# SOX compliance



## bluetick (Dec 19, 2008)

I've been searching for an open source solution for Sarbanes-Oxley compliance. But weeding through the fluff on Google, I've not found a good method. Is anyone using freebsd for this?? And with what software setup?


----------



## anemos (Dec 19, 2008)

Hi bluetick,

Nice question but, by definition, I don't think that FreeBSD and open source in general will ever provide something related to the SOx.
If someone knows something that I don't, I am very interested in learning some details.


----------



## tingo (Dec 19, 2008)

I think you will have to write the checking / verifications scripts yourself (if nobody else have done that already). If you already have scripts to verify security settings they would be a good starting point.


----------



## brd@ (Dec 19, 2008)

You need to give more info about what in SOX you are trying to address. For example I have been working on this for PCI Compliance and we use RSA SecurID tokens to get the 2 factor authentication using the pam_radius module. I'm also in the midst of implementing Samhain/Beltane for file integrity monitoring across my architecture.


----------



## anemos (Dec 20, 2008)

brd@ said:
			
		

> ...and we use RSA SecurID tokens to get the 2 factor authentication using the pam_radius module.



In this case a SOx key control could be not that you used RSA token but how you manage those tokens as well as the RSA accounts.

BTW, do you know of any VPN client application using RSA Token that works on FreeBSD?


----------



## brd@ (Dec 20, 2008)

The client shouldn't matter.. cause the server is the part that has to facilitate the auth request. So any server that can do radius should work.


----------

