On Wed, 25 Nov 2020 23:33:34 +0100 Peter Nicolai Mathias Hansteen <pe...@bsdly.net> wrote:
(snip) > I am not aware of any publicly available set of documents that > provide the direct checkoffs for OpenBSD with respect to specific > compliance regimes, but I’m fairly certain that you will find useful > answers by reading OpenBSD documentation with your lists of > requirements in hand, checking off on your list (if any) as you go > along. I can verify that there is no US Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) for OpenBSD. There is a generic Unix hardening guide. STIGs are developed to implement National Institute of Standards and Technology standards for IT systems, usually with deep involvement by the vendor/developer. It is not always possible to implement all the applicable STIGs for a given server, at least if you want it to work. > > I would recommend browsing the official OpenBSD docs at > https://www.openbsd.org/ <https://www.openbsd.org/>, with special > attention to https://www.openbsd.org/events.html > <https://www.openbsd.org/events.html> and searching > https://man.openbsd.org/ <https://man.openbsd.org/> using relevant > keywords. FWIW, perhaps even my recent presentation («OpenBSD and > you, the 6.8 update»), linked from > https://undeadly.org/cgi?action=article;sid=20201109055713 > <https://undeadly.org/cgi?action=article;sid=20201109055713> could > provide some useful pointers. > > All the best, > Peter > > > — > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 > seconds. > > > > -- Edward Ahlsen-Girard Ft Walton Beach, FL
