Koja je razlika izmedu NetBSD, FreeBSD i OpenBSD?

[ Hum@X @ 28.02.2004. 09:15 ] @

Zelio bi znati koja je razlika izmedu ta tri sistema i koje prednosti imaju naspreman drugim
Unix distribucijama ?

pozdrav Hum@X

[ Mitrović Srđan @ 28.02.2004. 16:25 ] @

freebsd imam netbsd sam video open bsd nisam nikad
ali po onome sto sam citao i naucio:

openBSD----
je bsd koji je najvise orijentisan na sigurnost.
znaci ako zelis siguran sistem to je openbsd.
znaci pravljen je da bude najsigurniji unix i uopste os.
veoma maloi rupa u bygova.
izdat pod gnu public licence tako da je svaka njegova komponenta dostupna
kolko sam citao njegovi programeri su po sto puta provverravali svaku liniju koda
radi otklanjanja gresaka i mogucih bugova.
ono sto je sto se tice sigurnosti vazno jeste da ima implementirane najnopvije kriptografske alatke tipa kerberos,ip kriptovanje itd.
moze se pokreteti na vecini platformi

sajt----www.openbsd.org

netBSD----

veoma portabilan tj pravljen da se moze portovati na razlicite platforme
pravljen zeleci da se free software priblizi masama.
podrzava dosta hardvera,bezicne i zicne mreze,sve protokole i takodje podrzava vise tipova fajl sistema.pomocu emulacije mnogi programi pisani za druge varijante
se mogu na njemu pokrenuti.
veoma mali broj gresaka.
programeri netbsd pri novim verzijama menjaju veliki deo orginalnog koda....
veoma cist kod...

sajt---www.netbsd.org

freeBSD----

mozes ga preuzeti sa neta nastao od orginalnog bsd unixa.
njega ne prave entuzijasti kao linux vec postoji oformlena zvanicna grupa programera koji rade na kernelu i njemu.
mozes dati svoj doprinos ako zelis a ta grupa moze ga uvrstiti u oficijelno izdanje a mozda i nece....
licenca pod kojom se distribuira bsd je razlicita od one za linux po tome sto ne
zahteva dalje distributere za javne izmene.
moze se pokretati i na ntel i na DEC alpha prockasima.......

mislim da je trenutna verzija 5.2 jel ja tu imam
sajt----www.freebsd.org

inace ako nisi znao BSD je skracenica od Berkeley Software distribution
inace kalifornijski univerzitet

[ Hum@X @ 28.02.2004. 18:54 ] @

Hvala na odgovoru .

[ Marko_R @ 06.08.2006. 11:52 ] @

Citat:

blood: izdat pod gnu public licence tako da je svaka njegova komponenta dostupna

Ne bih baš rekao: http://www.openbsd.org/policy.html

[ Rehash @ 06.08.2006. 19:15 ] @

OpenBSD i GNU? Uh..Theo bi sad nekog gadjao stolicom.

[ Body Bag @ 27.08.2006. 14:11 ] @

Ako se premisljas koji BSD da izberes-ja bi toplo preporucio FreeBSD koji je koncipiran tako da objedinjuje sve dobre karakteristike prethodna dva-portabilanost NetBSD-a,sigurnost OpenBSD-a,plus je podjednako dobar i kao server a i kao desktop(postoje drajveri za Nvidia kartice,jedini ima i DRI podrsku za ostale kartice koje su pokrivne doticnim,ima najvecu bazu programa-preko 14000 paketa+pride portovi...itd) u zavisnosti sta ti treba...
NetBSD i OpenBSD su odlicni takodje,ali su oni vise za ljude koji imaju bas specificne potrebe-recimo za server,firewall,mreza sa vise razlicitih kompova i kombinacija,portokola..itd
Za desktop nisu bas najsrecnije resenje-NetBSD ima odlicnu podrsku za sav moguci mrezni hardver,ali za ostale stvari je prilicno ogranicena,sto jasno ukazuje koja je ciljna grupa
Slicno stoji i za OpenBSD koji ima odlicnu wireless i mreznu podrsku(mozda bolje nego i FreeBSD),ali sa ostatkom takodej prilicno kuburi....
PoZ!

[ bojan_bozovic @ 21.09.2006. 00:36 ] @

Ajde BodyBag, FreeBSD nije portabilan kao NetBSD. Ima manje portova i od OpenBSD cak, koji ih ima desetak, NetBSD preko 30.

[ Body Bag @ 21.09.2006. 00:57 ] @

Pa dobro,ali ipak je FreeBSD kao neka vrsta dzokera-nadstoji da objedini sve karakteristike druga dva-nesto po sistemu za svakog po malo :-)
Zato i odgovara nesto sirem krugu ljudi,nego npr. NetBSD....

[ bojan_bozovic @ 21.09.2006. 01:14 ] @

Common misconception. I OpenBSD i NetBSD su sasvim OK za desktop use. Upravo sa NetBSD i pisem ovo, a ne sumnjam da isto i za OpenBSD vazi - nabacis mu omiljeni wm ili Gnome/KDE i nema znacajne razlike. samo da kazem, ovo mi cudo od januara radi kao sat - sistem nijednom nije ni kasljucnuo, dok je Linux npr. imao obicaj da se zaglavi u X, pa mozda jedno mesecno ili cesce.

BTW bas kao i na FreeBSD, mozes pokretati linux programe (v. gore linux Operu), a mogao bih i FreeBSD programe takodje. Ono sto NetBSD i OpenBSD nemaju a FreeBSD i Linux imaju je DRI, medjutim ni Linux ni FreeBSD nisu za ozbiljan rad sa 3D zbog manjkave hardverske podrske, da ima binary drajvera ali su isti losijeg kvaliteta od Windows drajvera. Ni Blender mi se ne svidja bas.

[ Mitrović Srđan @ 21.09.2006. 07:23 ] @

Kada bi FBSD uspeo da objedini sigurnost OpenBSD i portabilnost NetBSD
verovatno oni bi prestali da postoje :)

Fbsd je mainstream.
OpenBSD je svakako sigurniji i "out-of-the-box" a i kasnije
posle security auditiranja. Mislim da je mozda fBSD pogodniji
za dekstop iz jednog razloga - user friendly. Ali opet se
postavlja pitanje koliko je user-firendly za obicnog korisnika
kome je pretesko da svari i jedan idiot pr00f ubuntu.
Iako je i sigurnost vazna u fBSD projektu , ne igra glavnu
ulogu tj nije primarna stvar kao u OpenBSD.

Zakljucak je opet da treba koristiti po licnom izboru.
Tj u zavisnosti od uloge koji ce OS imati (server,desktop,fw).

[ bojan_bozovic @ 21.09.2006. 15:14 ] @

A sta to podrzava SSH root login po defaultu? NetBSD? FreeBSD? Ili OpenBSD? :) vec se kupi... Sto manje moras da radis nakon man afterboot sistem je sigurniji. A NetBSD i FreeBSD su itekako sigurni.

Npr. na NetBSD moras da setujes ALLOW_VULNERABLE_PACKAGES da bi mogao da instaliras ista sto ima exploit.Po defaultu PHP ne mozes da instaliras! Ili GIMP :) A i svipaketi se podrazumevano kompajliraju tako da su maksimalno bezbedni

erika# audit-packages
Package kdegraphics-3.5.0 has a buffer-overflow vulnerability, see http://www.kde.org/info/security/advisory-20051207-2.txt
Package poppler-0.4.2nb2 has a arbitrary-code-execution vulnerability, see http://scary.beasts.org/security/CESA-2005-003.txt
Package kdelibs-3.5.0 has a buffer-overflow vulnerability, see http://www.kde.org/info/security/advisory-20060119-1.txt
Package xine-lib-1.0.3anb3 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
Package xine-lib-1.0.3anb3 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048
Package kdegraphics-3.5.0 has a arbitrary-code-execution vulnerability, see http://www.kde.org/info/security/advisory-20060202-1.txt
Package gnupg-1.4.2 has a verification-bypass vulnerability, see http://secunia.com/advisories/18845/
Package gnupg-1.4.2 has a incorrect-signature-verification vulnerability, see http://lists.gnupg.org/piperma...pg-announce/2006q1/000216.html
Package tiff-3.7.4 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0405
Package tiff-3.7.4 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-2024
Package tiff-3.7.4 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
Package tiff-3.7.4 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
Package tiff-3.7.4 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-2120
Package xine-lib-1.0.3anb3 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1664
Package openldap-2.3.11nb1 has a buffer-overflow vulnerability, see http://secunia.com/advisories/20126/
Package tiff-3.7.4 has a arbitrary-code-execution vulnerability, see http://secunia.com/advisories/20488/
Package seamonkey-1.0.2 has a remote-information-exposure vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2894
Package kdebase-3.5.0nb1 has a local-information-exposure vulnerability, see http://www.kde.org/info/security/advisory-20060614-1.txt
Package netpbm-10.30 has a denial-of-service vulnerability, see http://secunia.com/advisories/20729/
Package gnupg-1.4.2 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
Package php-5.1.4nb1 has a security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3011
Package xine-lib-1.0.3anb3 has a remote-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802
Package gimp-2.3.4nb1 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-44.html
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-45.html
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-46.html
Package seamonkey-1.0.2 has a cross-site-scripting vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-47.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-48.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-49.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
Package seamonkey-1.0.2 has a privilege-escalation vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
Package seamonkey-1.0.2 has a privilege-escalation vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
Package seamonkey-1.0.2 has a privilege-escalation vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
Package seamonkey-1.0.2 has a cross-site-scripting vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-54.html
Package seamonkey-1.0.2 has a arbitrary-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
Package seamonkey-1.0.2 has a cross-site-scripting vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-56.html
Package apache-2.0.58 has a remote-code-execution vulnerability, see http://secunia.com/advisories/21197/
Package gnupg-1.4.2 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3746
Package mysql-server-5.0.22 has a security-bypass vulnerability, see http://secunia.com/advisories/21259/
Package mysql-server-5.0.22 has a security-bypass vulnerability, see http://secunia.com/advisories/21506/
Package mysql-server-5.0.22 has a privilege-escalation vulnerability, see http://secunia.com/advisories/21506/
Package tiff-3.7.4 has a multiple-vulnerabilities vulnerability, see http://secunia.com/advisories/21304/
Package php-5.1.4nb1 has a security-bypass vulnerability, see http://secunia.com/advisories/21403/
Package ImageMagick-6.2.8.0 has a arbitrary-code-execution vulnerability, see http://secunia.com/advisories/21462/
Package php-5.1.4nb1 has a multiple-vulnerabilities vulnerability, see http://secunia.com/advisories/21546/
Package libwmf-0.2.8.4nb3 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
Package freetype2-2.2.1 has a arbitrary-code-execution vulnerability, see http://secunia.com/advisories/21450/
Package ImageMagick-6.2.8.0 has a arbitrary-code-execution vulnerability, see http://secunia.com/advisories/21615/
Package musicbrainz-2.1.1nb1 has a remote-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4197
Package gtar-base-1.15.1nb2 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
Package gtar-base-1.15.1nb2 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
Package openldap-2.3.11nb1 has a bypass-security-restrictions vulnerability, see http://secunia.com/advisories/21721/
Package seamonkey-1.0.2 has a buffer-overflow vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
Package seamonkey-1.0.2 has a signature-forgery vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
Package seamonkey-1.0.2 has a frame-content-spoofing vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
Package seamonkey-1.0.2 has a remote-code-execution vulnerability, see http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
Package ns-flash-7.0.63 has a remote-code-execution vulnerability, see http://www.adobe.com/support/security/bulletins/apsb06-11.html
Package gnutls-1.4.0 has a signature-forgery vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790
erika#

jedna komanda i sve znas, to je druga stvar zbog koje ovo ni za sta ne menjam.

Kada je u NetBSD 3.0 otkriveno par lokalnih exploita vezanih za audio podsistem (nov u 3.0) patch za kernel je izbacen u roku od odmah. I tu ne govorimo o remote rupama. Imas GIMP? Tvoj OpenBSD nije bezbedan. Da li to znas? :)
_{[Ovu poruku je menjao bojan_bozovic dana 21.09.2006. u 16:26 GMT+1]}

_{[Ovu poruku je menjao bojan_bozovic dana 21.09.2006. u 16:34 GMT+1]}

[ Mitrović Srđan @ 21.09.2006. 18:30 ] @

Mm nemam gimp jel OBSD ne drzim kao desktop masinu.
Niti cu ga drzati u skorijoj buducnosti.

http://www.openbsd.org/security.html

Sasvim mi odgovara sve sto ima da ponudi.

[ bojan_bozovic @ 22.09.2006. 02:05 ] @

Moze Theo da pise sta hoce, ali bre po defaultu imas sendmail na OpenBSD (a i FreeBSD i NetBSD BTW) tako da eto tu barem to pada u vodu. Sta ti vredi sto u kernelu i libc nema exploita kad ih je MTA pun? NetBSD od 4.0 prelazi na Postfix po defaultu upravo zbog toga, dosabilo im je da na svaka dva meseca ima tri nova exploita u osnovnom sistemu. A za root SSH login mi ne odgovori uopste. Ipak i kod OpenBSD mora eto sistem dodatno da se osigurava, da se instalira Postfix itd. Nista nije bezbedno out-of-the-box, to samo na Slashdotu prolazi.

[ Mitrović Srđan @ 22.09.2006. 07:29 ] @

Da opet ostaje teza da je sistem siguran koliko je njegov administrator
sposoban da ga osigura i da ga odrzava. Opet zavisi kako do toga i dolazi.
Sto je Theo kriv sto je sendmail busan? Da li je to greska do njih ili OpenBSD-a?

Citat:

No operating system can protect itself from an ignorant or careless sysadmin.

Nemam ja nista protiv NetBSD nemogu duboko da komentarisem ono sto
ne koristim u svakodnevnoj primeri.
OBSD je lako odrzavati sigurnim PF je pisan za OpenBSD nije neki "port",
OpenSSH je deo OpenBSD projekta :)

Pogledaj paper odlican je :
http://www.openbsd.org/papers/ven05-deraadt/

[ Cileinteractiv @ 03.10.2006. 23:36 ] @

Pozdrav!

Pažljivo sa pročitao ovu temu i želim da malo prokomentarišete i PCBSD, gde se on nalazi u priči? Ako se ne varam on je varijanta FreBSD-a?!

[ vladared @ 04.10.2006. 04:53 ] @

Dobro si ukapirao Cile.
Naime PC-BSD je Free-BSD klon nastao na jednom velikom nedostatku samog oca (FreeBSDa). Mnogi FreeBSDu zameraju njegov interfejs koji je dosta asketski i malte ne u kome sve ručno moraš da podešavaš. Upravo zbog toga većina apsolutnih početnika kada probaju FBSD uglavnom dignu ruke još na samom prvom koraku. Zbog takvih nastaje jedan dosta zanimljiv niz FBSD klonova koji u principu imaju sve što i FBSD+lakoću postavljanja+neku karakteristiku. Tako npr. DesktopBSD je isto jedan takav klon koji ima sve što i FBSD samo što se sve radi iz grafičkog okruženja. Kao osnova je uzeta port grana FBSDa 5.5 ali oni koji žele veoma lako mogu da nadograde na 6.0.
Gde je PC-BSD u toj priči? Opet kernel FBSD+ port stablo FBSD6.1 (ako želiš da ga koristiš, a možeš i ne moraš)+lakoća konfigurisanja i održavanje+PBI paketi koji se ne sreću u BSD svetu a u principu su samoraspakujući instalacioni paketi. Njegova jedina prednost u odnosu na "tatu" je što ga može i apsolutni početni instalirati, koristiti i održavati. Topla preporuka za one koji nemaju vremena ili ne žele da ulaze u najveće tajne FBSDa a žele stabilnost i brzinu.