On Fri, Jul 21, 2017 at 09:49:14PM -0400, Yonas Yanfa wrote:> On 07/21/2017 20:17, Joey Kelly wrote: > > On Friday 21 July 2017 19:21:10 Yonas Yanfa wrote: > > > Hi, > > > > > > Is there anything like OpenSCAP for FreeBSD? > > If it's a matter of selecting an XML profile, then surely one can be crafted > > for any OS you choose. > > > > Yes, and it shouldn't be too hard to port this to FreeBSD, but possibly time > consuming. > > The benefit of porting it is that they already have a lot of security > policies <https://www.open-scap.org/security-policies/> written (eg. USGCB, > PCI DSS). Scanning and remedying Linux and FreeBSD systems for > vulnerabilities could be done using the same XML file. Also, you can use > their installer plugin > <https://www.open-scap.org/tools/oscap-anaconda-addon/> to set security > profiles during install.I'll get in touch with some of my coworkers, who were instrumental in the creation of SCAP. I'll get their thoughts on LoE for porting to FreeBSD. Depending on their schedules, my response may be delayed. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170722/6ca30291/attachment.sig>
On Saturday 22 July 2017 08:47:12 Shawn Webb wrote:> On Fri, Jul 21, 2017 at 09:49:14PM -0400, Yonas Yanfa wrote:> > > > Yes, and it shouldn't be too hard to port this to FreeBSD, but possibly > > time consuming. > > I'll get in touch with some of my coworkers, who were instrumental in > the creation of SCAP. I'll get their thoughts on LoE for porting to > FreeBSD. Depending on their schedules, my response may be delayed.Maybe I'm showing my ignorance, but since it's a Linux app to begin with, would it be therefore easier to get it to run under Linux emulation, rather than making a straight FreeBSD port? -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550
On 07/22/2017 08:47, Shawn Webb wrote:> On Fri, Jul 21, 2017 at 09:49:14PM -0400, Yonas Yanfa wrote: >> On 07/21/2017 20:17, Joey Kelly wrote: >>> On Friday 21 July 2017 19:21:10 Yonas Yanfa wrote: >>>> Hi, >>>> >>>> Is there anything like OpenSCAP for FreeBSD? >>> If it's a matter of selecting an XML profile, then surely one can be crafted >>> for any OS you choose. >>> >> Yes, and it shouldn't be too hard to port this to FreeBSD, but possibly time >> consuming. >> >> The benefit of porting it is that they already have a lot of security >> policies <https://www.open-scap.org/security-policies/> written (eg. USGCB, >> PCI DSS). Scanning and remedying Linux and FreeBSD systems for >> vulnerabilities could be done using the same XML file. Also, you can use >> their installer plugin >> <https://www.open-scap.org/tools/oscap-anaconda-addon/> to set security >> profiles during install. > I'll get in touch with some of my coworkers, who were instrumental in > the creation of SCAP. I'll get their thoughts on LoE for porting to > FreeBSD. Depending on their schedules, my response may be delayed.Thanks Shawn!!! :-) -- Yonas Yanfa In Love With Open Source Drupal <http://drupal.org/user/473174> :: GitHub <http://github.com/yonas> :: Mozilla <https://addons.mozilla.org/en-US/thunderbird/user/4614995/> fizk.net | yonas at fizk.net