From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 20 22:33:41 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EFBB216A4C9 for ; Mon, 20 Nov 2006 22:33:41 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp6-g19.free.fr (smtp6-g19.free.fr [212.27.42.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 052E843D45 for ; Mon, 20 Nov 2006 22:33:22 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp6-g19.free.fr (Postfix) with ESMTP id AA356435F1; Mon, 20 Nov 2006 23:33:40 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 8420C9B46E; Mon, 20 Nov 2006 22:34:07 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 599E4405B; Mon, 20 Nov 2006 23:34:07 +0100 (CET) Date: Mon, 20 Nov 2006 23:34:07 +0100 From: Jeremie Le Hen To: Vini Engel Message-ID: <20061120223407.GF20405@obiwan.tataz.chchile.org> References: <455324F2.9090603@fugspbr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <455324F2.9090603@fugspbr.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: hackers@freebsd.org Subject: Re: Hardening FreeBSD, does anyone have any documentation that may help? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2006 22:33:42 -0000 Hi Vini, (Sorry for sending this mail twice, I've unintentionally removed the From: line in my previous email.) On Thu, Nov 09, 2006 at 11:54:10PM +1100, Vini Engel wrote: > Hi guys, > > This may not seem to be the best place to ask for this but as this is > supposed to be a list for high level discussions I am assuming that some > people have must know how to harden FreeBSD and/or may have articles and > other docs that can be shared. > > We have a set of simple policies that are used to harden FreeBSD > machines but I would like make it better and also would like to see how > people do it out there so that I can pick the ideas that we find > interesting/useful for us here and improve our hardening skills. > > Our machines range from dns servers to mail servers and a few > router/firewalls. Some of them don't have to have anything special but > some others have to comply with the policy of the highly protected > networks that they live in, hence the reason why I want to improve my > hardening skills. > > Any info will be greatly appreciated! I have a patch to integrate ProPolice into FreeBSD RELENG_6. Though this is obviously not officially supported by FreeBSD, some people (including me) use it on production servers. It might be worth using it, depending on which security measures you are looking for. See http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >