lsat

Langue: en

Version: 2008-05-04 (debian - 07/07/09)

Section: 1 (Commandes utilisateur)

NAME

lsat - a security auditing tool

SYNOPSIS

lsat [OPTION]

DESCRIPTION

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.

Output is in lsat.out. On subsequent runs, previous output is in lsat.old.

OPTIONS

-d
        diff current and old md5 runs, output in lsatmd5.diff

-m <distribution>         Force a specific distribution test
        Names are: redhat, debian, mandrake, solaris, gentoo

-h         Show LSAT help

-a
        Show LSAT advanced help

-o <filename>         Output filename, default is last.out

-r         Check rpm integrity. RedHat or Mandrake only.

-s         Be silent. No output at all.

-x <filename>
        Filename is a text file consisting of modules to
        exclude from being run. This should be a comma,
        tab or newline delimited file, with just the name(s)
        below one wishes to exclude.
        Module names (with a small description) are:

         bpass           check for bootloader passwd
         cfg             check runlevel daemons (redhat) 
         dotfiles        check for dotfiles
         files           check for sticky bits, etc
         forward         check for network forwarding
         ftpusers        check ftpusers file for bad entries
         inetd           check for unneeded services
         inittab         check runlevel, etc.
         ipv4            check for other things in ipv4
         issue           check issue banner
         kbd             check kbd/login perms
         limits          check limits file
         logging         check for enough logging
         md5             perform md5 of all files on sys
         modules         check for loadable kern mod.
         net             check network
         open            check open files
         passwd          check passwd file for bad entries
         perms           check permissions on files
         pkgs            check for unwanted packages
         promisc         are we in promisc mode?
         rc              check for unwanted rc files
         rpm             perform rpm integrity check
         securetty       check secure tty
         set             check for SUID files
         ssh             check ssh config
         startx          check for tcp listening in X
         umask           check default umask
         write           check world read/write files
         www             output in html
 
 

-v         Be verbose about it.

-w
        Output file is in html format.

MODULES

Current modules are checkbpass, checkdotfiles, checkfiles, checkftpusers, checkhostsfiles, checkinetd, checkipv4, checkissue, checkkbd, checklimits, checkmodule, checkmd5, checknet, checknetforward, checknetp, checkopenfiles, checkpasswd, checkperms, checkpkgs, checkrc, checkrpm, checksecuretty, checkset, checkssh, checkumask, checkwrite and checkwww. A breif description is included in each module. Writing a module is fairly easy and straightforward. See README.modules for more information.

LICENSE

This software is licensed under the GNU/GPL, please see http://www.gnu.org for more details.

BUGS

Doesn't correct the problems that it discovers (yet). Running on Solaris is not fully functional.

AUTHOR

Robert Minvielle <number9 at www dot dimlight dot org> If that fails, <triode at users dot sourceforge dot net>