From owner-freebsd-security@freebsd.org  Sat Jul 22 12:47:17 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD962D7FD14
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Sat, 22 Jul 2017 12:47:17 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com
 [IPv6:2a00:1450:400c:c09::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 503797CEFD
 for <freebsd-security@freebsd.org>; Sat, 22 Jul 2017 12:47:17 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-wm0-x230.google.com with SMTP id c184so434210wmd.0
 for <freebsd-security@freebsd.org>; Sat, 22 Jul 2017 05:47:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=cnFdYDbcxgzk/HSRrZo7KFO5Ftnv07XBE4LUWnJwIlg=;
 b=lEyLk3LFsY8Sn7NFLQJHE1tbRojUgZtUSfS/7diU1gSakRx/e92bkvvTnyyWH/pHSg
 CVHBIq7E37bt5vcx2df99PAoYEdink1YsRxCuNgn5XUDAgXaAVTdrtjohfX0Th9T6OYN
 xBek9RcOunXqqXasqh1pJGivFv0OoVCxvd052FhT0UFxKMPhNcYYF3LDFQ3fJUl/Ld72
 jcKNzOVhK6QR957M6gzI7WpxdvF8GAYRAXtiNgPETd6Lw+3RGO7t5jX9dOZqQvvVKnJZ
 rypT40CQGi1BLKv0DJ3DzERiRN5uGbDSi53/FvQPATfoj0uIHDY4wWK2yhRs705ZZU8a
 GjJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=cnFdYDbcxgzk/HSRrZo7KFO5Ftnv07XBE4LUWnJwIlg=;
 b=AWVlx5zHIJQy+LuCcpu1Vtpe92XOCwwVUjs+w8I+PCAbxkfitrfjyLH6j7G8B0Sysn
 pa1fYSETq6l3Td6UCjEgwIiX7eNR7DYMdlnH6qCsXJ46HTXzed/5+vj9yZDDAcR9zjIS
 gftFIAzfb5d1fziWe/1w1LyPT5oqIdVXx0M9l7DK5ewwPN3NF+8E8GjznCEncxwkGPvd
 N3+O4kx6qEyjoTCeMFwcAbW1BX/Vie0JPSvraWASM1IcgEhTYcehXA5A6GAP3j2OqAuP
 232nbs5brVyphvIPCi5CPk1VjIWqjocWy8rmJ2jAFYpOfeNiPepFB/NRr04ul0iycMVq
 rfHg==
X-Gm-Message-State: AIVw112MdhUY0nYZ3BKH/4dVoGIY77dHJ/IR2LaMJBMexyaKR131ckoL
 LAaVe/7xEiTKCaoe+vheUw==
X-Received: by 10.28.54.202 with SMTP id y71mr1407228wmh.106.1500727635649;
 Sat, 22 Jul 2017 05:47:15 -0700 (PDT)
Received: from mutt-hbsd (pool-100-16-230-154.bltmmd.fios.verizon.net.
 [100.16.230.154])
 by smtp.gmail.com with ESMTPSA id k4sm2498732wrc.34.2017.07.22.05.47.13
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 22 Jul 2017 05:47:14 -0700 (PDT)
Date: Sat, 22 Jul 2017 08:47:12 -0400
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Yonas Yanfa <yonas@fizk.net>
Cc: freebsd-security@freebsd.org
Subject: Re: OpenSCAP for FreeBSD
Message-ID: <20170722124712.oxl6yalmhdetbwfe@mutt-hbsd>
References: <3056b3dc-82d6-0634-0f14-2a4308488a95@fizk.net>
 <2651306.a2lTSCmlO7@freechin.atlnet>
 <72d3444e-5174-776e-049e-8b3099fab779@fizk.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="n5gdkrdpw746dogn"
Content-Disposition: inline
In-Reply-To: <72d3444e-5174-776e-049e-8b3099fab779@fizk.net>
X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: NeoMutt/20170609 (1.8.3)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jul 2017 12:47:17 -0000


--n5gdkrdpw746dogn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 21, 2017 at 09:49:14PM -0400, Yonas Yanfa wrote:
> On 07/21/2017 20:17, Joey Kelly wrote:
> > On Friday 21 July 2017 19:21:10 Yonas Yanfa wrote:
> > > Hi,
> > >=20
> > > Is there anything like OpenSCAP for FreeBSD?
> > If it's a matter of selecting an XML profile, then surely one can be cr=
afted
> > for any OS you choose.
> >=20
>=20
> Yes, and it shouldn't be too hard to port this to FreeBSD, but possibly t=
ime
> consuming.
>=20
> The benefit of porting it is that they already have a lot of security
> policies <https://www.open-scap.org/security-policies/> written (eg. USGC=
B,
> PCI DSS). Scanning and remedying Linux and FreeBSD systems for
> vulnerabilities could be done using the same XML file. Also, you can use
> their installer plugin
> <https://www.open-scap.org/tools/oscap-anaconda-addon/> to set security
> profiles during install.

I'll get in touch with some of my coworkers, who were instrumental in
the creation of SCAP. I'll get their thoughts on LoE for porting to
FreeBSD. Depending on their schedules, my response may be delayed.

Thanks,

--=20
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--n5gdkrdpw746dogn
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAllzSU0ACgkQaoRlj1JF
bu6n3g/+Izrnz+2Ma3L170xZsO/ZrY1XhKq1LjBOovN6jhHpJ5ercUm4QioxpxW5
XloFBX/CNn2rFmyK+nf7AonjaR1rkMYMNJGS2Kd+GwDK3sBFvE9CC62O/eHcuN7b
olCN6cRlDMMBm2hPZKp7J0o39OJChRn7VFVNfynFjvOEZycTQgO1b6XHgRbo6p8y
nwMH8hdCJAuSLJJbT4/vKxm93O3Ep/yRSR48p3BQin89PcY8KMCnIjhk/Q9VUrDC
LlXpm+9Cax4eXz1P7Y8Eae9lqaLISTWcWzeHFRk4kQhMBkYTFZXWE2OJVG1RsjvX
xGGtt4P2aR4jPdqSmwg9hwtrzjO8IwMN4L76+sujuKgux8zAh1kjB2xG/Cub52Z0
g0offIfe8oTv/I9Ym3nolZWkh5A2lPE14sc5hrhZ8Eo66Ne/3PvAjOEYtCEMqGOg
sE9ZMWzC2HUW6ZleGVQVrPOVgQkvgW6zyjOFnZATWZeYrfEBe0FnIgUbqCwvbL7g
S1zXBa8Josopo3EjJNkq+Mysz7JBaJmTRKJEv7Ood1iH0bfqdwEBxTzrghyztZlC
QACcLs8O61+gfLcgwrLU27bIYgsjEJ7KXLBNyf4uwuLxhsM94lXIo9sr0pF8Fcn1
L1+tLJo74V0IjJ49oF6ppuB/LCIUhTYe1U93SiSogRyRx7zfi+I=
=MwbR
-----END PGP SIGNATURE-----

--n5gdkrdpw746dogn--