DESCRIPTIONLinux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
Output is in lsat.out. On subsequent runs, previous output is in lsat.old.
diff current and old md5 runs, output in lsatmd5.diff
Force a specific distribution test
Names are: redhat, debian, mandrake, solaris, gentoo
Show LSAT help
Show LSAT advanced help
Output filename, default is last.out
Check rpm integrity. RedHat or Mandrake only.
Be silent. No output at all.
Filename is a text file consisting of modules to
exclude from being run. This should be a comma,
tab or newline delimited file, with just the name(s)
below one wishes to exclude.
Module names (with a small description) are:
bpass check for bootloader passwd cfg check runlevel daemons (redhat) dotfiles check for dotfiles files check for sticky bits, etc forward check for network forwarding ftpusers check ftpusers file for bad entries inetd check for unneeded services inittab check runlevel, etc. ipv4 check for other things in ipv4 issue check issue banner kbd check kbd/login perms limits check limits file logging check for enough logging md5 perform md5 of all files on sys modules check for loadable kern mod. net check network open check open files passwd check passwd file for bad entries perms check permissions on files pkgs check for unwanted packages promisc are we in promisc mode? rc check for unwanted rc files rpm perform rpm integrity check securetty check secure tty set check for SUID files ssh check ssh config startx check for tcp listening in X umask check default umask write check world read/write files www output in html
Be verbose about it.
Output file is in html format.
MODULESCurrent modules are checkbpass, checkdotfiles, checkfiles, checkftpusers, checkhostsfiles, checkinetd, checkipv4, checkissue, checkkbd, checklimits, checkmodule, checkmd5, checknet, checknetforward, checknetp, checkopenfiles, checkpasswd, checkperms, checkpkgs, checkrc, checkrpm, checksecuretty, checkset, checkssh, checkumask, checkwrite and checkwww. A breif description is included in each module. Writing a module is fairly easy and straightforward. See README.modules for more information.
LICENSEThis software is licensed under the GNU/GPL, please see http://www.gnu.org for more details.
BUGSDoesn't correct the problems that it discovers (yet). Running on Solaris is not fully functional.
AUTHORRobert Minvielle <number9 at www dot dimlight dot org> If that fails, <triode at users dot sourceforge dot net>