From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 20 22:30:55 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 59A3716A47C for ; Mon, 20 Nov 2006 22:30:55 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp1-g19.free.fr (smtp1-g19.free.fr [212.27.42.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC53843D6D for ; Mon, 20 Nov 2006 22:30:35 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp1-g19.free.fr (Postfix) with ESMTP id B44BE68C6C; Mon, 20 Nov 2006 23:30:52 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 9EFAB9B46E; Mon, 20 Nov 2006 22:31:16 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 7BD3E405B; Mon, 20 Nov 2006 23:31:16 +0100 (CET) Date: Mon, 20 Nov 2006 23:31:16 +0100 To: Vini Engel Message-ID: <20061120223116.GE20405@obiwan.tataz.chchile.org> References: <455324F2.9090603@fugspbr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <455324F2.9090603@fugspbr.org> urom: Jeremie Le Hen User-Agent: Mutt/1.5.13 (2006-08-11) From: tataz@tataz.chchile.org (Jeremie Le Hen) X-Mailman-Approved-At: Mon, 20 Nov 2006 22:33:23 +0000 Cc: hackers@freebsd.org Subject: Re: Hardening FreeBSD, does anyone have any documentation that may help? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 22:30:55 -0000 Hi Vini, On Thu, Nov 09, 2006 at 11:54:10PM +1100, Vini Engel wrote: > Hi guys, > > This may not seem to be the best place to ask for this but as this is > supposed to be a list for high level discussions I am assuming that some > people have must know how to harden FreeBSD and/or may have articles and > other docs that can be shared. > > We have a set of simple policies that are used to harden FreeBSD > machines but I would like make it better and also would like to see how > people do it out there so that I can pick the ideas that we find > interesting/useful for us here and improve our hardening skills. > > Our machines range from dns servers to mail servers and a few > router/firewalls. Some of them don't have to have anything special but > some others have to comply with the policy of the highly protected > networks that they live in, hence the reason why I want to improve my > hardening skills. > > Any info will be greatly appreciated! I have a patch to integrate ProPolice into FreeBSD RELENG_6. Though this is obviously not officially supported by FreeBSD, some people (including me) use it on production servers. It might be worth using it, depending on which security measures you are looking for. See http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >