l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
June 17: Exploring the Terminal 		Next Installfest:
Saturday, January 26th 		Latest News:
Mar. 22: Slides from "Making Predictions Using Linux and R" talk 		Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

 Report this post as spam:

(Enter your email address)
Re: [vox-tech] Re: OpenBSD and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Re: OpenBSD and Security

  • Subject: Re: [vox-tech] Re: OpenBSD and Security
  • From: "Deja User" <unix_admin@my-MAPSdeja.com>
  • Date: Thu, 12 Apr 2001 05:15:28 -0700 
Ports are merely entries into a system, and do not address how the system itself is 
written. OpenBSD audits their source code, so once a person does get in, it is harder 
for them to wreak havoc.

>Date: Thu, 12 Apr 2001 04:23:19 -0700
>From: Bill Broadley <bill@math.ucdavis.edu>
>To: vox-tech@franz.mother.com
>Subject: Re: [vox-tech] Re: OpenBSD and Security
>Reply-To: vox-tech@franz.mother.com
>
>> In a sense, much more resistant to many of the bugs out there, out-of-the-box, 
>before hardening, because of all the work done prior to your installing the system.
>
>I don't see how this is true.  Openbsd has the same security problems
>in sendmail, named, openssh, ftpd that the rest of the distributions
>have.  Either they don't do line by line security audits of PORTS
>or they miss the security holes just like the rest of the world.  Line
>by line audits help, are hardly foolproof, and many people do them.
>
>> No, definitely not. OpenBSD, I believe, is quantifiably more secure (again, 
>out-of-the-box) than Linux is. I think this is fairly common knowledge among those 
>who care to take an interest in such things. That does not mean Linux can't be made 
>highly secure... or is somehow an "inferior" OS (such as Windows!).
>
>Openbsd has something like 25 security problems with 2.7: 
>     http://www.openbsd.com/errata27.html
>
>You can configure redhat with similar functionality during installation
>and would have a similar number of security problems.   I see minimal
>difference between checking a package for installation and doing
>similar under PORTS.
>
>Of those I know who take an interest in such things, they install whatever
>OS they choose, install the latest patches, turn off ALL network services,
>turn on ssh, THEN put the machine on the net.  Then they start installing/
>configuring the functionality they need, making sure it's 100% up to
>date (often distributions use slightly old versions), configuring it
>for maximum security, make sure it runs as a user with minimum privileges
>etc.
>
>Then they take proactive measures, monitoring file checksums, tracking
>access logs, analyzing network traffic etc.
>
>Redhat provides MD5 checksums and CryptoSigned packages to help insure the
>integrity of a system package or binary, not that other OS's/distributions
>don't.
>
>--
>Bill


------------------------------------------------------------
--== Sent via Deja.com ==--
http://www.deja.com/
LinkedIn
LUGOD Group on LinkedIn 		Sign up for LUGOD event announcements
Your email address: 		facebook
LUGOD Group on Facebook

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

 Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!