thr3ads.net - freebsd security - FreeBSD Server configuration and security compliance benchmark [Jul 2017]

If this information is useful, please help other people find it:
Share via:

Mikhail Krylatyh

2017-Jul-31 14:08 UTC

FreeBSD Server configuration and security compliance benchmark

Hi everyone.
I'm participating in development of some security-centric product, one part
of which performs compliance checks upon target server's OS. The main
purpose of this checks is to find possible misconfigurations which are widely
considered as insecure or deprecated (e.g password login by root or use of week
ciphers in sshd). As a basis of our compliances we use recommendations of
cisecurity.org <http://cisecurity.org/>
(https://www.cisecurity.org/cis-benchmarks/
<https://www.cisecurity.org/cis-benchmarks/>). Unfortunately, they
don't have any valid benchmarks for currently supported versions of FreeBSD.
So is there anything similar (the one and only available benchmark is for 4.10 -
https://drive.google.com/file/d/0B-dY8d2tWnU-b2pkczNJcURfaHM/view
<https://drive.google.com/file/d/0B-dY8d2tWnU-b2pkczNJcURfaHM/view>) in a
FreeBSD community? I'm no familiar with *BSD so any feedback or links are
appreciated.

freebsd security - Jul 2017 - FreeBSD Server configuration and security compliance benchmark

FreeBSD Server configuration and security compliance benchmark