Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Re: OpenBSD and Security
Details can be found at www.openbsd.org. It does come with the following
packages which are source-code audited:
OpenSSH 2.3.0
perl 5.6.0 plus patches
Apache 1.3.12 + patches, including Mod_ssl 2.6.2, OpenSSL 0.9.5a
ipf 3.3.18
sendmail 8.10.1
sudo 1.6.3p5
KTH Kerberos 1.0.2
It also has the ports collection, which is not audited by the OpenBSD team.
No, it's not immune to holes in ported packages. However, you do have to go
out and actively install them ... it doesn't come with non-audited software
installed by default. At least you know when you're introducing a possible
security hole, instead of finding out afterwards. It also seems that other
companies are learning from this ... the RedHat Wolverine beta now ships
with services turned off by default, too.
OpenBSD also creates a checklist for locking the system down, which is
reviewed and mailed to root every evening. And the man pages are useful to
boot.
As far as provided a basic, functional OS, I think it does just fine. You
might check it out ... I have a basis for comparison, myself, in securing a
RedHat 7.0 vs. OpenBSD 2.7 box.
OpenBSD has gone 3 years without a remote exploit in the default
installation. I haven't heard of another "mainstream" OS that can make the
same claim.
--Adam
----- Original Message -----
From: "Bill Broadley" <bill@math.ucdavis.edu>
To: <vox-tech@franz.mother.com>
Sent: Wednesday, April 11, 2001 11:28 PM
Subject: Re: [vox-tech] Re: OpenBSD and Security
> What does Openbsd use for DNS? Maildelivery? FTP? NTP? ssh? Or does
> the installation not include this functionality and rely on the user
> to install them?
>
> Is it somehow immune to the bugs that have plagued all the popular
> distributions?
>
> Or is it just because of a much smaller user based that nobody notices.
>
>
> --
> Bill
>
|
