That’s one of the most stupid controversial questions I’ve ever read on Twitter. (Ok, I haven’t used Twitter for a long time yet, so I’m prepared for worse questions.) It shows that 140 characters cannot transport any substantial information really. The funny thing is that people indeed try to answer that question on Twitter — with 140 characters — recommending one or the other operating system to the one who asked. Total madness.
First of all, questions like this, which do not tell anything about the author’s aims and intentions, are not answerable. One could as well ask: Ferrari or Landrover? I’d suggest taking the Ferrari for the next cross-country rally, whereas the Landrover is definitely the best choice for the F1 track. Anyway, you got my point. 
This blog post has potential for flamewars between the lovers of BSD and Linux, and also between lovers of either of the Linux distributions. So let me emphasize that this is my personal opinion.
Let me kick off with two certainly arguable statements and take it from there:
- Production environment: The operating system of your choice should be the one, which you are most comfortable administering, because it’s your job to secure it to the best of your knowledge and solve upcoming issues within the least possible amount of time and effort.
- Experimental environment: Do whatever you want to. Experimental environments are meant to gain more knowledge, experience or compare it with other environments.
In this context, let’s be clear about this: Any server that is accessible from any other untrusted machine (aka Internet), is a production environment! Why so? Because it could easily be turned into a threat to others (if not secured properly), which can cause trouble with your ISP or with third parties, which leads to costs, and in the worst case lawsuits! This means: Although you run it for your own pleasure, you have to ensure that your pleasure does not become a nuisance to others — be it by your mistake or by third parties taking over your server. Should be common sense, but apparently it’s not.
Now that we’ve understood that the playground approach is misplaced in a server environment, you may want agree with my previous statements.
“I hear you, but which Linux/BSD/Unix is the best for which aims?” Let me first briefly explain how things have evolved and why a FreeBSD user will have problems recommending any Linux distribution.
Unlike any Linux distribution, which strictly speaking is merely the kernel bundled with a bunch of (mostly) GNU tools and programs, FreeBSD is a real operating system, where all core elements are maintained by a central “authority”, the FreeBSD Project (which is funded by donations collected by the FreeBSD Foundation). That ensures a high level of integrity and as a result stability. FreeBSD (like NetBSD) is a fork of the original BSD by the Berkeley University, which was derived from AT&T Unix. Nowadays you find three major BSDs out there: FreeBSD, NetBSD, and OpenBSD (which was forked from NetBSD). They are maintained by their core teams, and cross-port various functionality whenever suitable (e.g. OpenBSD’s packet filter pf). When you install any of these BSD’s base, you will end up with a working operating system and all core tools needed to administer it.
When you install any of the approximately 250 different Linux distributions out there, you more precisely install a third-party bootloader, the Linux kernel, and a whole bunch of third-party (GNU) tools and software. What exactly you end up with, depends on the taste and policies of the distributors. It should be easy to understand that a distribution which focuses on including the latest drivers and software in every release, cannot be as stable as a distribution with a rather long release cycle that has got a big number of enterprise-level users. Essentially they are all the same, but the collection of software and tools (and their branding and look&feel) differs. As various GNU projects have got a lot of cross-dependencies (e.g. PHP with GD, ImageMagick, MySQL, to mention a popular one), it is a tedious and time-consuming task to bundle the right versions with each other in order to get a stable system.
Or in other words: A Linux distributor has to ensure that their selection of third-party software form a stable system, whereas the major BSD derivates maintain the core system themselves. In the BSD world, third-party software isn’t part of the core functionality. Hence BSD doesn’t depend on the good will of other software projects. However, you can of course get a lot of third-party software, too: The portstree (in FreeBSD for example), currently contains over 20,000 different programs, carefully selected and tested, and linked against other ports and/or the core libraries. As the latter are provided by the BSD maintainers, you can be sure to have a solid foundation.
If you look at SELinux, it was a rather chaotic uncoordinated situation in the beginning: SELinux was developed and maintained by the NSA, and was not part of the kernel initially, but you could compile it as a kernel module (don’t get me started on kernel modules on a server). The tools to actually use it are part of the GNU coreutils package — third party software, strictly speaking. When SELinux reached a stable status and was supported by the Linux kernel, some distributors decided to include and activate it by default (Fedora, RHEL, and CentOS), while others didn’t make use of it at all (Debian, Ubuntu). So security was a matter of the distributor’s taste. That happens when there’s no central “authority” which ensures continuity, and coordinates kernel (and related) development. A sad result was that people didn’t want to get used to SELinux, because it wasn’t (and still isn’t) accepted as a standard and must-have. Even nowadays you read recommendations like “use ’setenforce 0′”, which effectively switches SELinux restrictions and its security improvements off! As far as I know, only RHEL and CentOS install and activate SELinux and its utilities by default. They are also the only mainstream Linux distributions which activate the iptables firewall by default, and apply a restrictive ruleset, by the way.
You’ll still even find Linux distributions, which allegedly target the server market, without SELinux utilities installed. How can you ignore huge security enhancements in a server environment? Ah right, the distributor has got a different taste and would probably add no other security tools.
Apologies for my sarcasm. Linux is not all bad, but you must not expect any distribution to be as rock-solid as any of the three main BSDs. Let’s check out which Linux is the least of all evil
The first commercial distribution back in the early 90’s was Slackware, which nowadays is only being used on a minority of Linux-based servers. Slackware is sort of considered geeky.
A couple of years ago, the big players were RedHat Linux in the English-speaking countries, and SuSE in the German-speaking areas. That has changed. RedHat Linux for the commodity market does not exist any more (it is now the community-maintained Fedora Linux, supported by RedHat). RedHat’s own Linux distribution is RedHat Enterprise Linux, which obviously targets enterprise-level customers, who are willing to pay for licenses and professional support. For those who don’t, CentOS as a de-branded RHEL copy has become more and more popular. It claims 100% binary compatibility with RHEL, without asking for license fees, and without offering professional paid support. The target group for both RHEL and CentOS are enterprises and server installations, whereas Fedora targets the desktop market.
Especially in Germany, Debian Linux is also widely used. The easy package management with apt-get certainly played an important role in its success. Fedora introduced yum to make RPM package management as easy. (Open)SuSE seems to lose market share. YaST as their package manager could be one reason.
Ubuntu was started as a Debian derivate just a few years ago, and initially aimed the desktop market trying to keep up with current hardware drivers and new features. Apart from its LTS (long term support) versions, which are being released once every two years, the life cycle of the half-year releases is very short. However, Ubuntu has experienced great success and played an important role in making Linux a widely accepted desktop operating system. In my opinion it is not the best choice for server installations where robustness is more important than introducing the latest features and device drivers, though. It also lacks SELinux utilities in its default installation.
For the tough cookies, there’s also Gentoo Linux, which covers kind of a niche market: people who believe in stability by compiling everything from scratch (and most obviously took BSD as an example), but who are reluctant to leave the Linux terrain towards BSD. Why am I saying this? Simply because compiling from scratch is rather not suitable for newbies, but all the effort still doesn’t provide a BSD level of stability in a Linux environment as too many bits and pieces are actually third-party software.
Personally, although I used to prefer Debian (before SELinux became de facto standard), I cannot take that distribution seriously any more. They made a terrible mistake when they “patched” the OpenSSL library, turning all generated keys and certificates built with them into garbage (or what do we call keys and certs which are created with a predictable random generator?). In my opinion, it shows pretty well why a more centralised approach of maintaining core components is better. There’s a thin line between diversity and mess. When distributors start patching core components just like that, rather than contributing code to the upstream projects, the diversity will soon equal mess — and introduce absolutely unnecessary distribution-related security flaws.
In my personal opinion, CentOS is the Linux distribution for a server setup (or RHEL for those who rely on professional support), whereas a desktop or laptop user’s best bet would be Ubuntu (if you can live with a short release cycle and are happy to update your whole system often) or Fedora.
However, I do prefer FreeBSD for servers (as you could easily tell after reading all this). 
And on a desktop/laptop, MacOS is my favourite. (I know that paying for solid software is political incorrect nowadays, but at least it has a reliable — FreeBSD/Darwin — foundation!)
