Dag-Erling Smørgrav
2016-Oct-26 13:12 UTC
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
CeDeROM <cederom at tlen.pl> writes:> Dag-Erling Sm?rgrav <des at des.no> writes: > > CeDeROM <cederom at tlen.pl> writes: > > > I think it would be nice to have something like CIS Benchmark for > > > FreeBSD. > > https://benchmarks.cisecurity.org/downloads/multiform/ > Perfect :-) This is the place for benchmarking "advisories for local > denial-of-service attacks", no? :-)I'm not sure you understand what the CIS benchmarks are. From the website: The CIS Security Benchmarks program provides vendor-agnostic, consensus-based best practices to help organizations assess and improve their security. Resources include: - secure configuration benchmarks - automated configuration assessment tools and content - security metrics - security software product certifications DES -- Dag-Erling Sm?rgrav - des at des.no
CeDeROM
2016-Oct-26 13:33 UTC
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
You have this idea to remove local denial of service advisories. I can understand that. :-) My idea is to move them into benchmarks/recommendations such as CIS, not to /dev/null, as they also provide useful information for users and administrators. CIS-like organization of the local/configuration advisories/recommendations would make it centralized and reproducible way of quick system verification in an automated way. That would not remove additional work but also would not remove important information. That would lower the "noise" on SA list and benefit users/admins in a new way. Just an idea.. Can you understand that? :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info