From owner-freebsd-hackers@FreeBSD.ORG Tue Nov 21 04:18:04 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9F75116A40F for ; Tue, 21 Nov 2006 04:18:04 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5646A43D46 for ; Tue, 21 Nov 2006 04:17:44 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so1791795wxc for ; Mon, 20 Nov 2006 20:18:03 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nJXGWX85GS2T1DnJROvjCR3RgCzvGwVDtu3lTwZAAo6rdAPTy3MSiIUGTgobHux1miFLG82bE6g016dxdsJ/GYypGc/EJcvCv5Uki8zEkHXQuHI7jtLy+ObHFDtemEQw/147WHwivLLPAuI8GKwb9mh44aCdbkWg+x147W9kvFE= Received: by 10.90.113.18 with SMTP id l18mr4549536agc.1164082682294; Mon, 20 Nov 2006 20:18:02 -0800 (PST) Received: by 10.35.29.20 with HTTP; Mon, 20 Nov 2006 20:18:01 -0800 (PST) Message-ID: <3aaaa3a0611202018v6db10bd9t64e8029efe1df1ec@mail.gmail.com> Date: Tue, 21 Nov 2006 04:18:01 +0000 From: Chris To: "Jeremie Le Hen" In-Reply-To: <20061120223407.GF20405@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <455324F2.9090603@fugspbr.org> <20061120223407.GF20405@obiwan.tataz.chchile.org> Cc: hackers@freebsd.org, Vini Engel Subject: Re: Hardening FreeBSD, does anyone have any documentation that may help? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2006 04:18:04 -0000 On 20/11/06, Jeremie Le Hen wrote: > Hi Vini, > > (Sorry for sending this mail twice, I've unintentionally removed the > From: line in my previous email.) > > On Thu, Nov 09, 2006 at 11:54:10PM +1100, Vini Engel wrote: > > Hi guys, > > > > This may not seem to be the best place to ask for this but as this is > > supposed to be a list for high level discussions I am assuming that some > > people have must know how to harden FreeBSD and/or may have articles and > > other docs that can be shared. > > > > We have a set of simple policies that are used to harden FreeBSD > > machines but I would like make it better and also would like to see how > > people do it out there so that I can pick the ideas that we find > > interesting/useful for us here and improve our hardening skills. > > > > Our machines range from dns servers to mail servers and a few > > router/firewalls. Some of them don't have to have anything special but > > some others have to comply with the policy of the highly protected > > networks that they live in, hence the reason why I want to improve my > > hardening skills. > > > > Any info will be greatly appreciated! > > I have a patch to integrate ProPolice into FreeBSD RELENG_6. > Though this is obviously not officially supported by FreeBSD, > some people (including me) use it on production servers. It > might be worth using it, depending on which security measures > you are looking for. > > See http://tataz.chchile.org/~tataz/FreeBSD/SSP/ > > Regards, > > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > would love to see this in the base especially considering its been in dragonfly and openbsd for some years now. chris