Very interesting. Do you mind sharing the hardware specifications of your servers? Are you confident that FreeBSD is a secure OS to face the internet, say, as compared to OpenBSD?
Ilja van Sprundel answers your question by comparing the number of kernel vulnerabilities since 1999 of the BSDs and Linux. [1]
I don't think FreeBSD, even well hardened [2], is as secure as OpenBSD. After all, OpenBSD's main focus is security. I use OpenBSD for orchestration and monitoring, and I have an experimental setup of OpenBSD with VMM but they crash sporadically, so I'll wait a bit.
At any rate, my goal is to have two heteregenous paths (maybe OpenBSD, FreeBSD) or (Solaris, Linux). This way I could simply shutoff the vulnerable path when there's an unfixed vulnerability.
BTW, I have the FreeBSD hardening and setup scripted, which you could add into the ISO in `/etc/installerconfig`, or downloaded from the orchestration and manually ran with `bsdintall script myinstallerconfig.sh` if you wish.
I'll keep the hardening script on mind. I have strong interests to spend more time on servers, but at the moment it is difficult to find time.
If vmm(4) is stable on OpenBSD, it can be used as an alternative to jail. Because OpenBSD has small footprint, a virtual machine of OpenBSD through vmm(4) probably will not require much more resources than a jail instance, I guess.
I have been bitten by OpenBSD once, though. I was traveling with a laptop, where OpenBSD was the only OS and the filesystem was encrypted. However, there was a hardware failure, that the data on the hard disk was corrupted. I lost some work and some files, and managed to recover the rest of the files before the hard disk died.
At the moment OpenBSD still does not support a filesystem that implements file checksum. I think it can be a limitation.
