Hi, Elmar:
The system components involved in the security auditing and hardening
of the harbian-audit project are reflected in the following two documents:
https://github.com/hardenedlinux/harbian-audit/blob/master/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
https://github.com/hardenedlinux/harbian-audit/blob/master/docs/CIS_Debian_Linux_8_Benchmark_v1.0.0.pdf
For more related introductions, please see:
https://github.com/hardenedlinux/harbian-audit/blob/master/README.md
On Wed, 26 Dec 2018 at 23:36, Elmar Stellnberger <estel...@gmail.com> wrote:
> Is there a good introduction about Harbian (or Harbian-Audit) which would
> mention which system components have been changed?
> On 26.12.18 15:48, Samson wrote:
>
> Hi, Elmar:
> Are you talking about harbian-audit(
> https://github.com/hardenedlinux/harbian-audit) or harbian (
> https://github.com/harbian)?
>
> The harbian-audit project is based on CIS (
> https://www.cisecurity.org/cis-benchmarks/) and STIG (
> https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx) These two
> security deployment compliance reference implementation collections. It not
> only has the function of auditing, but also has the function of
> automatically repairing threat items. please see:
> https://github.com/hardenedlinux/harbian-audit
>
> The harbian project is mainly based on Debian GNU/Linux for security
> hardening related package customization and system customization. The
> default GNU/Linux distribution used by HardenedLinux is Debian, so our
> security hardening is based on Debian. In the context of the HardenedLinux
> community, Harbian is an acronym for Hardened Debian GNU/Linux, but it is
> currently not released for harbian.
>
>
> regards
>
>
> On Wed, 26 Dec 2018 at 00:54, Elmar Stellnberger <estel...@gmail.com>
> wrote:
>
>> Can anyone tell what kind of program harbian is?
>> On 25.12.18 15:11, Samson wrote:
>>
>>
>> Hello everyone,
>>
>> I'm Samson-W, the "Captain" of the harbian-audit project in the
>> HardenedLinux community.
>>
>> Harbian-audit is a collection of two security deployment compliance
>> references to achieve STIG and CIS. After the release of v0.1
>> <https://github.com/hardenedlinux/harbian-audit/releases/tag/v0.1>,
>> community user testing gave some feedback and fixed some bugs.
>> HardenedLinux officially released harbian-audit in Christmas 2018. In the
>> v0.2.0
>> <https://github.com/hardenedlinux/harbian-audit/releases/tag/v0.2.0>
>> version, we have created an AMI cloud host image that satisfies the
>> security deployment of harbian-audit. Currently, users of three regions of
>> AWS (EU (Frankfurt), Asia Pacific (Tokyo), US East (Ohio)) can For free
>> use, we also provide QEMU images for private cloud users who are not
>> willing to use "SOMEONE else's computer". For those who can't trust
>> Hardened Linux community to make images, it doesn't matter. The Hardened
>> Linux community has published documentation on how to make AWS and QEMU
>> images and how to apply harbian auditing to cloud host images.
>> https://github.com/hardenedlinux/harbian-audit/tree/master/docs/complianced_image
>>
>>
>> AMI(Amazon Machine Image) Public
>>
>> The HardenedLinux community has created public AMI images for three
>> different regions.
>>
>> Destination region: US East(Ohio)
>> AMI ID: ami-0459b7f679f8941a4
>> AMI Name: harbian-audit complianced for Debian GNU/Linux 9
>>
>> Destination region: EU(Frankfurt)
>> AMI ID: ami-022f30970530a0c5b
>> AMI Name: harbian-audit complianced for Debian GNU/Linux 9
>>
>> Destination region: Asia Pacific(Tokyo)
>> AMI ID: ami-003de0c48c2711265
>> AMI Name: harbian-audit complianced for Debian GNU/Linux 9
>>
>>
>> Feel free to file a bug!
>>
>> Happy auditing!
>>
>> regards
>>
>>
