✨ deeznutz

✨ Master ✨
Staff member
May 15, 2017
Linux Security Audit Tool (LSAT) is a post-installation security audit tool.

It has a modular design, so you can quickly add new features.

It checks inetd entries and scans unnecessary RPM packages.

It expands to work with Linux distributions other than Red Hat and checks kernel versions.

(Currently) works under Linux (x86: Gentoo, RedHat, Debian, Mandrake; Sparc: SunOS (2.x), Redhat sparc, Mandrake Sparc; Apple OS X).

Modules / Features
  • checkbp: Checks the password for the bootloader.
  • checkcfg: this module is executed last
  • checkdotfiles: looks for .forward, .exrc, .rhosts, and .netrc files on the system.
  • checkfiles: checks that / tmp and / var / tmp have the sitcky bit set, checks utmp, wtmp, motd, mtab for chmod 644.
  • checkftpusers: Verifies that all accounts in / etc / passwd are in / etc / ftpusers.
  • checkhostsfiles: reads the /etc/hosts.allow and /etc/hosts.deny files
  • checkinetd: checks either /etc/inetd.conf or /etc/xinetd.d/*
  • checkinittab: checks whether the launch level is equal to the default of 5. If so, alert the user.
  • checkipv4: Checks that normal forwarding and ignoring are disabled / enabled in ipv4.
  • checklimits: performs a simple check of the limit.conf file
  • checklogging: performs a simple check to see if the auth and authpriv logging tools are enabled.
  • checkmd5: performs md5sum for all regular files in the system and saves to lsatmd5.out
  • checknetforward: verifies that ipv4 forwarding is disabled under linux
  • checkopenfiles: checks all open files on the system using lsof (if installed)
  • checkpasswd: checks / etc / passwd for unwanted accounts.
  • checkpkgs: checks the list of packages (rpms, debs) installed on the system.
  • checksecuretty: check if ttys are other than tty [1-6] in / etc / securetty
  • checkset: checks the system for all setuid / setgid files.
  • checkssh: check some ssh security features, for example: root accounts, X11 redirection, etc.
  • checkumask: Checks whether it is reasonable to use the default umask on the system.
  • checkwrite: checks the system for files available for writing.
  • checklistening: check for listening to applications. This is an “extra” test.
  • checkset: Checks system for all setuid/setgid files.
  • checkssh: Check some security features of ssh for instance: root logins, X11 forwarding and the like.
  • checkumask: Checks that the default umask on the system is sensible.
  • checkwrite: Checks system for world writable files.
  • checklistening: Checks for applications listening. This is an “extra” test

./lsat [OPTIONS]


—d diff current and old md5, output in lsatmd5.diff
—f Force a specific distribution test. Distro names are:
If no —f option, lsat will guess. If lsat can
not guess the distribution, default is redhat.
—a Show this (advanced) help page
—o Output file name — default is lsat.out
—r Check rpm integrity — redhat or mandrake only
—s Silent mode
—v Verbose output
—w Output file in html format
—x eXclude module(s) in filelist from checks...
modules listed in filename will be excluded
from checks. Valid module names are the module
names themselves without the check.
(e.g. set not checkset) the check.
Top Bottom