FAQ for LSAT
Q0) What does this thing do?
A0) See the homepage or the mirror page
for details.
----------------------------------------------------------------------------------
Q1) Why is it named LSAT, but at sourceforge I have to goto (and search for)
usat? (e.g. http://usat.sourceforge.net)
A1) This is due to the fact that when I tried to register LSAT (Linux Security
Auditing Tool) at sourceforge it was taken. Even though the project LSAT was
defunct at the time, sourceforge would not allow me to take it over, so I named
it Unix Security Auditing Tool on sourceforge and not Linux Security Auditing
Tool.
----------------------------------------------------------------------------------
Q2) Why are the releases moving up in number so quickly?
A2) The reason for the jump from 0.1.8 to 0.3.0 was security
related. LSAT went from 0.1.8 to 0.2.0 for a security fix, then
it was discovered that it was not fixed, and a critical bug existed.
That is the reason for the 0.2.0 to 0.3.0 jump. As for the latest
jumps, this is mainly due to the fact that it is moving along quickly.
There may have been some (behind the scenes) number increments also.
The goal is that at 0.5.0 the local system _should_ be pretty much
covered by LSAT, and LSAT will move into cheking more network
releated services.
----------------------------------------------------------------------------------
Q3) What is needed to run LSAT?
A3) At present you need a unix machine and a C compiler.
This software is developed on a linux box (RedHat 9.0 + gcc).
The real dependency is popt-devel, for command line parsing.
Some distros (Suse desktop, Makdrake desktop) do not include it
by default. It can be picked up here...
Mandrake rpm
Suse 8.2 rpm
Or just search rpmfind for popt-devel.
It should compile and work on Solaris and Mac OSX also.
It has been known to work on Debian, RedHat 5.0-9.0, redmond linux,
mandrake and others. Provisions are in the modules for determining i
the machine it is on, so it should be ok on most distros.
Note that a number of distributions contain lsat as a prepackaged
binary in the repositories. For example, on RedHat based distributions
you can obtain lsat with yum install lsat. On Debian it is apt-get
install lsat. On gentoo it is emerge lsat. However, they may not be
at the latest version. Check the version number against what is at
http://www.dimlight.org/lsat or http://usat.sourceforge.net
----------------------------------------------------------------------------------
Q4) I found a security flaw or something LSAT does not check for,
what do I do now?
A4) Fix it? :) email it to me or track it down (if you like).
Bug reports are nice. As far as LSAT not checking for something,
if it does not check for something it is supposed to check
for, email me. This _is_ beta and I _am_ trying to incorporate more
into it. Your input is needed however, so feel free to email with
suggestions that are not on the TODO list (see the homepage).
----------------------------------------------------------------------------------
Q5) I want to help out, how do I?
A5) Send me some email, or if you make a module and want to release
it just mail it in and I will look it over.
The best help right now is suggestions on security checks.
If you want to write your own modules go for it, but please
see the readme.modules for more infomation. It has a good
introduction to writing modules.
----------------------------------------------------------------------------------
Q6) LSAT tells me there are things to check/do/worry about, but
I am unsure as to how critical it is...
A6) Personally I (try to) consider everything critical. A web page
with links to specific articles/reports/howtos on the things that
LSAT checks for is in the works. For now, see the securitylinks.txt
file that is in the distribution as a good source of information.
----------------------------------------------------------------------------------
Q7) LSAT seems to hang while running the checkmd5 module, what gives?
A7) This module is "broken" under some linux distros, namely RedHat
and some others, it depends. The problem is with md5sum reading files
that can not be normally read. Who is really at fault is up for debate,
but for now I have disabled checkmd5sum from checking /proc and /dev.
I will try to fix the md5sum itself or just leave the kludge, I am
still debating this one.
----------------------------------------------------------------------------------
Q8) How can I exclude some checks in LSAT?
A8) This is done with the -x [filename] option/switch/whathaveyou.
You can exclude as many as you like by putting the name of the module
(without the check) in a file (given to the -x option) that is
comma, space or newline delimited. See the included README for a more
detailed explination of this option. Also check the advanced help
with the -a command line switch.
----------------------------------------------------------------------------------
Q9) How do I add something to this FAQ or ask a question?
A9) Email me. number9 at dimlight dot org
----------------------------------------------------------------------------------
Page last updated 06/20/2012