Limiting users and using strong passwords as described in Users, Files and Auditing will provide the largest security enhancement for the least work. Also discussed are key BSD system configuration files and their permissions. Generally OpenBSD sets tight default permissions but several key security related files are needlessly world readable. Tightening permissions and adjusting the built in security auditing system included with OpenBSD are covered.
— Geodsoft, BSD Hardening
OpenBSD is famous for it's onerous security demands, even more stringent and paranoid than Linux.
The downside is that high security also means huge sacrifices. You don't get to use any packages that aren't audited by the overworked security team, and that includes Python 3.
Thus, OpenBSD would be best suited as the database server for PostgreSQL. Now, how do we use it?
- It's significantly more secure than any Linux server.
- It supports PostgreSQL!
- It is the upstream for OpenSSH, OpenSSL, OpenBSD's httpd, and other great secure packages.
- It's free!
- It's not Linux.
- There's no Python.
- If it's not a package reviewed by the Security Team, you can't have it. :^(
It's pretty easy enough. Just set up and configure, and you have your very own database.
Hardening a PostgreSQL OpenBSD Server
Installation and configuration is one thing. How do you keep it safe?