Linux Security Auditing Tool
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It has been tested on Linux (Gentoo, Red Hat, Debian, etc.) and Solaris (SunOS 2.x).
| Tags | Systems Administration |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux Solaris Mac OS X |
| Implementation | C |
Recent releases
- 04 May 2008 14:11
Changes: This release adds an extra limits check on resource limits, a Redhat/Fedora specific check in checkcfg, and checking for strict mode in SSH config. It fixes a few small output errors.
- 20 May 2007 19:51
Changes: The dependency on the popt library has been removed. This release adds extra passwd and group checks under Linux, a check for failed logins under Linux/Solaris, a check for kernel modules under Solaris, network interface stats, and routing checks. It fixes a problem in checknetforward giving false positives, and an issue where verbose output was not very consistent. The kernel module check under Linux has been modified.
- 28 Apr 2007 12:30
Changes: Headers were missing from a number of modules, and checkrc was not working under Linux kernel 2.6 and gentoo. A possible symlink attack in various modules and notes in modules writing instructions were fixed. The checkinit module returning false positive under gentoo was fixed. checknet was changed to reflect a network promiscuity change under the Linux 2.6 kernel. The behavior of checkopenfiles was changed, as it would not catch some open files. More checking was added to the checkdotfiles module. Various typos and formatting errors were fixed.
- 16 Sep 2006 13:53
Changes: Explicit CentOS, CaOS, and Fedora Core checks were added. Changes were made in the umask module. More sys exclusions were added for find in md5. The openfiles module was sped up. Checks for listening applications were added. Small problems in the checkx module were resolved.
- 09 Oct 2005 00:03
Changes: An error in checkwww under Slackware and an error in checkhostfiles under Solaris were fixed. Typos in checkinittab.c were fixed. General code cleanup was done.
- All comments
Recent commentsRe: Thorough program
Thanks for the input. The securitylinks.txt file has been
updated to reflect this, and also the output of
LSAT has been changed to make note of this. It should also be more careful about system account checks now. Additionally, the httpd checking error should be resolved. These notes apply to lsat-0.6.7.
Thorough program
Thourough program - full check.
But be careful taking the advice of the output file as it may lead to rendering your machine unbootable. Example - it suggested I delete users sashroot, sys and uucp. I deleted sashroot (since root, also user 0 was a duplicate) and uucp. But had I deleted sys, my entire /dev folder and contents would have been toast!
It also made an error by saying Apache was being run as root. Apache isn't even installed on my system.
Other that those two, I give it a 7, as it seems quite useful :-)