High Security SSH proxy Linux or BSD which distro?

[proxx]

Ello,

So eventhough I consider myself rather familiar in the linux field and have some experience on BSD I would like to have some opinions.
Basically for a project I need a super hardend box that will expose a single port to the webs.
I know there are some distros that claim to be 'hardend' etc etc etc.
So basically I am wondering  if I should go for a BSD, BSD is also questioned when it comes to security, perhaps as much as linux, opinions?
Perhaps openindiana, minix, soo many options.

Currently my thoughts go to a CentOS server install , layer 2 and 3/4 firewalling, just a single remapped SSH port exposed, private keys locked with 4086 RSA cypher, blowfish encryption.
Plus once inside the tunnel another layer of encryption.
I will be doing port forwarding over SSH which is not quite optimal when it comes to speed , especially compared to openVPN or IPSec but it is quite secure and very much on-the-fly and no need for additional routing etc.


Any thoughts or tips?

[proxx]

Not sure if it at all what you are looking for but awhile back I had built a pentest distro which had 0 "real" open ports out of the box. The only exposed ports were honeypots set up by "artillery", a linux IDS/IPS script. This of course could be changed to suit your needs.

If you are at all interested, PM me for a link to it.

Pentest distro's are something different all together.
Most 'security distros' are completely unsecure.

[vezzy]

OpenBSD. Enough said. Look up the rest.

[proxx]

OpenBSD. Enough said. Look up the rest.

That is indeed one of the candidates I was looking at.

[voodoo]

You might want to look into kernel hardening
Here are some helpful links

http://grsecurity.net/
https://wiki.archlinux.org/index.php/grsecurity
http://wiki.centos.org/HowTos/SELinux