Hi everyone. I'm participating in development of some security-centric product, one part of which performs compliance checks upon target server's OS. The main purpose of this checks is to find possible misconfigurations which are widely considered as insecure or deprecated (e.g password login by root or use of week ciphers in sshd). As a basis of our compliances we use recommendations of cisecurity.org <http://cisecurity.org/> (https://www.cisecurity.org/cis-benchmarks/ <https://www.cisecurity.org/cis-benchmarks/>). Unfortunately, they don't have any valid benchmarks for currently supported versions of FreeBSD. So is there anything similar (the one and only available benchmark is for 4.10 - https://drive.google.com/file/d/0B-dY8d2tWnU-b2pkczNJcURfaHM/view <https://drive.google.com/file/d/0B-dY8d2tWnU-b2pkczNJcURfaHM/view>) in a FreeBSD community? I'm no familiar with *BSD so any feedback or links are appreciated. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
