Solved HardenedBSD??

[QuesoGrande]

Not sure where to post this or even if this an appropriate forum, but let us try it and see where it leads...

Has anyone tried out hardenedBSD and if so what was your experience? I am asking this in the context of using it as an operating system for a bastion host running PF with NAT and making an attempt to "Foil the Wiley Hacker". The website hosting it sings its praises ( as I would expect ), but does not say much about the use I am envisioning. Therefore I am looking for actual experience with it, if there is some to be shared.

Note that I am not averse to using straight up FreeBSD, unless this is enough tougher to hack to be worth bothering with it.

All observations welcome, be they good, bad, or indifferent. I am after a "real world view" of this.

Thanks,
QG

 

[mer]

Well, in general these forums while not discouraging talk about derivatives (HardenedBSD, GhostBSD, pfSense, etc) they don't encourage it.
That said I believe some things from HardenedBSD have been upstreamed into FreeBSD proper.
I can't say anything beyond that

 

[rbranco]

I tried it and it refuses to even compile itself. Perhaps that's why OPNsense moved from it to plain FreeBSD.

Also, the feature comparison page is extremely misleading.

Easy Feature Comparison | HardenedBSD

hardenedbsd.org

 

[QuesoGrande]

These two replies seems to support what I thought might be the case. Too good to be true probably is, and seems to be again.

Best to use mainstream FreeBSD with the hardening included a little at a time, which seems to be the gist of what mer had to say. And the statement by rbranco confirms what I was afraid of. I thank you both for keeping me from having to repeat the experience, but rather just move on with FreeBSD as released.

While it is true that "experience is what you get when you expected something else", it is also pleasant to not have to make all the mistakes for oneself. Thanks to both for the replies. I shall proceed accordingly.

QG