Linux security – LSAT

LSAT stands for Linux Security Auditing Tool.

as the man page states:

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be
added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions
other than Red Hat, and checks for kernel versions.

Output is in lsat.out. On subsequent runs, previous output is in lsat.old.

to run simply type in lsat

the lsat.out output file is a text file and contains information such as open ports, world readable/writable files and directories, recommendations on packages to uninstall and many more. I find this to be a very useful tool to run every few weeks to check and verify that everything is working as it should.

Example output:

****************************************
Please consider removing these packages.
bind9-host
libbind9-90
libnfsidmap2:amd64
rpcbind
webmin
****************************************
default init level is not set to 5. Good.
****************************************
Consider placing: auth.* /var/log/secure
 in your /etc/syslog.conf file.
****************************************
Consider placing: authpriv.* /var/log/secure
 in your /etc/syslog.conf file.
****************************************
The last 100 (or less) failed login attempts on the system

****************************************
This is a list of SUID files on the system:

****************************************
List of normal files in /dev. MAKEDEV is ok, but there
should be no other files:
***************************************
This is a list of world writable files
[.........]

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen − thirteen =

This site uses Akismet to reduce spam. Learn how your comment data is processed.