Hacker News new | comments | show | ask | jobs | submit login

> OpenBSD for security

I dunno, I hear this a lot. Sure OpenBSD has created and implemented some (often very bleeding edge) hardening features, but nothing that hasn't seen the light of day in something like GRSecuriy.

But the lack of other security layers and constructs seem puzzling to me. No RBAC-based system like selinux? No attempt to secure the supply chain until very recently with package signing? Chroot functionality inferior to something like FreeBSD's jails?

Not to mention that many services you would deploy an OpenBSD server for are provided by ports and not the base system, forgoing the strict auditing that OpenBSD provides.

I think for anything besides a standalone router or mail/DNS server you're probably better off looking at other general purpose operating systems like FreeBSD or Linux.

I should note here that I've used various BSD's for various jobs over the years, including OpenBSD. I enjoy using it and never had any troubles with it. I would still consider it for uses that don't require much stepping out of the base system.




I asked your questions on the OpenBSD mailinglist, got these replies:

http://marc.info/?l=openbsd-misc&m=139321387226212

http://marc.info/?l=openbsd-misc&m=139321560625571




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: