[cduke250]

I love FreeBSD, but my opinion is that it is not in the same category security-wise as OpenBSD.

I think everyone needs a secure OS like openBSD to manage gpg, encryption, etc..

I love linux also, but it is my opinion that the kernel is far from being as secure as the BSDs... So a secure linux distro better have a major overhauled kernel.

Check out the distro IpCop www.ipcop.org -- it uses a heavily modified openBSD kernel.

[cyberdog]

cduke250, on Jun 19 2005, 08:52 PM, said:

Wow great discussion!

Could someone post a little about the most secure (production ready) distros out there? 

I just assumed openbsd was secure enough, but I am curious about the different linux hardened distros.

<{POST_SNAPBACK}>

I havent yet tried it myself but a friend of mine swears by adamantix

[Stephen]

TheSmokingMan, on Jul 4 2005, 10:59 PM, said:

openbsd's progress is actually quite good. its not intended to be bleeding edge but its default install security model is most effective. I find it makes an excellent shellbox or network fileserver. I don't really recall openbsd being government funded though

<{POST_SNAPBACK}>

Yes it was government funded via grants just like most of the others

but the man in charge of receiving the grants mouthed off about the same people he was getting the grants from... (don't bite the hand that feeds you).

[TheSmokingMan]

cduke250, on Jul 5 2005, 01:04 AM, said:

Check out the distro IpCop www.ipcop.org --  it uses a heavily modified openBSD kernel.

<{POST_SNAPBACK}>

ipcop is great(longtime user) but its not openbsd, its linux

I should lose points for nitpicking but since its a product I use and love I couldn't help myself

as for the grants, I can see how that seems like government funding in a way ... I guess.

[yoplaboom]

I would like to use grsecurity than selinux

grsecurity include pax and mac framework

rsbac is another choice

[digital flow]

tibbar, on Feb 3 2005, 09:11 PM, said:

Here's a link to it:

http://www.nsa.gov/selinux/

I was wondering if anyone runs this here, and what your thoughts are on it.

I also am curious if NSA really use this on their systems...

<{POST_SNAPBACK}>

I think they will use it.
I tested it implemented on the Gentoo Linux Distribution.
At the first look its the same. But there is a lot other, there is not any device a home user will need (like printer, or some other "spezial" interfaces). You are not able to install any graphical programm, cause it may have an vuln hole. The group rights are also a little bit different to the normal linux (they're harder). and u can set good policies. i think with SELinux u are on a good (secured) way and is used for "things" like NSA and other secret services...

[skydance]

im using grsecurity and modsecurity for apache...