OpenBSD Firewall Hardware swap

We have a generic procedure for cloning an open bsd firewall that allows us to easily upgrade or replace hardware. Simply swapping the disk or raid array the OS is on is not always practical or possible (SATA to SCSI or single disk to HW raid for example). As long as each system is loaded with the same base OS (4.4 currently) making a copy of /etc/ /var/ and /root/ (as well as /home/ if shell accounts exist) and transferring that copy into place on the new system is all that needs to be done. Of course making sure the relevant patches are installed is also important.

This command can be used to fix the ownership on the home dirs if needed:

cd /home/

ls -1d * | perl -p -e "s#(\S+)#chown -R \$1\. \$1/#" | sh

Of course its always a good idea to run the above command first leaving off the final pipe to sh. Inspect the output that will be generated first, BEFORE passing directly to a root shell.

Its also important to check the permissions of the /var directory on the new system. Packing the tar files with the p flag to preserve permissions is a best practice. If the cp command is used the-p flag works the same way - i.e. making sure the permissions stay intact. The openbsd version of cp in 4.4 does not have the friendly -a (archive) flag like the GNU cp utility.