To clarify, I'm asking about the following type servers:

For web, database and other type servers like a web hosting company would have
on the public internet where people could have websites -- including e-commerce.

So, Apache, PHP, Perl, MySQL, PostgreSQL, etc -- typical web host offered stuff. So
load would vary depending on what people upload and run on their sites.

Want to pick an OS that will minimize the possibility of being taken over by crackers
or spammers -- or just bad web hosting clients messing with other people's accounts
on a shared server.

I'm NOT a web host, but want to lean what I need to run a public webserver -- not sure
which OS to go with to minimize the security risk.

Moreover, is there a consensus out there that if a person picks a given OS and
follows a specific installation, configuration and administration scheme, that they can
be *very* certian their servers are secure on the public internet?

If not, that's fine. But what OS (and hardening script if there is a great one) will give
the biggest head start?

What I don't want to do is pick an OS, spend a lot of time learning it only to find out I
wasted time on one that's fatally flawed or much less *securable* than another OS I
could pick.

Thanks a million one and all,

Louis

Well if you *really* want to learn it fast you can in several weeks, but that's really hard, trust me. You need to read things all the time, I learned how to do that in a couple of months.

If you don't have any Unix experience go with a fancy distrubution first like RedHat, learn how to compile stuff and how the system works and then try Slackware or Debian.

If you want the best uptime I think Netcraft got the answer:
[uptime.netcraft.com ]

Most of today's OS's use TCP/IP code developed at the UC Berkeley and FreeBSD is definitely a leader in networking but the guys at GNU really can code - they catched up very fast and in some aspects are ahead of BSD's already.

which is more *securable* by a non guru

Such a thing doesn't exist. If you want to run a secure system, then you need to know what you're doing, or learn it.

Are there any *definitive* step by step HOWTOs one can follow and have a very secure server with either OS?

The central concept of a secure system is that it only runs those services that it really needs for its intended purpose. Then look at those that you do need, and try to configure them as restrictively as possible, and stay on top of the latest security patches.

When will one know one is competent enough to *know* one's servers are as uncrackable as they can be made?

If you're good, then you'll know when you're there. If not, then you better don't try... ;)

which OS to go with to minimize the security risk.

Many hosting companies chose FreeBSD, because its networking code is particularly solid. It is also often named as beeing stronger in security questions. The main reason for this is that the development proceeds a lot slower than with Linux, which means that bugs tend to get found earlier (relatively speaking) in each release cycle. Even with this being the case, security aware hosters tend to stay one or two releases behind the cutting edge, in order to profit from the post-release bug fixes as well.

But apart from actual bugs, any system can only be as secure as the maintainer understands it. If you have no unix experience at all, then I'd assume that you'll need at least a year until you're reasonably fluent to understand all the potential problem. The same (or worse) would be true if you were switching from unix to Windows, of course.

What I don't want to do is pick an OS, spend a lot of time learning it only to find out I wasted time

The nice thing about unix based systems is that you don't need to relearn everything when you move on to another one. FreeBSD and Linux are a lot more similar to each other than any two Windows versions.

To make it clear, FreeBSD is more secured out of the box - yet it is harder to configure. You generally would want to first start with Linux.

Actually, I would say FreeBSD is easier to configure.
But as far as security - they are the same. It all depends on the configuration.
Both kernels are good and the userland apps are mostly the same for Linux and FreeBSD. Therefore, if there is a security risk - it's most likely in the application and not in the OS.

FreeBSD is more centralized and thus offers less chioces in how the things can be done (and that's a good thing for a newbie).

Both Linux and FreeBSD suck in SMP compared to Windows, Solaris and AIX.
They also suck with threads compred to Windows.

If you are going to be using a box with 4+ processors - forget FreeBSD. More than 8 - forget Linux.

>Actually, I would say FreeBSD is easier to configure.

Probably your opinion is influenced by the fact that it is simpler than Linux, but I think Linux (most distributions) come with a more usable setup, IMHO.

>FreeBSD is more centralized and thus offers less chioces in how the things can be done (and that's a good thing for a newbie).

I even first look at some NetBSD docs when I need to do something on Linux, many Linux docs exist - most say the same things and they are not so organised.

>Both Linux and FreeBSD suck in SMP compared to Windows, Solaris and AIX.
They also suck with threads compred to Windows.

You must be kidding, yes commercial Unices are really great at SMP, but to state that Windoze is better is a stretch. Linux didn't have good SMP several years ago you probably have read some old reviews.

Using words like Windoze or M$ etc really shows bias.

Nice talking to you, but I'm out of this thread. Don't feel like flaming.

>Using words like Windoze or M$ etc really shows bias.

I won't post anythin more on this but to make it clear: what's good SMP for if you need to restart your computer every few hours?