which is more secure; Linux or FreeBSD?

I don't know much about either, just want your knowledgeable experience &
opinions

NotGiven wrote:

> I don't know much about either, just want your knowledgeable experience &
> opinions

If you don't know much about them (i.e. are not going to know how / want to
use the special security features), then the difference in security is
likely to be minimal.

Also, most security holes in either Linux or FreeBSD systems will result
from bugs or holes in programs you are running on those systems, rather
than faults in the OS itself, so there is not going to be much difference
anyway. The main exception to this would be if you were using some of the
special tools e.g. selinux or PaX which aim to reduce the security impact
of bugs in userspace programs.

"NotGiven" <noname@nonegiven.invalid> wrote in message
news:6Ieqf.14377$eF1.6981@bignews2.bellsouth.net.. .

> I don't know much about either, just want your knowledgeable experience &
> opinions

http://netbsd.org

NotGiven wrote:

> I don't know much about either, just want your knowledgeable experience &
> opinions

In general terms, NetBSD comes more locked down than most distribution. If
memory serves it forces you through a series of security validation "style"
steps before letting you access the web. Again -- that's if memory serves.

> NotGiven wrote:
>
>> I don't know much about either, just want your knowledgeable
>> experience & opinions
>
> In general terms, NetBSD comes more locked down than most
> distribution. If memory serves it forces you through a series of
> security validation "style" steps before letting you access the web.
> Again -- that's if memory serves.

The system that is secured to have virtually all network services
turned off by default is OpenBSD.

NetBSD and FreeBSD don't have the same particular sort of "paranoia."

It isn't really fair to draw any conclusions at all about Linux, per
se; unlike FreeBSD, NetBSD, and OpenBSD, which are more or less
integrated systems complete with init and the contents of /bin, /sbin,
/usr/bin, /lib, Linux is merely an operating system kernel, which
doesn't function without the userspace that someone else adds.

There are numerous different userspaces that different organizations
have constructed to run atop Linux, each with varying sorts of
security policies.

There is no single conclusion to be drawn, comparing Linux to FreeBSD,
because they are "apples and oranges." Linux needs things added on in
order to get something meaningfully comparable to FreeBSD, and since
different flavours of Linux distributions add *DIFFERENT* things on,
or at least different default configurations, the question is
something of a nonsequitor.

Compare Debian to FreeBSD, or SuSE version X, or Fedora Core Version Y
to FreeBSD, but not Linux.
--
"cbbrowne","@","gmail.com"
http://cbbrowne.com/info/slony.html
Signs of a Klingon Programmer - 20. "Behold, the keyboard of Kalis!
The greatest Klingon code warrior that ever lived!"

"NotGiven" <noname@nonegiven.invalid> said:
>I don't know much about either, just want your knowledgeable experience &
>opinions

The one with better administrator.

Really. Security is about knowing your system, and making it secure for
your needs and uses. Ok, OpenBSD is locked-down by default, and as such
is secure in one sense of the word. But then, in that configuration you
don't have a web server, a mail server, ..., and after you're opened
up things to get all these to run (if this is what you needed), how much
more safe are you actually? Perhaps some, but it all depends.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

"Juha Laiho" <Juha.Laiho@iki.fi> wrote in message
news:doerv0$dh9$1@ichaos2.ichaos-int...
> "NotGiven" <noname@nonegiven.invalid> said:
>>I don't know much about either, just want your knowledgeable experience &
>>opinions
>
> The one with better administrator.
>
> Really. Security is about knowing your system, and making it secure for
> your needs and uses. Ok, OpenBSD is locked-down by default, and as such
> is secure in one sense of the word. But then, in that configuration you
> don't have a web server, a mail server, ..., and after you're opened
> up things to get all these to run (if this is what you needed), how much
> more safe are you actually? Perhaps some, but it all depends.
> --
> Wolf a.k.a. Juha Laiho Espoo, Finland
> (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
> PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
> "...cancel my subscription to the resurrection!" (Jim Morrison)

Great point Juha. I will be running production Apache, MySQL and PHP.

I saw a SANS course for hardeding LAMP installs but I'd rather find
documenation than spend $3500 I dont; have to spend

In article <doerv0$dh9$1@ichaos2.ichaos-int>,
Juha Laiho <Juha.Laiho@iki.fi> wrote:
> Really. Security is about knowing your system, and making it secure for
> your needs and uses. Ok, OpenBSD is locked-down by default, and as such
> is secure in one sense of the word. But then, in that configuration you
> don't have a web server, a mail server, ..., and after you're opened
> up things to get all these to run (if this is what you needed), how much
> more safe are you actually? Perhaps some, but it all depends.

OpenBSD's security comes from more than just locking things down by
default. They also have put much more effort than the other BSD
distributions and any Linux distribution into auditing application code
looking for and fixing potential security problems.


--
--Tim Smith

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 26 Dec 2005 12:48:26 GMT,
Tim Smith <reply_in_group@mouse-potato.com> wrote:
> In article <doerv0$dh9$1@ichaos2.ichaos-int>,
> Juha Laiho <Juha.Laiho@iki.fi> wrote:
>> Really. Security is about knowing your system, and making it secure for
>> your needs and uses. Ok, OpenBSD is locked-down by default, and as such
>> is secure in one sense of the word. But then, in that configuration you
>> don't have a web server, a mail server, ..., and after you're opened
>> up things to get all these to run (if this is what you needed), how much
>> more safe are you actually? Perhaps some, but it all depends.
>
> OpenBSD's security comes from more than just locking things down by
> default. They also have put much more effort than the other BSD
> distributions and any Linux distribution into auditing application code
> looking for and fixing potential security problems.
>
>


Does OpenBSD include some sort of PAX, or SELinux like functionality?
GR-SEC maybe?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDsGSVd90bcYOAWPYRAnPhAJ43mD99w8t0iUUsx3p85q o0G0P69gCgzArM
V4Y5OOKwAuWaLWgResu+0Xo=
=H4R2
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Dash Dash Space

OpenVMS ...