1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenBSD 5.7: Free, functional and secure

Discussion in 'Off Topic' started by Puntocom, May 31, 2015.

  1. Puntocom

    Puntocom Well-Known Member

    OpenBSD 5.7 was released the 1st of May. Is anyone here using it? it's a really great operating system. I have migrated to OpenBSD and I can't be happier. Xenforo works pretty well with its default config (and the packages mariadb 10.0.16v0, nginx 1.7.10 + php 5.6.5). I want to try to run XenForo with OpenBSD's httpd.

    OpenSSH, LibreSSL, OpenIKED, OpenSMTPD (with spamd for greylisting) are great. The man pages and FAQ is really useful.

    From their website:

    The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. As an example of the effect OpenBSD has, the popular OpenSSH software comes from OpenBSD.


    Last edited: May 31, 2015
  2. Jesepi

    Jesepi Well-Known Member

    Why that instead of something like Debian or CentOS? (Or even Ubuntu)
  3. imthebest

    imthebest Formerly Super120

    Since Linux is more widespread than BSD then I think BSD based systems like OpenBSD are a bit more secure.

    One of my servers used to run FreeBSD in the past and it worked fine.
  4. Puntocom

    Puntocom Well-Known Member

    I was using Debian for my servers and my workstation but since the change to systemd in jessie I looked for alternatives. Debian (and Linux) is bloated and its development is less well organized. I'm also getting better hardware support in my Thinkpad T61 with OpenBSD, for example compiling Linux 4 the bright control keys didn't work after trying lots of things. In OpenBSD it works by default and the sound quality is better (you can install OSSv4 in Linux though).

    OpenBSD installs a minimum system and its code is heavily audited. Among other things, it includes LibreSSL, Packet Filter and OpenSMTPD+Spamd (I can have a mailserver config of 4-5 lines and I got rid of nearly all spam without having to filter it - less server overload and less profit for spammers - https://calomel.org/spamd_config.html ). They are also developing other projects such as OpenIKED, httpd, OpenNTPD and OpenBGPD.

    I also like their "Secure by default" approach.
    For example, this forkbomb works in debian (default config) and not in OpenBSD:
    :(){ :|:& };:
    They take the security seriously: http://www.openbsd.org/security.html . They are pioneers in this matter. OpenSSH is made by the OpenBSD team, and it's included in all (or nearly all) Linux distros.

    Interesting comparison between FreeBSD and OpenBSD: http://networkfilter.blogspot.fr/2014/12/security-openbsd-vs-freebsd.html
    Last edited: Jun 2, 2015
  5. Cthulhux

    Cthulhux Member

    I don't think there is a direct correlation between the market share and the security of an operating system. OS X, leading the list of insecure operating systems, has more market share than Linux too.

    Other than that, the BSDs are a good choice for servers because they'll never have systemd. ;-)
    Puntocom likes this.
  6. Puntocom

    Puntocom Well-Known Member

    DragonFlyBSD is also very interesting. I'm waiting for them to replace OpenSSL with LibreSSL to test it in my workstation.

    I'm now using OpenBSD current in my laptop, it works great and it's really easy to upgrade (both system and packages).
  7. Cthulhux

    Cthulhux Member

    AFAIK DragonFly BSD has "dports" which roughly equal FreeBSD ports, so you should be able to replace OpenSSL with LibreSSL right now by just setting the make flags.
    Puntocom likes this.
  8. Puntocom

    Puntocom Well-Known Member

    Last edited: Jun 22, 2015
    Cthulhux likes this.
  9. Cthulhux

    Cthulhux Member

    Looks like everyone can finally replace nginx soon then?
    Puntocom likes this.

Share This Page