Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
It (for now) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X).
You can also check out tools like:
– Lynis v1.6.0 Released For Download – Linux Security Auditing Tool
– Tiger – Unix Security Audit & Intrusion Detection Tool
– unix-privesc-check – Unix/Linux User Privilege Escalation Scanner
Modules/Features
- checkbp: Checks for boot loader password.
- checkcfg: This module is performed last
- checkdotfiles: Looks for .forward, .exrc, .rhosts and .netrc files on the system.
- checkfiles: Checks that /tmp and /var/tmp have sitcky bit set, checks utmp, wtmp, motd, mtab for chmod 644.
- checkftpusers: Checks that all accounts in /etc/passwd are in /etc/ftpusers.
- checkhostsfiles: Reads /etc/hosts.allow and /etc/hosts.deny files
- checkinetd: Checks either /etc/inetd.conf or /etc/xinetd.d/*
- checkinittab: Checks to see if default runlevel is 5. If it is, give the user a warning.
- checkipv4: Checks to see that common forwarding and ignoring are off/on in ipv4.
- checklimits: Performs simple check of limits.conf file
- checklogging: Performs a simple check to see if auth and authpriv logging facilities are on.
- checkmd5: Performs md5sum on all regular files on the system and saves in lsatmd5.out
- checknetforward: Checks that ipv4 forwarding is disabled under linux
- checkopenfiles: Checks all open files on the system using lsof (if installed)
- checkpasswd: Checks /etc/passwd for unneeded accounts.
- checkpkgs: Checks list of packages (rpms, debs) installed on the system.
- checksecuretty: Check to see if ttys other than tty[1-6] are in /etc/securetty
- checkset: Checks system for all setuid/setgid files.
- checkssh: Check some security features of ssh for instance: root logins, X11 forwarding and the like.
- checkumask: Checks that the default umask on the system is sensible.
- checkwrite: Checks system for world writable files.
- checklistening: Checks for applications listening. This is an “extra” test
Usage
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
./lsat [OPTIONS] Options: -d diff current and old md5, output in lsatmd5.diff -f Force a specific distribution test. Distro names are: redhat debian mandrake solaris gentoo macosx If no -f option, lsat will guess. If lsat can not guess the distribution, default is redhat. -a Show this (advanced) help page -o Output file name -- default is lsat.out -r Check rpm integrity -- redhat or mandrake only -s Silent mode -v Verbose output -w Output file in html format -x eXclude module(s) in filelist from checks... modules listed in filename will be excluded from checks. Valid module names are the module names themselves without the check. (e.g. set not checkset) the check. |
You can download LSAT here:
lsat-0.9.8.2.zip
Or read more here.
fakeman says
why is the link to the website:
“Or read more here.”
sign as broken_link?
Darknet says
Sourceforge was having some issues last night so it wasn’t always responding with a successful HTTP code, so the link was marked as broken. It should be ok now.