Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
It (for now) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X).
You can also check out tools like:
- checkbp: Checks for boot loader password.
- checkcfg: This module is performed last
- checkdotfiles: Looks for .forward, .exrc, .rhosts and .netrc files on the system.
- checkfiles: Checks that /tmp and /var/tmp have sitcky bit set, checks utmp, wtmp, motd, mtab for chmod 644.
- checkftpusers: Checks that all accounts in /etc/passwd are in /etc/ftpusers.
- checkhostsfiles: Reads /etc/hosts.allow and /etc/hosts.deny files
- checkinetd: Checks either /etc/inetd.conf or /etc/xinetd.d/*
- checkinittab: Checks to see if default runlevel is 5. If it is, give the user a warning.
- checkipv4: Checks to see that common forwarding and ignoring are off/on in ipv4.
- checklimits: Performs simple check of limits.conf file
- checklogging: Performs a simple check to see if auth and authpriv logging facilities are on.
- checkmd5: Performs md5sum on all regular files on the system and saves in lsatmd5.out
- checknetforward: Checks that ipv4 forwarding is disabled under linux
- checkopenfiles: Checks all open files on the system using lsof (if installed)
- checkpasswd: Checks /etc/passwd for unneeded accounts.
- checkpkgs: Checks list of packages (rpms, debs) installed on the system.
- checksecuretty: Check to see if ttys other than tty[1-6] are in /etc/securetty
- checkset: Checks system for all setuid/setgid files.
- checkssh: Check some security features of ssh for instance: root logins, X11 forwarding and the like.
- checkumask: Checks that the default umask on the system is sensible.
- checkwrite: Checks system for world writable files.
- checklistening: Checks for applications listening. This is an “extra” test
-d diff current and old md5, output in lsatmd5.diff
-f Force a specific distribution test. Distro names are:
If no -f option, lsat will guess. If lsat can
not guess the distribution, default is redhat.
-a Show this (advanced) help page
-o Output file name -- default is lsat.out
-r Check rpm integrity -- redhat or mandrake only
-s Silent mode
-v Verbose output
-w Output file in html format
-x eXclude module(s) in filelist from checks...
modules listed in filename will be excluded
from checks. Valid module names are the module
names themselves without the check.
(e.g. set not checkset) the check.
You can download LSAT here:
Or read more here.