View Single Post
Old 25th June 2008
hopla hopla is offline
New User
 
Join Date: May 2008
Posts: 8
Default

I don't want to sound negative, but I've also ran the CIS tool on my box before and the fact that it hasn't been updated in a while really shows and is quite annoying.

Lots of false warnings hide the real problems, so you have to manually check everything...

For example:
Code:
Negative: 1.2 ssh_config must have 'Protocol 2' underneath Host *.
SSHD forces SSHv2 by default, so not having it explicitly specified is not a problem anymore!

That's why I also never bothered to install security/lockdown: the last port update is from 19 Apr 2007, in fact that's still the same version 2.0.0 that was released 24 Jun 2005! It could be that it still works properly on FreeBSD6.3/7.0, but i have my doubts...

Anyway I did discover, fix and learn about a lot of problems thanks to the CIS script, so I would still recommend it to everyone! Just take it with a grain of salt

Last edited by hopla; 25th June 2008 at 07:40 AM. Reason: typo
Reply With Quote