It's great to see hardening options appear in the installer, but it is a shame that they are all off by default. I have been creating some post-install scripts based on this work.
It is a shame that DISA do not provide a STIG for FreeBSD, as their docs for other OSes are quite good. The Center for Internet Security FreeBSD Benchmark is dated 2005 and relates to FreeBSD 4.10, some of it is still useful. The last decent books (here and here) on the topic was also 2005/7.
Apart from some misc hardening scripts on various websites, there isn't much recent guidance for FreeBSD. The Design and Implementation of the FreeBSD Operating System talks about things like Capsicum/MAC, but doesn't go into day-today security topics. Colin Percival (ex FreeBSD Security Officer) mentioned on Twitter earlier this year that he might be writing a new article on FreeBSD security, but I haven't seen anything yet.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.