Man Linux: Main Page and Category List


       lsat - a security auditing tool


       lsat  [OPTION]


       Linux Security Auditing Tool (LSAT) is a post install security auditing
       tool. It is modular in design, so new features can be added quickly. It
       checks inetd entries and scans for unneeded RPM packages. It is being
       expanded to work with Linux distributions other than Red Hat, and
       checks for kernel versions.

       Output is in lsat.out.  On subsequent runs, previous output is in


               diff current and old md5 runs, output in lsatmd5.diff

       -m <distribution>      Force a specific distribution test      Names
       are: redhat, debian, mandrake, solaris, gentoo

       -h      Show LSAT help

               Show LSAT advanced help

       -o <filename>      Output filename, default is last.out

       -r      Check rpm integrity. RedHat or Mandrake only.

       -s      Be silent. No output at all.

       -x <filename>
               Filename is a text file consisting of modules to
               exclude from being run. This should be a comma,
               tab or newline delimited file, with just the name(s)
               below one wishes to exclude.
               Module names (with a small description) are:

               bpass           check for bootloader passwd
               cfg             check runlevel daemons (redhat)
               dotfiles        check for dotfiles
               files           check for sticky bits, etc
               forward         check for network forwarding
               ftpusers        check ftpusers file for bad entries
               inetd           check for unneeded services
               inittab         check runlevel, etc.
               ipv4            check for other things in ipv4
               issue           check issue banner
               kbd             check kbd/login perms
               limits          check limits file
               logging         check for enough logging
               md5             perform md5 of all files on sys
               modules         check for loadable kern mod.
               net             check network
               open            check open files
               passwd          check passwd file for bad entries
               perms           check permissions on files
               pkgs            check for unwanted packages
               promisc         are we in promisc mode?
               rc              check for unwanted rc files
               rpm             perform rpm integrity check
               securetty       check secure tty
               set             check for SUID files
               ssh             check ssh config
               startx          check for tcp listening in X
               umask           check default umask
               write           check world read/write files
               www             output in html

       -v      Be verbose about it.

               Output file is in html format.


       Current modules are checkbpass, checkdotfiles, checkfiles,
       checkftpusers, checkhostsfiles, checkinetd, checkipv4, checkissue,
       checkkbd, checklimits, checkmodule, checkmd5, checknet,
       checknetforward, checknetp,  checkopenfiles, checkpasswd, checkperms,
       checkpkgs, checkrc, checkrpm, checksecuretty, checkset, checkssh,
       checkumask, checkwrite and checkwww. A breif description is included in
       each module.  Writing a module is fairly easy and straightforward.  See
       README.modules for more information.


       This software is licensed under the GNU/GPL, please see for more details.


       Doesn’t correct the problems that it discovers (yet).  Running on
       Solaris is not fully functional.


       Robert Minvielle <number9 at www dot dimlight dot org> If that fails,
       <triode at users dot sourceforge dot net>