Re: Newbie: RedHat 8 or OpenBSD??

[nobody () dot com]

Openbsd just haven't all the features tha a redhat linux box has.
That doesn't make it more secure.
So if you run apache webserver and there is an apache exploit
i think that the most secure box from this two will be the most
updated / patched. Also the kernel of openbsd has many disadvantges
and i don't know if the have high memory support or smp support.

A note for the end, use redhat 7.3 because 8.0 is not much time
in the 'market' .
End.

> * Vince Hillier <vdh () plutonium homeunix com>: 
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> As to openBSD is more secure, I think your opinion is flawed heavily.
>
> A box is only as secure as it's maintainer makes it.  BSD claims we're most secure out of the box.
> They forget to mention that they run less services out of the box.  
>
> As for auditing, almost evertything goes under an audit at one point or another, so why do we have security issues?
> Because people audit the code, and what do people make? That's right, mistakes.
>
> As for what you should use, you shouldn't have to ask people this, you should choose what you like and you are most 
> comfortable with.
>
> This nonsense that X OS is more secure then X is crap.  If you go ahead and install all kinds of services on a 
> OpenBSD box, and never update them, then your OpenBSD box is no more secure then a house with no dorrs/windows. Same 
> with Linux.  If you disable all the services but the ones needed to function, your box is pretty secure as long as 
> you maintain it.
>
> - - -----Original Message-----
> From: Ash [mailto:ashcrow () phreaker net] 
> Sent: Thursday, October 31, 2002 5:28 PM
> To: GSG Designs; security-basics () security-focus com
> Subject: Re: Newbie: RedHat 8 or OpenBSD??
>
>
> On Wednesday 30 October 2002 03:56 pm, GSG Designs wrote:
> > I'm fairly new to this, so please bare with me.  If this question has been
> > asked in the past, I apologize.  I'm new to the listserv as well.
>
> Welcome to the list!
>
> > We are discussing starting our own web server.  There is debate on whether
> > RedHat 8 or OpenBSD is more secure.  What are your thoughts?  We will be
> > doing online orders with credit card info, etc.  Do you have any resources
> > to point us to?  (We will be running Apache, probably a 'duh'.)
>
> OpenBSD is more secure. A lot of the code has been patched for strl* functions 
> isntead of str* for one, there was a code audit, there is integrated suport 
> for crypto, and it's the main focus of the project. One of the drawbacks to 
> Red Hat is they like to use the latest software which can lead to the latest 
> bugs.
>
> On a more practical note both can be setup to be 'secure' but it has been my 
> experience that OpenBSD takes less time as long as you are comfortable in a 
> Unix environment.
>
> Cheers,
> Ash
>
> - - ---
> Darkfire Secure Linux
> http://www.gnulinux.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0 (Build 294) Beta
>
> iQA/AwUBPcM1sUBtW3tWqkVxEQIeNACg4lwkkhmxcqrXeoMVLfMx1yLjUGgAnjsf
> qMfiq4hP8WHx0j5mWW05Q+6v
> =MsIA
> -----END PGP SIGNATURE-----