Date: Mon, 10 Dec 2001 21:14:44 -0600 From: "Mike Meyer" <mwm-dated-1008472485.f63e8b@mired.org> To: "f.johan.beisser" <jan@caustic.org> Cc: questions@freebsd.org Subject: RE: openbsd Message-ID: <15381.31268.834854.418233@guru.mired.org> In-Reply-To: <74612279@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
f.johan.beisser <jan@caustic.org> types: > On Mon, 10 Dec 2001, Bill Schoolcraft wrote: > > Now, correct me here when needed. Back when I started using (not > > hacking) FreeBSD the version was 3.4 and it was a "slam_dunk" that > > OpenBSD was the secure way to go. > i still regard that as being true, even in our FreeBSD 4.4 times. Even if you use the Extreme Security settings in sysinstall? > > I bring this question up at the *BSD meetings I go to here in the > > San Francisco Bay Area and seeing we are up to 4.4 (I've stayed at > > 4.2) the consensus I've been listening to is that some minor > > adjustments would secure your FreeBSD box as well as your OpenBSD > > box. Could you comment on this ? > well, the idea is that openbsd is secured out of the box. you don't have > to do these adjustments to it, since they should already be done. Most of the adjustments can now be done via the install process. > when i'm locking down my FreeBSD machine, the first thing i do is shut off > inetd. since i don't use it, there's no reason i need it. the next 3 > things are only somewhat nessassary, but i do them anyway: recompile the > kernel to use firewalling, up the maxusers and then, finally, install > extra packages. inetd can be disabled via the install process, and you don't have to recompile the kernel to use firewalling anymore. > i still think freebsd has a little ways to go to be "up to par" with > openbsd's default "secure" install. I haven't looked at OpenBSD in a long while, but it wouldn't surprise me if the FreeBSD sysinstall Extreme Security setting was more secure than OpenBSD's default install. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15381.31268.834854.418233>