June 4, 2010 · Security · Email This Post

Sponsored Link
The Linux Security Auditing Tool (LSAT) is a post install security auditor for Linux/Unix. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed.

Install LSAT in Ubuntu

sudo apt-get install lsat

Open the terminal and run lsat with the following options for test

Available options

-d  diff current and old md5 runs, output in lsatmd5.diff

-m <distribution>      Force a specific distribution test      Names
are: redhat, debian, mandrake, solaris, gentoo

-h      Show LSAT help

-a Show LSAT advanced help

-o <filename>      Output filename, default is last.out

-r      Check rpm integrity. RedHat or Mandrake only.

-s      Be silent. No output at all.

-x <filename>
Filename is a text file consisting of modules to
exclude from being run. This should be a comma,
tab or newline delimited file, with just the name(s)
below one wishes to exclude.
Module names (with a small description) are:

bpass           check for bootloader passwd
cfg             check runlevel daemons (redhat)
dotfiles        check for dotfiles
files           check for sticky bits, etc
forward         check for network forwarding
ftpusers        check ftpusers file for bad entries
inetd           check for unneeded services
inittab         check runlevel, etc.
ipv4            check for other things in ipv4
issue           check issue banner
kbd             check kbd/login perms
limits          check limits file
logging         check for enough logging
md5             perform md5 of all files on sys
modules         check for loadable kern mod.
net             check network
open            check open files
passwd          check passwd file for bad entries
perms           check permissions on files
pkgs            check for unwanted packages
promisc         are we in promisc mode?
rc              check for unwanted rc files
rpm             perform rpm integrity check
securetty       check secure tty
set             check for SUID files
ssh             check ssh config
startx          check for tcp listening in X
umask           check default umask
write           check world read/write files
www             output in html

-v      Be verbose about it.

-w Output file is in html format.

Sponsored Link

Incoming search terms:

Related posts

7 Comments to “Linux Security Auditing Tool (LSAT) – Post install security auditing tool”

  1. Mark_in_Hollywood says:

    Would the md5module run a long, long time?

    [Reply]

  2. Mark_in_Hollywood says:

    As LSAT ran to see: md5module it took about 25 minutes. Whew! Terminal returned:

    mark@Lexington-19-Karmic:~$ lsat -d -m debian
    Starting LSAT…
    Getting system information…
    Running modules…
    Running checkpkgs module…
    Running checkinetd module…
    Running checkhostsfiles module…
    Running checkinittab module…
    Running checklogging module…
    Running checkset module…
    Running checkwrite module…
    Running checkdotfiles module…
    Running checkpasswd module…
    Running checkfiles module…
    Running checkumask module…
    Running checkftpusers module…
    Running checkrc module…
    Running checkkbd module…
    Running checklimits module…
    Running checkssh module…
    Running checkopenfiles module…
    Running checkissue module…
    Running checkwww module…
    Running checkmd5 module…
    Running checkmodules module…
    Running checksecuretty module…
    Running checkrcperms module…
    find: `/etc/rc.d/init.d/’: No such file or directory
    Running checknet module…
    Running checknetforward module…
    Running checknetpromisc module…
    Running checkbpass module…
    Running checkipv4 module…
    Running checkx module…
    Running checkftp module…
    Running checklistening module…
    Running checkdisk module…
    Finished.
    Check lsat.out for details.
    Don’t forget to check your umask or file perms
    when modifying files on the system.

    [Reply]

  3. riddler says:

    seems like this package was last updated in 2008… Wonder if that presents any issues… Was the output useful, Mark_in_Hollywood?

    [Reply]

  4. riddler says:

    bueller? anybody?

    [Reply]

  5. Mark_in_Hollywood says:

    A file was written (doh!-I’ve lost track of the name) and it said, delete, these: xxx, yyy, zzz and pretty much everything else was OK, as it. I have not followed it’s instructions just yet. I found myself with the grub> rescue prompt and have been struggling with fixing that.

    I apologize for taking so long to get back here.

    Thanks, Linux community.

    [Reply]

  6. riddler says:

    ah yes, bad grub file – only makes you go white the first time. Thanks for the info!

    Yes, I 2nd that: Linux community is AWESOME!!!

    [Reply]

  7. anne says:

    I have a problem with the following…

    Finished in checkwww module.
    Running checkmd5 module…
    Error opening tempfile for read!
    : No such file or directory
    Creation of list failed.
    : No such file or directory
    Problem in checkmd5 module.
    : No such file or directory
    You should have seen errors…
    : No such file or directory

    this is the output from lsat, I have no idea how to fix the checkmd5 module. Something also tells me that lsat did not finish here. Is there something I am supposed to do to fix this issue?

    Thank you.

    [Reply]

Leave a Reply