d /usr/local/man -- /usr/local/man/man1/ytalk.1
/dev/wd0a: 56 bytes
/dev/wd0e: 271 bytes
/dev/wd0h: 86583 bytes
Extracted 86583 from 86854

For this particular port, the no_x11 version may work more easily on some systems, so that is recommended. (OpenBSD FAQ: Using flavors and subpackages sates, “For instance, some applications have a "no_x11" flavor which can be used on systems without X.”)

Other examples that are known to come with multiple flavors include:

${CMDNWPKG} samba

e.g.: OpenBSD/amd64 5.7 had two flavors: a regular flavor, and LDAP.

LDAP variety is bigger. information on samba


People who like “screen” are encourated to become familiar with tmux. Both of these software packages are described by terminal multiplexers.


If you wish to use screen and you have the “static” version available as a choice for your platform, that is a nice choice. It has less (zero?) external dependencies to be able to run. At least in theory, that can be less pleasant when working on a system that doesn't have all of the mount points available. (In reality, that likely depends on exactly what mount points are mounted, and where the dependencies would be.)

It seems the “static” flavor might not exist (in the main set of officially-created packages) for OpenBSD/amd64, even if it is released for OpenBSD/i386. information on screen

${CMDNWPKG} screen

Recommended: go with static, if it is available. Otherwise, just use the regular flavor, unless you do plan to use brltty (which is support for some equipment that uses Braille).

OpenBSD/amd64 5.7 had just: regular flavor, and shm.


Since information on mutt was not showing any useful details at the time of this writing (late September and early October 2015), another source of info was sought and found: page about mutt snapshot,compressed,sasl,sidebar,slang. This shows some flavors (some of which are similar to the flavors that seemed to be available with OpenBSD.)

OpenBSD seemed to offer several options as pre-built packages:

(Some HTML/CSS updating here would be appropriate...) a 0: <None>
1: mutt-1.5.23p9v0
2: mutt-1.5.23p9v0-compressed-sasl-sidebar
3: mutt-1.5.23p9v0-compressed-sasl-sidebar-slang
4: mutt-1.5.23p9v0-compressed-sidebar
5: mutt-1.5.23p9v0-gpgme
6: mutt-1.5.23p9v0-sasl
7: mutt-1.5.23p9v0-slang

Recommended: compressed-sasl-sidebar


SASL provides some more authentication support.

This guide currently recommends SASL... forum post


it seems slang / S-Lang is an alternative to “curses”;. MuttFAQ Appearance indicates S-Lang may be a bit less compatible.


Creates a sidebar that contains a list of folders.

Thomer M. Gil's Mutt sidebar (folder list) patch indicates that Thomer is no longer the maintainer, and points to Terry P. Chan's Mutt sidebar (folder list) patch.

${CMDNWPKG} mutt

the page also had info for: mixmaster, idn.

text browsers

Support for graphics can be very nice. Even if the system doesn't have a full X implementation installed, support for graphics is recommended, in case someone decides to use even a minimal X implementation like XVnc?.


links+ (the "no-x11" does not support graphics; other flavor does)

${CMDNWPKG} links+ information on links+ describes no_x11 as “disable X support.” So, the regular version is generally recommended, not the no_x11 version.

${CMDNWPKG} w3m information on w3m

w3m OpenBSD
w3m (the "image" does support graphics, other doesn't)
w3m in Linux

It seems there is a package naemd w3m-img which is recommended, as it supports images with Linux Framebuffer or from within xterm (but maybe not some other terminals, like gnome-terminal or Konsole. HowToGeek: w3m also notes that a “right-click menu” may not work in those less-supported terminals.

w3m for Microsoft Windows

TOOGAM's Software Archive: info on w3m has some details that may cover getting this.

Other software which may be worth getting:

Mail clients
  • alpine
    ${CMDNWPKG} alpine
  • mutt
    ${CMDNWPKG} mutt

users getting mail

Web browsing
Links by Twibright Labs for OpenBSD

OpenBSD has a port of this, called “links+”, which is different than the “links” port.

${CMDNWPKG} links+

There is a no_x11 variant. In general, the full version is recommended, in case there is any desire to see graphics. (Even if a full X Window System is not installed, something like XVnc might be useful.)


This supports graphics (in some environments), yet does not require graphics (it works in text mode), and is a fairly small program.

There's also been some support for JavaScript, although that might not be typically enabled.


Well outside the scope of this tutorial (at least for now)... Info about building JavaScript support for eLinks

This is not recommended, because it seems to conflict with links+ which is probably preferable. (Trying to install this after links+ won't work.)
Note: though Lynx had been part of OpenBSD, forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post
forum post

No other current recommendations.

${CMDNWPKG} links+
${CMDNWPKG} links
${CMDNWPKG} elinks
${CMDNWPKG} lynx

ISC licensed... xombrero for Microsoft Windows has been known to not support multi-monitors very well (right-clicking could show a menu on a different monitor).

ESR release
Chromium, Google Chrome

Opera's competitiveness over the years is certainly admirable.

Webkit (Apple Safari)

Archive/compression Handlers

7-Zip was mentioned earlier. Other good ones may be the following. (You may wish to first check what is pre-installed, as adding some of these might be unnecessary.)

  • xz
  • bzip2
  • Info-Zip (zip, unzip)
  • gzip and tar are often unnecessary to add
File downloaders
${CMDNWPKG} rtorrent
${CMDNWPKG} transmission
${CMDNWPKG} transmission

(pidgin/ytalk/google-talk/jabber ???)

messages is where such information would be placed (although, at the time of this writing, it is rather empty...)


Beyond getting the handy cpytobak software, some heavier-duty software may be worth obtaining.

  • bacula
  • ???

Other ideas may include (other?) software for SMART, NUT, hardware sensors, etc.

For OpenBSD: colortree

Some people may like shells:


There are some variations of the “Korn shell”, with various featuresets. An extremely good variation, which has been made available on multiple platforms (including platforms using the Linux kernel), is OpenBSD's variation of the Korn shell. This software is a heavily enhanced variation of a public domain version. If you're not using OpenBSD (which comes with this built-in), see if software packages offer a shell. As noted by OpenBSD FAQ 10: ksh

Although the official name is the “Korn shell”, and some people may refer the file by the executable name (saying each letter, one at a time), some people may pronounce this as “kaysh”.


There should be no need to install this onto any Unix system. Traditionally, this has been software called the “Bourne shell”. Many newer operating systems will use a newer piece of software which offers compatibility with the features provided by the traditional Bourne shell.


Typically used in many Unix systems. (For Microsoft Windows, see: TOOGAM's Software Archive: Winsh.)


GPLv2. The name bash is meant to stand for “Bourne Again shell”, which seems to be a sort of pun on the name “Bourne shell” and the Christian concept of being “born again”.

Typically used in many Unix systems. (For Microsoft Windows, see: TOOGAM's Software Archive: Winsh.)


Wikipedia's article for “Z shell”: Citation 2 describes zsh license as “MIT-like”. Mentioned as a good option by “Stop Using (and Teaching) C-Shell and Tcsh” article, though the license states, “certain shell functions are licensed under versions of the GNU General Public Licence. Anyone distributing the shell as a binary including those files needs to take account of this.” ... “None of the core functions are affected by this, so those files may simply be omitted.”

Almquist shell (ash)

A common variation is the Debian Almquist shell (dash). That variation was named after Debian, but appears to exist for other operating systems (such as OpenBSD) as well.

Debian has the interesting characteristic of using dash for its default shell, although a different shell (bash) is used for interactive sessions. For automated sessions, where interactive featuers of bash would be less useful, the use of dash provides benefits of speed, and lower overhead. The lower overhead even reduced some potential vulnerability... not only in theory, but even in practice; this reduced some problems from bash's “Shellshock” vulnerability.

Wikipedia's page for “Almquist shell” quotes Slaskware ash package info, stating, “NetBSD and Ubuntu uses ash as its /bin/sh.”

home page for Herbert Xu's DASH Herbert Xu's dash license looks rather BSD-ish, with an addition for GPLv2+ for a single file (mksignames.c). (However, BlueBrain's DASH blob's license uses LGPLv3... so, the license may typically vary, depending on what software distribution is being used.)


This is basically an improvement over the older “csh” command.

Stop Using (and Teaching) C-Shell and Tcsh recommends against teaching people how to use this software, referencing some older articles that describe problems (Csh Considered Harmful and Reasons not to use Csh) and notes, “ou should stop using, learning and teaching C-Shell and its extended Tcsh implementation, because of their horrible, inconsistent syntax, lack of usability and the fact that they induce bad habits.” (The article goes on to provide specific reasons for the claims that were just made.)

(Pronounciation note: some people pronounce “csh” by the full name of “C shell”, while others might pronounce it by saying the letter c followed by the “sh” sound, all as one word, “seesh”. That sound rather similar to the dismissive word, “sheesh”.)


This software was MIT-licensed prior to August 3, 2014, at which time it changed to GPLv2. (Xiki license change)

The interface allows vertical cursor movement, and feels more like a text editor. Previous commands can be changed, and output can be investigated.

It is written in Ruby and seems to provide some abilities to integrate nicely with Ruby. Ruby programmers may be able to get more from this.

An overview is provided by one of the Screencasts which is also available via YouTube: Xiki: Can your shell console do this? A longer video, showing more stuff, is at YouTube: Xiki is like a shell terminal but better - Intro screencast. Some other resources include: review, Slashdot article

friendly interactive shell (“fish”)
Some others
Wikipedia's “Comparison of command shells”
Media playing

This is going to be completely unnecessary for some servers. However, some people may prefer to install the software as part of a routine process, rather than to be unpleasantly surprised when their preferred software isn't on a new system.

This may be rather useless if additional software, such as some sort of multimedia drivers, hasn't yet been configured to work.

For Microsoft Windows, a list of such software is at TOOGAM's Software Archive: Multimedia Programs: section on video playback software.

the dhcpcd software also looks promising (but hasn't been thoroughly reviewed/tested by the author of this text, at this point... This may become a recommendation later.)

And, if a graphical interface is installed on the machine:

${CMDNWPKG} icewm
${CMDNWPKG} seamonkey
${CMDNWPKG} xombrero
${CMDNWPKG} firefox
${CMDNWPKG} firefox-esr

echo UNTESTED!!!!
${CMDNWPKG} chromium
${CMDNWPKG} scite
${CMDNWPKG} xscreensaver
Other important files
OpenBSD users

Also, if you have the compiler installed or you have the operating system files that include the compiler, grab at least this file:

sudo -i ksh
echo ${PKG_CACHE}/..
curl -C - -L -R -v -o ${PKG_CACHE}/../$(uname -r)ports.tgz ftp://ftp.$(uname -s).org/pub/$(uname -s)/$(uname -r)/ports.tar.gz
echo ${?}

Simply having that file can provide some additional flexibility to be able to install programs later, such as if the programs because unavailable from the main distribution point that was used to install the operating system. Programs becoming unavailable, like that, is actually a routine occurrence that tends to happen as software reaches a certain age. Ideally, a system will continue to use updated software. Regardless of intent, simply having additional flexibility is probably a good thing, particularly since it only requires performing this one act. Presumably grabbing this one file is a fairly easy task.

Update the file integrity checking databases

Since lots of software has just been installed, substantial changes have been made to what files exist on the system. If the “file integrity checker” databases are not updated now, then future changes may be more prone to blend in with the numerous changes that have just taken place. By updating the “file integrity checking” databases now, future checks may be much more meaningful. (For now, that statement may just need to be taken based on a measure of trust that is extended. However, hopefully the usefulness will be noticed at a later point in this guide, when wrapping up the base image.)

Here are some pointers to help with this:

Newer method

Just run:

aidedbup postSwPkgsInst

This is based on information shown by some of the resources mentioned in the upcoming “Older method” section.

Older method
  1. Make sure the AIDE variables are set
  2. Rotate AIDE-related data
  3. Update AIDE database
  4. Rotate AIDE-related data (again).

Then, you're welcome to proceed with AIDE: results report showing (older method: Viewing the AIDE report) if you would like to see what the latest report shows.

How many files have been added to the system since the last “file integrity checker” database update?