IBM takes a closer look at OpenBSD

Toggle sidebar Toggle sidebar
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Link.
"OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX® and Linux® administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day. Maybe it's time to give the whole operating system a closer look."
Click to expand...
 
cleverhandle

cleverhandle

Diamond Member
Dec 17, 2001
3,566
3
81
The biggest contribution that article makes is IBM's logo at the top. There's nothing at all there that hasn't been said in any number of "Intro to OpenBSD" articles.

Still, nice that they're paying attention.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: cleverhandle
The biggest contribution that article makes is IBM's logo at the top. There's nothing at all there that hasn't been said in any number of "Intro to OpenBSD" articles.

Still, nice that they're paying attention.
Click to expand...

A new article like that isn't bad every once in a while, and it's been a while since I've seen one. :p
 
cleverhandle

cleverhandle

Diamond Member
Dec 17, 2001
3,566
3
81
Of the OpenBSD security features, I'd like to see more attention payed to systrace. There are a few pages on it here and there, but it doesn't seem to get much play. And the old Hairy Eyeball policy archive seems to have disappeared into the ether. It would be nice to see policies for some of the big, scary daemons (bind, sendmail, a couple typical apache configurations) that have been well-vetted by the community.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
The hairy eyeball didn't get updated often enough, and was quickly out of date. Systrace also suffers a bit because of the complexity. SELinux is useless because it's not understandable by enough people, and systrace is only marginally less complicated.

I'm working with systrace a bit, and I'm planning on posting something eventually. I've only got 164 policies I'm working on, at the moment. ;)

The biggest problem is that some of it isn't portable. I don't know how policies created on OpenBSD will work on Linux or NetBSD systems. And Apache would be a PITA, especially with all of the different web programs out there. Maybe just a basic static content sort of configuration would be possible, but anything more than that would have to be very custom.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom