I'll keep the hardening script on mind. I have strong interests to spend more time on servers, but at the moment it is difficult to find time.
If vmm(4) is stable on OpenBSD, it can be used as an alternative to jail. Because OpenBSD has small footprint, a virtual machine of OpenBSD through vmm(4) probably will not require much more resources than a jail instance, I guess.
I have been bitten by OpenBSD once, though. I was traveling with a laptop, where OpenBSD was the only OS and the filesystem was encrypted. However, there was a hardware failure, that the data on the hard disk was corrupted. I lost some work and some files, and managed to recover the rest of the files before the hard disk died.
At the moment OpenBSD still does not support a filesystem that implements file checksum. I think it can be a limitation.
I'll keep the hardening script on mind. I have strong interests to spend more time on servers, but at the moment it is difficult to find time.
If vmm(4) is stable on OpenBSD, it can be used as an alternative to jail. Because OpenBSD has small footprint, a virtual machine of OpenBSD through vmm(4) probably will not require much more resources than a jail instance, I guess.
I have been bitten by OpenBSD once, though. I was traveling with a laptop, where OpenBSD was the only OS and the filesystem was encrypted. However, there was a hardware failure, that the data on the hard disk was corrupted. I lost some work and some files, and managed to recover the rest of the files before the hard disk died.
At the moment OpenBSD still does not support a filesystem that implements file checksum. I think it can be a limitation.