Security Basics mailing list archives
Re: Newbie: RedHat 8 or OpenBSD??
From: nobody () dot com
Date: Mon, 4 Nov 2002 15:24:48 +0200
Openbsd just haven't all the features tha a redhat linux box has. That doesn't make it more secure. So if you run apache webserver and there is an apache exploit i think that the most secure box from this two will be the most updated / patched. Also the kernel of openbsd has many disadvantges and i don't know if the have high memory support or smp support. A note for the end, use redhat 7.3 because 8.0 is not much time in the 'market' . End.
* Vince Hillier <vdh () plutonium homeunix com>: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As to openBSD is more secure, I think your opinion is flawed heavily. A box is only as secure as it's maintainer makes it. BSD claims we're most secure out of the box. They forget to mention that they run less services out of the box. As for auditing, almost evertything goes under an audit at one point or another, so why do we have security issues? Because people audit the code, and what do people make? That's right, mistakes. As for what you should use, you shouldn't have to ask people this, you should choose what you like and you are most comfortable with. This nonsense that X OS is more secure then X is crap. If you go ahead and install all kinds of services on a OpenBSD box, and never update them, then your OpenBSD box is no more secure then a house with no dorrs/windows. Same with Linux. If you disable all the services but the ones needed to function, your box is pretty secure as long as you maintain it. - - -----Original Message----- From: Ash [mailto:ashcrow () phreaker net] Sent: Thursday, October 31, 2002 5:28 PM To: GSG Designs; security-basics () security-focus com Subject: Re: Newbie: RedHat 8 or OpenBSD?? On Wednesday 30 October 2002 03:56 pm, GSG Designs wrote:I'm fairly new to this, so please bare with me. If this question has been asked in the past, I apologize. I'm new to the listserv as well.Welcome to the list!We are discussing starting our own web server. There is debate on whether RedHat 8 or OpenBSD is more secure. What are your thoughts? We will be doing online orders with credit card info, etc. Do you have any resources to point us to? (We will be running Apache, probably a 'duh'.)OpenBSD is more secure. A lot of the code has been patched for strl* functions isntead of str* for one, there was a code audit, there is integrated suport for crypto, and it's the main focus of the project. One of the drawbacks to Red Hat is they like to use the latest software which can lead to the latest bugs. On a more practical note both can be setup to be 'secure' but it has been my experience that OpenBSD takes less time as long as you are comfortable in a Unix environment. Cheers, Ash - - --- Darkfire Secure Linux http://www.gnulinux.net -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 (Build 294) Beta iQA/AwUBPcM1sUBtW3tWqkVxEQIeNACg4lwkkhmxcqrXeoMVLfMx1yLjUGgAnjsf qMfiq4hP8WHx0j5mWW05Q+6v =MsIA -----END PGP SIGNATURE-----
Current thread:
- RE: Newbie: RedHat 8 or OpenBSD?? Golden_Eternity (Oct 31)
- Re: Newbie: RedHat 8 or OpenBSD?? Jerry M. Howell II (Nov 01)
- <Possible follow-ups>
- RE: Newbie: RedHat 8 or OpenBSD?? Michael Vaughan (Oct 31)
- Re: Newbie: RedHat 8 or OpenBSD?? Ryan Parr (Nov 01)
- Re: Newbie: RedHat 8 or OpenBSD?? Joe McCray (Nov 01)
- Re: Newbie: RedHat 8 or OpenBSD?? Ash (Nov 01)
- RE: Newbie: RedHat 8 or OpenBSD?? Anders Blockmar (Nov 01)
- RE: Newbie: RedHat 8 or OpenBSD?? Vince Hillier (Nov 01)
- Re: Newbie: RedHat 8 or OpenBSD?? nobody (Nov 04)
- RE: Newbie: RedHat 8 or OpenBSD?? Mark M. Andrich (Nov 01)
- Re: Newbie: RedHat 8 or OpenBSD?? Ash (Nov 04)