LSAT(1) 						User Contributed LSAT Documentation						   LSAT(1)

NAME

       lsat - a security auditing tool

SYNOPSIS

       lsat  [OPTION]

DESCRIPTION

       Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added
       quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red
       Hat, and checks for kernel versions.

       Output is in lsat.out.  On subsequent runs, previous output is in lsat.old.

OPTIONS

       -d
	       diff current and old md5 runs, output in lsatmd5.diff

       -m <distribution>      Force a specific distribution test      Names are: redhat, debian, mandrake, solaris, gentoo

       -h      Show LSAT help

       -a
	       Show LSAT advanced help

       -o <filename>	  Output filename, default is last.out

       -r      Check rpm integrity. RedHat or Mandrake only.

       -s      Be silent. No output at all.

       -x <filename>
	       Filename is a text file consisting of modules to
	       exclude from being run. This should be a comma,
	       tab or newline delimited file, with just the name(s)
	       below one wishes to exclude.
	       Module names (with a small description) are:

	       bpass	       check for bootloader passwd
	       cfg	       check runlevel daemons (redhat)
	       dotfiles        check for dotfiles
	       files	       check for sticky bits, etc
	       forward	       check for network forwarding
	       ftpusers        check ftpusers file for bad entries
	       inetd	       check for unneeded services
	       inittab	       check runlevel, etc.
	       ipv4	       check for other things in ipv4
	       issue	       check issue banner
	       kbd	       check kbd/login perms
	       limits	       check limits file
	       logging	       check for enough logging
	       md5	       perform md5 of all files on sys
	       modules	       check for loadable kern mod.
	       net	       check network
	       open	       check open files
	       passwd	       check passwd file for bad entries
	       perms	       check permissions on files
	       pkgs	       check for unwanted packages
	       promisc	       are we in promisc mode?
	       rc	       check for unwanted rc files
	       rpm	       perform rpm integrity check
	       securetty       check secure tty
	       set	       check for SUID files
	       ssh	       check ssh config
	       startx	       check for tcp listening in X
	       umask	       check default umask
	       write	       check world read/write files
	       www	       output in html

       -v      Be verbose about it.

       -w
	       Output file is in html format.

MODULES

       Current modules are checkbpass, checkdotfiles, checkfiles, checkftpusers, checkhostsfiles, checkinetd, checkipv4, checkissue, checkkbd,
       checklimits, checkmodule, checkmd5, checknet, checknetforward, checknetp,  checkopenfiles, checkpasswd, checkperms, checkpkgs, checkrc,
       checkrpm, checksecuretty, checkset, checkssh, checkumask, checkwrite and checkwww. A breif description is included in each module.  Writing
       a module is fairly easy and straightforward.  See README.modules for more information.

LICENSE

       This software is licensed under the GNU/GPL, please see http://www.gnu.org for more details.

BUGS

       Doesn't correct the problems that it discovers (yet).  Running on Solaris is not fully functional.

AUTHOR

       Robert Minvielle <number9 at www dot dimlight dot org> If that fails, <triode at users dot sourceforge dot net>

perl v5.10.0							    2008-05-04								   LSAT(1)