Hi, Elmar: The system components involved in the security auditing and hardening of the harbian-audit project are reflected in the following two documents:
https://github.com/hardenedlinux/harbian-audit/blob/master/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd https://github.com/hardenedlinux/harbian-audit/blob/master/docs/CIS_Debian_Linux_8_Benchmark_v1.0.0.pdf For more related introductions, please see: https://github.com/hardenedlinux/harbian-audit/blob/master/README.md On Wed, 26 Dec 2018 at 23:36, Elmar Stellnberger <estel...@gmail.com> wrote: > Is there a good introduction about Harbian (or Harbian-Audit) which would > mention which system components have been changed? > On 26.12.18 15:48, Samson wrote: > > Hi, Elmar: > Are you talking about harbian-audit( > https://github.com/hardenedlinux/harbian-audit) or harbian ( > https://github.com/harbian)? > > The harbian-audit project is based on CIS ( > https://www.cisecurity.org/cis-benchmarks/) and STIG ( > https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx) These two > security deployment compliance reference implementation collections. It not > only has the function of auditing, but also has the function of > automatically repairing threat items. please see: > https://github.com/hardenedlinux/harbian-audit > > The harbian project is mainly based on Debian GNU/Linux for security > hardening related package customization and system customization. The > default GNU/Linux distribution used by HardenedLinux is Debian, so our > security hardening is based on Debian. In the context of the HardenedLinux > community, Harbian is an acronym for Hardened Debian GNU/Linux, but it is > currently not released for harbian. > > > regards > > > On Wed, 26 Dec 2018 at 00:54, Elmar Stellnberger <estel...@gmail.com> > wrote: > >> Can anyone tell what kind of program harbian is? >> On 25.12.18 15:11, Samson wrote: >> >> >> Hello everyone, >> >> I'm Samson-W, the "Captain" of the harbian-audit project in the >> HardenedLinux community. >> >> Harbian-audit is a collection of two security deployment compliance >> references to achieve STIG and CIS. After the release of v0.1 >> <https://github.com/hardenedlinux/harbian-audit/releases/tag/v0.1>, >> community user testing gave some feedback and fixed some bugs. >> HardenedLinux officially released harbian-audit in Christmas 2018. In the >> v0.2.0 >> <https://github.com/hardenedlinux/harbian-audit/releases/tag/v0.2.0> >> version, we have created an AMI cloud host image that satisfies the >> security deployment of harbian-audit. Currently, users of three regions of >> AWS (EU (Frankfurt), Asia Pacific (Tokyo), US East (Ohio)) can For free >> use, we also provide QEMU images for private cloud users who are not >> willing to use "SOMEONE else's computer". For those who can't trust >> Hardened Linux community to make images, it doesn't matter. The Hardened >> Linux community has published documentation on how to make AWS and QEMU >> images and how to apply harbian auditing to cloud host images. >> https://github.com/hardenedlinux/harbian-audit/tree/master/docs/complianced_image >> >> >> AMI(Amazon Machine Image) Public >> >> The HardenedLinux community has created public AMI images for three >> different regions. >> >> Destination region: US East(Ohio) >> AMI ID: ami-0459b7f679f8941a4 >> AMI Name: harbian-audit complianced for Debian GNU/Linux 9 >> >> Destination region: EU(Frankfurt) >> AMI ID: ami-022f30970530a0c5b >> AMI Name: harbian-audit complianced for Debian GNU/Linux 9 >> >> Destination region: Asia Pacific(Tokyo) >> AMI ID: ami-003de0c48c2711265 >> AMI Name: harbian-audit complianced for Debian GNU/Linux 9 >> >> >> Feel free to file a bug! >> >> Happy auditing! >> >> regards >> >>