top | item 38916956

(no title)

opencl | 2 years ago

OpenBSD out of the box is an extremely minimal setup compared to the default install of most Linux distros.

A lot of the security of the default install comes from minimizing the attack surface by having very few services running. So you do not need to be tech-savvy to make it secure, but you might need to be tech-savvy to turn it into a usable system for your use case.

discuss

somat|2 years ago

OpenBSD out of the box is not minimal. As a base install it is more feature full than most linux base installs. It is small yes, but with a lot of high quality network focused services. I could easily run a company backend and network on only what is found in the base install. If I had a good solid group of people I could probably run the frontend on it. (the main thing it lacks is a web browser).

mail, web, routing, tunnels, bgp, dns, hell there is even an ldap server in there for some reason. but no ldap client, which kind of sucks.

seanw444|2 years ago

To add: it's not just the fact that it's barely running anything that makes it secure, but the things that you do run have effort put into making their codebase secure as well. Such as the various daemons, like httpd.

miah_|2 years ago

Also, the code for OpenBSD has been audited for "common" security issues, and hardened against various attack types.

https://www.openbsd.org/security.html