From owner-freebsd-security@freebsd.org Mon Jul 31 14:08:55 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B99BDAE808 for ; Mon, 31 Jul 2017 14:08:55 +0000 (UTC) (envelope-from mikhail.krylatyh@rcntec.com) Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AC41F7C011 for ; Mon, 31 Jul 2017 14:08:54 +0000 (UTC) (envelope-from mikhail.krylatyh@rcntec.com) Received: by mail-lf0-x236.google.com with SMTP id y15so114116815lfd.5 for ; Mon, 31 Jul 2017 07:08:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rcntec.com; s=google; h=from:mime-version:subject:message-id:date:to; bh=OAfY1zmpPaaPw/M2ivtiqapEsgI5VLt52Rp0wQ3RBHk=; b=SX4A802XmhwzMwyG8bDbb4IJtuaxjB76Uvh4RjebmrG2FXn9p4137dQO+nkdZOleWz Ru2c8+30gFbCI6SaNA1Pjfe/nbJyDci6JvbkG3OPJZNx43CWPayak59lA7C8faL9Xvpd Nj3qcUOiyrDWzkpM+SRv7GLBNncoWGkSmhgWE2neKQryBYGr+Aeav/8omgIUEXCkEtco 0WDf/FU6+O2uqAryOMfbwhP86bovCJGfoA+nLqcYHCMbcOx/uenyvBQjI6Ii57EbdorR nmS+bXyMvMH8dRPmvyZHuKJ+XMZ0h7H8EdJ56z7qLgJKkG0m4H43CQ5qIxU97uGY06sM C+jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=OAfY1zmpPaaPw/M2ivtiqapEsgI5VLt52Rp0wQ3RBHk=; b=Zzo2ejDatbT56afMH0vLZzihxmeiLzEiqkLIz2Rd0Vkve9R5/YZKbRd68OIL4hmVkB Yt8cT3C9sw6Jt6o8KGJ2ijE2SIccBADfDJQt80hMUoi7gV3r5b0QSZ1uHXUccESB7aw+ OLhxe3/Ksdu4ORyPHkTOsFD/rzAdJry0ckIED01Q6oByRSHwOz9npNk7d+XisxzcJRfB vUF30iiJrFgXBIdQAJG84uiRK/+TDusG5iL2O9QH3kuhSpOLsY7bN+udmrUQZpVsjrJM C1h2wmDx4E49pX31FlJ3GnJm8njhQ0AcW3PbWtl/E4xHBadHOaTbpcvTLy+m+WnA8gkS JvJQ== X-Gm-Message-State: AIVw111RDll6mXYDz7ULMRTMchHQaFPKGpbnHUwc9j30Z4ytJLrD6grR 64oicNGf+uhCaXrFSqOpow== X-Received: by 10.46.64.20 with SMTP id n20mr2381921lja.4.1501510132219; Mon, 31 Jul 2017 07:08:52 -0700 (PDT) Received: from [192.168.222.204] ([178.141.61.3]) by smtp.gmail.com with ESMTPSA id r8sm953965lff.81.2017.07.31.07.08.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 31 Jul 2017 07:08:51 -0700 (PDT) From: Mikhail Krylatyh Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: FreeBSD Server configuration and security compliance benchmark Message-Id: <23AAE336-5235-47BA-A931-26B51D287970@rcntec.com> Date: Mon, 31 Jul 2017 17:08:50 +0300 To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.3273) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jul 2017 14:08:55 -0000 Hi everyone. I'm participating in development of some security-centric product, one = part of which performs compliance checks upon target server's OS. The = main purpose of this checks is to find possible misconfigurations which = are widely considered as insecure or deprecated (e.g password login by = root or use of week ciphers in sshd). As a basis of our compliances we = use recommendations of cisecurity.org = (https://www.cisecurity.org/cis-benchmarks/ = ). Unfortunately, they don't = have any valid benchmarks for currently supported versions of FreeBSD. = So is there anything similar (the one and only available benchmark is = for 4.10 - = https://drive.google.com/file/d/0B-dY8d2tWnU-b2pkczNJcURfaHM/view = ) in = a FreeBSD community? I'm no familiar with *BSD so any feedback or links = are appreciated.=