DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd March 2023
doobie0710 doobie0710 is offline
New User
 
Join Date: Mar 2023
Posts: 2
Default Security and data integrity of OpenBSD vs FreeBSD

I want to set up a home server, primarily for storing files and accessing them at or away from home (I will do other things with it in the future). I was going to just use Debian but wanted to give something new a try and I've heard the BSD experience is really cohesive compared with Linux distributions, which is very appealing. I hear that OpenBSD is security focused and thoroughly audited, so I am drawn to it for something that will be facing the internet and storing all my data. FreeBSD supposedly has great ZFS integration and bit rot concerns me a lot; this distinction makes choosing between the two difficult. Three possibilities occur to me:

1. set up some data integrity tools on OpenBSD to avoid bit rot,
2. harden FreeBSD (or just accept it as is, if the difference between the two is overstated),
3. use two servers, OpenBSD facing the internet and FreeBSD storing the bulk of the data and backups and providing it locally.

Perhaps there is some Linux or illumos distribution that would be more appropriate for my needs? Please advise me on which way to go with this.
Reply With Quote
  #2   (View Single Post)  
Old 22nd March 2023
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

I would suggest option 3, using OpenBSD facing the internet. On FreeBSD you then can use ZFS.
On OpenBSD, besides a pf firewall, you could configure Wireguard for remote client file access.

But I would only do ZFS on a system that has ECC memory. You cannot rely on ZFS for disk storage bit rot prevention, when the memory to calculate and verify the ZFS checksums can flip memory bits undetected.....
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 22nd March 2023
victorvas victorvas is offline
Real Name: Victor
Linux
 
Join Date: May 2019
Posts: 148
Default

Quote:
Originally Posted by J65nko View Post
But I would only do ZFS on a system that has ECC memory. You cannot rely on ZFS for disk storage bit rot prevention, when the memory to calculate and verify the ZFS checksums can flip memory bits undetected.....
Is it only ZFS, or there are other filesystems that are dependent on ECC memory?
Reply With Quote
  #4   (View Single Post)  
Old 23rd March 2023
Onauk's Avatar
Onauk Onauk is offline
Real Name: Thomas
Fdisk Soldier
 
Join Date: Jan 2023
Location: France
Posts: 60
Default

I would guess that every time you do checksumming you are using RAM and thus you can be subject to bit flips if not using ECC memory. So every filesystem is liable to bit flips.
Reply With Quote
  #5   (View Single Post)  
Old 24th March 2023
doobie0710 doobie0710 is offline
New User
 
Join Date: Mar 2023
Posts: 2
Default

Reading about the fragility of ZFS without ECC RAM, I see it is a contentious topic. Personally I am not convinced that using ZFS without ECC RAM will actively sabotage a system more than using some other file system. ECC RAM is obviously good if you can get it.

Quote:
Originally Posted by J65nko View Post
[...]besides a pf firewall, you could configure Wireguard for remote client file access.
Something like this is what I had in mind, along with hosting a Transmission server, DNS sinkhole for adverts and whatever other services are useful. The more I think about it, one server for storage and another for services makes a lot of sense.
Reply With Quote
Reply

Tags
bit rot, comparison, data integrity, freebsd, zfs

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security J65nko News 3 23rd May 2021 06:54 AM
Security: Standard Innovation's We-vibe collects your sex data shep News 14 21st March 2017 06:51 PM
FreeBSD's BPF data representation vpenkoff General software and network 3 8th March 2013 04:27 PM
could mixing packages and ports problematize system integrity in this case ? daemonfowl OpenBSD Packages and Ports 9 13th May 2012 05:26 PM
Mastering FreeBSD and OpenBSD Security anomie Book reviews 5 27th September 2008 03:59 AM


All times are GMT. The time now is 11:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick