On 18 May 2001, at 8:30, Bob Miller wrote:
> I quote:
>
> Sendmail is configured to run in local queue mode, it can send
> mail but not receive (you must add the "-bd" option in rc.conf to
> enable it). As OpenBSD's webpage puts it:
>
> Three years without a remote hole in the default install!
>
> And that's the problem. They could just easily have proclaimed,
>
> Three years without incoming email!
>
> So what's the point? Install OpenBSD, get a nearly useless box.
I'd have to strongly disagree, here. I got 1) a *very* good
firewall/router and 2) a new lease on life for a Toshiba P133, that
was making a very useful time of itself as a network analysis
machine (until the MB died).
If you want more stuff, check out the rest of the CDs and the ports
tree-- I like it much better than FreeBSD's ports system.
> Or enable any service, feature, or program, and get a box that is no
> longer audited for security.
Just like linux, which I also use and like very well. Only, you're a
lot less likely to have someone mount a buffer overflow on a box
where the kernel *has* been audited for security. Also, OpenBSD
has way fewer processes running as root, which also tightens
things up quite a bit. How often do you hear of someone hacking
an OpenBSD web server?
OpenBSD doesn't seem to perform quite as well as Linux, and
doesn't run on as many platforms and doesn't do SMP. But this is
fine for small web servers. I'd also wager it makes a pretty good
small mail server or DNS server (or WINS server, for that matter).
Things where security is important.
Or how about this scenario. Take a look at the OpenBSD
firewalling HOW-TO, and tell me with a straight face that Linux,
even with IPTABLES, is even close in terms of ease of use.
Setting up my box to be a router/stateful firewall/DHCP server took
an hour to do the install, and then I had to edit 4 configuration files
and restarting the services. I even locked it down a bit tighter (for
some reason OpenBSD installed on my box with RPC enabled). I
had to read the howto, but after I figured out what was going on, it
was really pretty trivial.
Think about this as a firewall (this is the default install, 4 years
without a remote root compromise). Now think of a bunch of linux
servers sitting behind it when the script kiddies come calling. Or,
God forbid, a farm of Win2K/IIS5 web servers. I've never heard of an
OpenBSD root kit. So, the kiddies stay away from your other
boxen. Which is good.
It's not about Linux vs. OpenBSD. They excel at different things,
and in different situations, due to the fact that the goals of the
projects are not the same.
Just my .02,
Dennis
"Custard pies are a sort of esperanto: a universal language."
--Noel Godin
