OpenBSD .vs FreeBSD for web, database, mail and DNS servers

Hi,

What is your opinion on OpenBSD .vs FreeBSD for web, database (MySQL and PostgreSQL), mail, DNS and other types of servers? Please provide your reasons for prefering one over the other if you can, please.

I'm most interested in reliability, robustness, security and the ability to handle large workloads -- for preferably long time periods without a crash or reboot.

What's your opinion on ease of and time required for remote maintenence (updates & patches) and remote server administration?

What other factors bear on the OpenBSD .vs FreeBSD for public internet servers issue?

How do they compare performance wise on the same x86 hardware?

Would especially appreciate folks who have run both in production environments on the public internet sharing their experiences.

Thanks a lot for sharing!

Louis

My opinion means 'jack'

anyway about 15 threads down, the ones with over a thousand views may give you some insight.


but my understanding is fbsd optimized for web


blahhhhhhh

bump:

I have minimal experience of FreeBSD vs OpenBSD - I have used FreeBSD now for 5 months in a multi-user environment hosting apache/mysql/php/ssh/ftp - albeit only 15 or so friends.

The only issue I found was with users being able to issue denial of service attacks by executing code that forks repeatedly, perpetually opening new processes and hence eating resources until a cold reboot is required. Howerver - in defense of freebsd on this matter I'd say that the machine we ran the code snippets on was only a p166 with 32mb or ram and 100mb swap space, hardly what you'd use on a production server!

After this we looked at ways in which the resources of the server could be restricted on a per-user basis and set up login classes for different 'types' of user (essentially one class for 'wheel'/effective uid 0 users and one class for all others). By creating login capabilities for each class/type of user, you can restrict various things such as mem usage, max cputime, max concurrent logins etc etc (there are about 30-50 caps in all you can set). Once these caps were in place, the effects of such malicious code execution could be curbed quite easily.

In working through 'man login.conf(5)' on freebsd, I decided to compare login capabilites on freebsd with those on openbsd. I found that the login caps on openbsd were a lot more restrictive by default than on freebsd, and in general the extent to which you can customize the login capabilities on openbsd is less than on freebsd. Hence on this alone (there are a myriad of other issues obviously), freebsd would make a better platform for performing logins (ie via ssh) whereas openbsd might make a better routing/border machine where you don't expect users to login regularly.

In terms of local security exploits, the general concensus seems to be that if you keep your source up to date on FreeBSD then it's a fine platform to host on in terms of security, the only two significant problems in the last month being a ssh potential local exploit and a zlib problem on the freebsd platform.

For much more info, check out the other threads on this forum - there are some brilliant snippets of info on exactly this subject, you just need to read through and find em.

One relevant link:
http://www.daemonnews.org/200104/bsd_family.html - the differences between the BSDs

PHP v4.11-, SSH and zlib security issue are affected to almost whole *nix (included OpenBSD) and ever Windows; not only on FreeBSD..