From owner-freebsd-security@freebsd.org  Sat Jul 22 19:02:53 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6556DAAC97
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Sat, 22 Jul 2017 19:02:53 +0000 (UTC) (envelope-from yonas@fizk.net)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com
 [IPv6:2607:f8b0:4001:c06::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3CE1C2FF7
 for <freebsd-security@freebsd.org>; Sat, 22 Jul 2017 19:02:53 +0000 (UTC)
 (envelope-from yonas@fizk.net)
Received: by mail-io0-x234.google.com with SMTP id q2so31712336ioe.3
 for <freebsd-security@freebsd.org>; Sat, 22 Jul 2017 12:02:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fizk.net; s=google;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language;
 bh=pKZMNRe6f8sFdsLasSWv+/RJUZg6Egr2MboVocbsOw4=;
 b=Z5+QFtYuLqpb+OalRJmyzz/jYNXCJ4gktMfGn78xzLv+60qfR4kD6jN9y0WAPvTepa
 zJW2qlWlMVNvK+CwxxOF1FhAdkht8fypdacH79wrNivNH0WhaW0ydrrcdfR4dduIiHi0
 48MLaXdafyki6fKzHE8z+5fMpRWeoA1k694/Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language;
 bh=pKZMNRe6f8sFdsLasSWv+/RJUZg6Egr2MboVocbsOw4=;
 b=gmCBsapE+nsGd/0b7pZc2W1NeaJ8v8P+PINcd8o8YcXtUZ0gHUA7IpWQY9tQALzEzH
 9jdpiS5yubI/6csD4EFYdeD7EJNYX48hn1Y313lGSjH300EeDAQF0OsKPdax8lg1fA1k
 fP5KBTvYdQmvd/CsijPaNC8UbqxituzyOtG03g8P/BORxabUBcdNspJiM6Rl9Mq1D+Pk
 peKJDaddrilnKPD4BWIkunGFghkIewb/2ikse9r57KCC56v+1ZpgxX4dSNaSCN8xUbdh
 u2QTesoqt5WzN77070vp0Iw3Y21NBnvmazyKq5xV/i7dwcZAaOh34b/24m8gbnZ3ygsy
 OloQ==
X-Gm-Message-State: AIVw110Zw/C38O0WSwU/YmGWBGngx/tg3ydkZJvdjXwxJ6RrBVuuZ9Tc
 UaDXx6n+3nXT79a7xUZ+sEFr
X-Received: by 10.107.21.196 with SMTP id 187mr10456594iov.86.1500750171766;
 Sat, 22 Jul 2017 12:02:51 -0700 (PDT)
Received: from [192.168.2.200]
 (CPEf0f2494a5cf3-CMf0f2494a5cf0.cpe.net.cable.rogers.com. [174.117.121.225])
 by smtp.gmail.com with ESMTPSA id h196sm3751288ioe.41.2017.07.22.12.02.50
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 22 Jul 2017 12:02:50 -0700 (PDT)
Subject: Re: OpenSCAP for FreeBSD
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: freebsd-security@freebsd.org
References: <3056b3dc-82d6-0634-0f14-2a4308488a95@fizk.net>
 <2651306.a2lTSCmlO7@freechin.atlnet>
 <72d3444e-5174-776e-049e-8b3099fab779@fizk.net>
 <20170722124712.oxl6yalmhdetbwfe@mutt-hbsd>
From: Yonas Yanfa <yonas@fizk.net>
Message-ID: <01e93875-65d6-0332-f0c5-7d2614cde266@fizk.net>
Date: Sat, 22 Jul 2017 15:02:49 -0400
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <20170722124712.oxl6yalmhdetbwfe@mutt-hbsd>
Content-Language: en-US
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jul 2017 19:02:53 -0000

On 07/22/2017 08:47, Shawn Webb wrote:
> On Fri, Jul 21, 2017 at 09:49:14PM -0400, Yonas Yanfa wrote:
>> On 07/21/2017 20:17, Joey Kelly wrote:
>>> On Friday 21 July 2017 19:21:10 Yonas Yanfa wrote:
>>>> Hi,
>>>>
>>>> Is there anything like OpenSCAP for FreeBSD?
>>> If it's a matter of selecting an XML profile, then surely one can be crafted
>>> for any OS you choose.
>>>
>> Yes, and it shouldn't be too hard to port this to FreeBSD, but possibly time
>> consuming.
>>
>> The benefit of porting it is that they already have a lot of security
>> policies <https://www.open-scap.org/security-policies/> written (eg. USGCB,
>> PCI DSS). Scanning and remedying Linux and FreeBSD systems for
>> vulnerabilities could be done using the same XML file. Also, you can use
>> their installer plugin
>> <https://www.open-scap.org/tools/oscap-anaconda-addon/> to set security
>> profiles during install.
> I'll get in touch with some of my coworkers, who were instrumental in
> the creation of SCAP. I'll get their thoughts on LoE for porting to
> FreeBSD. Depending on their schedules, my response may be delayed.

Thanks Shawn!!! :-)


-- 

Yonas Yanfa
In Love With Open Source
Drupal <http://drupal.org/user/473174> :: GitHub 
<http://github.com/yonas> :: Mozilla 
<https://addons.mozilla.org/en-US/thunderbird/user/4614995/>
fizk.net | yonas@fizk.net