• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

OpenBSD 5.7: Free, functional and secure

Puntocom

Well-known member
#1
OpenBSD 5.7 was released the 1st of May. Is anyone here using it? it's a really great operating system. I have migrated to OpenBSD and I can't be happier. Xenforo works pretty well with its default config (and the packages mariadb 10.0.16v0, nginx 1.7.10 + php 5.6.5). I want to try to run XenForo with OpenBSD's httpd.

OpenSSH, LibreSSL, OpenIKED, OpenSMTPD (with spamd for greylisting) are great. The man pages and FAQ is really useful.

From their website:

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. As an example of the effect OpenBSD has, the popular OpenSSH software comes from OpenBSD.

puffy57.gif


http://www.openbsd.org/57.html
https://www.openbsdstore.com/cgi-bi...tem&dept_id=01&sub_dept_id=01&product_id=CD57
 
Last edited:

imthebest

Formerly Super120
#3
Since Linux is more widespread than BSD then I think BSD based systems like OpenBSD are a bit more secure.

One of my servers used to run FreeBSD in the past and it worked fine.
 

Puntocom

Well-known member
#4
I was using Debian for my servers and my workstation but since the change to systemd in jessie I looked for alternatives. Debian (and Linux) is bloated and its development is less well organized. I'm also getting better hardware support in my Thinkpad T61 with OpenBSD, for example compiling Linux 4 the bright control keys didn't work after trying lots of things. In OpenBSD it works by default and the sound quality is better (you can install OSSv4 in Linux though).

OpenBSD installs a minimum system and its code is heavily audited. Among other things, it includes LibreSSL, Packet Filter and OpenSMTPD+Spamd (I can have a mailserver config of 4-5 lines and I got rid of nearly all spam without having to filter it - less server overload and less profit for spammers - https://calomel.org/spamd_config.html ). They are also developing other projects such as OpenIKED, httpd, OpenNTPD and OpenBGPD.

I also like their "Secure by default" approach.
"Secure by Default"
To ensure that novice users of OpenBSD do not need to become security experts overnight (a viewpoint which other vendors seem to have), we ship the operating system in a Secure by Default mode. All non-essential services are disabled. As the user/administrator becomes more familiar with the system, he will discover that he has to enable daemons and other parts of the system. During the process of learning how to enable a new service, the novice is more likely to learn of security considerations.

This is in stark contrast to the increasing number of systems that ship with NFS, mountd, web servers, and various other services enabled by default, creating instantaneous security problems for their users within minutes after their first install.
For example, this forkbomb works in debian (default config) and not in OpenBSD:
Code:
:(){ :|:& };:
They take the security seriously: http://www.openbsd.org/security.html . They are pioneers in this matter. OpenSSH is made by the OpenBSD team, and it's included in all (or nearly all) Linux distros.

Interesting comparison between FreeBSD and OpenBSD: http://networkfilter.blogspot.fr/2014/12/security-openbsd-vs-freebsd.html
 
Last edited:
#5
Since Linux is more widespread than BSD then I think BSD based systems like OpenBSD are a bit more secure.
I don't think there is a direct correlation between the market share and the security of an operating system. OS X, leading the list of insecure operating systems, has more market share than Linux too.

Other than that, the BSDs are a good choice for servers because they'll never have systemd. ;-)
 

Puntocom

Well-known member
#6
DragonFlyBSD is also very interesting. I'm waiting for them to replace OpenSSL with LibreSSL to test it in my workstation.

I'm now using OpenBSD current in my laptop, it works great and it's really easy to upgrade (both system and packages).
 
#7
AFAIK DragonFly BSD has "dports" which roughly equal FreeBSD ports, so you should be able to replace OpenSSL with LibreSSL right now by just setting the make flags.