|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Security and data integrity of OpenBSD vs FreeBSD
I want to set up a home server, primarily for storing files and accessing them at or away from home (I will do other things with it in the future). I was going to just use Debian but wanted to give something new a try and I've heard the BSD experience is really cohesive compared with Linux distributions, which is very appealing. I hear that OpenBSD is security focused and thoroughly audited, so I am drawn to it for something that will be facing the internet and storing all my data. FreeBSD supposedly has great ZFS integration and bit rot concerns me a lot; this distinction makes choosing between the two difficult. Three possibilities occur to me:
1. set up some data integrity tools on OpenBSD to avoid bit rot, 2. harden FreeBSD (or just accept it as is, if the difference between the two is overstated), 3. use two servers, OpenBSD facing the internet and FreeBSD storing the bulk of the data and backups and providing it locally. Perhaps there is some Linux or illumos distribution that would be more appropriate for my needs? Please advise me on which way to go with this. |
|
|||
I would suggest option 3, using OpenBSD facing the internet. On FreeBSD you then can use ZFS.
On OpenBSD, besides a pf firewall, you could configure Wireguard for remote client file access. But I would only do ZFS on a system that has ECC memory. You cannot rely on ZFS for disk storage bit rot prevention, when the memory to calculate and verify the ZFS checksums can flip memory bits undetected.....
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Is it only ZFS, or there are other filesystems that are dependent on ECC memory?
|
|
|||
Reading about the fragility of ZFS without ECC RAM, I see it is a contentious topic. Personally I am not convinced that using ZFS without ECC RAM will actively sabotage a system more than using some other file system. ECC RAM is obviously good if you can get it.
Quote:
|
Tags |
bit rot, comparison, data integrity, freebsd, zfs |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Security Tech industry quietly patches FragAttacks Wi-Fi flaws that leak data, weaken security | J65nko | News | 3 | 23rd May 2021 06:54 AM |
Security: Standard Innovation's We-vibe collects your sex data | shep | News | 14 | 21st March 2017 06:51 PM |
FreeBSD's BPF data representation | vpenkoff | General software and network | 3 | 8th March 2013 04:27 PM |
could mixing packages and ports problematize system integrity in this case ? | daemonfowl | OpenBSD Packages and Ports | 9 | 13th May 2012 05:26 PM |
Mastering FreeBSD and OpenBSD Security | anomie | Book reviews | 5 | 27th September 2008 03:59 AM |