Hardening FreeBSD, does anyone have any documentation that may help?

[Jeremie Le Hen]

Hi Vini,

On Thu, Nov 09, 2006 at 11:54:10PM +1100, Vini Engel wrote:
> Hi guys,
> 
> This may not seem to be the best place to ask for this but as this is
> supposed to be a list for high level discussions I am assuming that some
> people have must know how to harden FreeBSD and/or may have articles and
> other docs that can be shared.
> 
> We have a set of simple policies that are used to harden FreeBSD
> machines but I would like make it better and also would like to see how
> people do it out there so that I can pick the ideas that we find
> interesting/useful for us here and improve our hardening skills.
> 
> Our machines range from dns servers to mail servers and a few
> router/firewalls. Some of them don't have to have anything special but
> some others have to comply with the policy of the highly protected
> networks that they live in, hence the reason why I want to improve my
> hardening skills.
> 
> Any info will be greatly appreciated!

I have a patch to integrate ProPolice into FreeBSD RELENG_6.
Though this is obviously not officially supported by FreeBSD,
some people (including me) use it on production servers.  It
might be worth using it, depending on which security measures
you are looking for.

See http://tataz.chchile.org/~tataz/FreeBSD/SSP/

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >