On Nov 26, 2006, at 8:11 PM, Michael Olson wrote:
Aaron Hsu <[EMAIL PROTECTED]> writes:
Aaah, right, SMP. :-) Hehe. I think a pretty strong case could be
made for using OpenBSD as the shell server OS. I would be willing to
help with doing this as well if anyone wanted it. I would feel nice
and comfy there, but I don't know if anyone else thinks this is a
good idea?
What sort of benefit would OpenBSD give us over Debian or Ubuntu? I'm
intrigued that there may be a case for it.
By default OpenBSD takes security measures which make it easier to
properly and securely run a shell server. It is less susceptible to
some of the various possible cracks and attacks which are sometimes
more easily executed on a shell server than a limited access web
server or such.
A few things about which I am thinking are the buffer overflow
protections, the use of various forms of randomness and cryptography,
etc. These little things make it much more difficult to abuse a shell
server.
Debian by default (stable version) does not have this same rather
paranoid approach. Things like SE Linux can help, but the
installation and maintenance of such things is far more difficult.
It's a simpler and easier task to manage, install, and maintain an
OpenBSD shell server (IMO), than something like Debian.
Of course, keep in mind that I speak out of partial ignorance of the
precise configurations and settings that you intend to use, and I
don't have the most thorough idea of how you all like to do things.
in my experience, I have found configuring an OpenBSD for something
like a shell server to be much easier than another system, but this
is just my experience.
Of course, some of the problems that might have arose if OpenBSD were
used on a system intended for a different role (I'm thinking web
server here), are things like the users requiring Apache 2.2, etc.
However, since, to my knowledge, the decision has already been made,
I wouldn't want to go into a point-by-point analysis at this time,
since it wouldn't really have an effect on the current systems, and
it would be very easy to do private analysis after the systems are
configured in case a future upgrade wanted to consider it.
--
Aaron Hsu
[EMAIL PROTECTED]
_______________________________________________
HCoop-SysAdmin mailing list
[email protected]
http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
