OpenBSD

Gidday

Id like to know peoples opinions on OpenBSD, particuarly in comparision to FreeBSD. Ive used FreeBSD for a while, but am new to OpenBSD.

I am soon to be setting up a single domain web and mail server, with internal samba. Its not likely to be a high traffic site.

Im mainly wondeirng about OpenBSD's security. Is it really so secure once Apache and Samba and Postfix are running? Is it very STABLE under any load?

Comments? Suggestions? Experiences?

Thanks

OpenBSD's default installation might be a little more secure than FreeBSD's default installation, but in my opinion, it can't touch FreeBSD's stability (especially on older hardware).

And if you're already familiar with FreeBSD, it should be pretty easy to make FreeBSD just as secure as OpenBSD.

I just got over a phase where I thought I wanted to switch to OpenBSD (because of it's highly praised security). I installed OpenBSD on 2 servers (a DNS server running Bind, and a web server running PHP/Apache/MySQL). I'm still running OpenBSD on my name server, but under high loads, the web server seemed to die about once every other week. After wiping the web server and installing FreeBSD, I haven't had any problems.

Dave Tufts
http://dave.imarc.net/freebsd/

Does anyone else have any comments on the stability or security of OpenBSD?

Ive installed it since I posted, and found it quite nice and logical in the config department.

No crashes or un-usual stuff as yet.

Well, ive got it up and running as a public server now.

The only problem i have had is with httpd src, which Ive been told how to fix. No biggie.

My thoughts so far are that OpenBSD is an excellent OS. Very proper and correct.

Good for you. I haven't used OpenBSD since 2.X. OpenBSD is IMHO the most secure OS outside of IBM or a Trusted Sun OS.

OpenBSD does lack some of FreeBSD's features. The biggest, unless they have improved this since early 2.x days, is the lack for SMP (multi processors). Since we use FreeBSD to power some of our backend databases at work, we needed the extra horse power of dual processor systemsm, so at the time OpenBSD was out of the question.

The OpenBSD team falsely prides itself on creating the most secure O/S on earth. Why do I say falsely? Once upon a time there was a remote root vulnerability found in BSD's ftp daemon. Guess who fixed it last? The OpenBSD team. Their excuse: the ftp daemon is not enabled by default, therefore OpenBSD is still more secure. Funny how nothing is enabled by default. Or at least that's how it was when I was using it back around v2.8, maybe it's better now.