It depends.. If you are running a single-purpose web server, then I prefer OpenBSD for security reasons. Administration is more complex, but the advantages outweigh the downsides. I notice you didn't include OpenBSD in the debate, but I personally think it stacks well against any distro of linux for a web server.
Openbsd is nice and secure, but i dont see how it would be much better, apache (or what ever you run as a webserver) would be the weak point in your system, that and sshd. If you run a simple firewall that blocks all other ports but 22 and 80 then its not the operating system that can be hacked, just the programs you are running. Openbsd is slow and lacks features when compared to freebsd or linux.
But you're looking at it from the perspective of remote exploits only.. There are other ways into a box, and OpenBSD covers more bases by having audited packages and tighter default user and group policies. Feature set, I don't care about, which is why I said "single-purpose" .. When all you're doing is installing apache and mysql, openBSD is the better choice. Now, if you start throwing up other kinds of servers, like J2EE or Oracle or what have you, then I would start to talk about other OS's, but for the common apache/PHP/MySQL platform, OpenBSD is perfect.
The tighter default user and group policies and package auditing can be done in freebsd, if there is a need, for a lower traffic site OpenBSD would be a very good solution, but once you have the need for smp OpenBSD really isnt an option. There is something about having a very secure o/s like OpenBSD that is appealing...
i like to use windows 95 with the web publishing something or other... oh wait, this isn't the spam fest anymore is it? OpenBSD has had like one exploit in seven years I think, that's incredible. You can probably do more with linux because it's more popularso there are more packages for it, yet that also means more points of weakness. me personally I'd vote for *BSD, it is in use by several huge companies, (yahoo's one off the top of my head, used to be at hotmail, in fact it still is on some servers,) the ports collection makes it easy to update, and it's generally a bad-ass OS. If I werent' such a noob i'd be running it, but i want to do the LFS first. Anyhow, i'd say openBSD, a script kiddie comes by and sniffs openbsd, he runs the other way.
Rob can you give some detail why you would preffer linux to bsd when managing 100?
Because the list of automation tools are huge, plus the thousands of lines of bash I've written myself to help do the job. I have a completely automated management system for linux/redhat thats completely free of license fee's, and management tools that can manipulate any number of systems at once. I can make changes to every machine with one command, from one shell. Updates are completely automated, and include channels for both standard packages, and custom builds from 'in house', so systems are always updated with the latest binarys without intervention.
Now, I haven't seen or written anything to do this in BSD. But I am doing it in linux.
You can run bash on freebsd, you can run almost anything on freebsd even if it was compiled for linux. Its very rare that i run it con compativity problems. Im pretty sure it would work, but no reason to switch if it works =].
Well, its not that simple in reality. Core system components are arranged slightly different, even from distro to distro. I wouldn't want to port my software even to another linux
Software might run on BSD that was intended for linux, but managing the system files without a major audit would scare the heck out of me. Nice to manage 100 machines with a few keystrokes, but breaking 100 machines with a few keystrokes is even easier.
trippin
Chatt, TN
Comments
<img src="http://atomnet.co.uk/dl?img=bsd">
NS
NS
Now, I haven't seen or written anything to do this in BSD. But I am doing it in linux.
Software might run on BSD that was intended for linux, but managing the system files without a major audit would scare the heck out of me. Nice to manage 100 machines with a few keystrokes, but breaking 100 machines with a few keystrokes is even easier.
devil > penguin
Sheesh everybody gets it wrong! http://www.freebsd.org/copyright/daemon.html