This is the README file for LSAT (Linux Security Auditing Tool)

NOTE: This is still BETA software and should be treated as such.
--------------------------------------------------------------------------------
Hoempage:

The homepage for lsat is http://www.dimlight.org/~number9/lsat

--------------------------------------------------------------------------------
About: 

Linux Security Auditing Tool (LSAT) is a post install security 
auditing tool. It is modular in design, so new features can be added 
quickly. It checks inetd entries and scans for unneeded RPM packages. 
It is being expanded to work with Linux distributions other than Red Hat, 
and checks for kernel versions. 
--------------------------------------------------------------------------------
Changes:

See changelog/changelog.html for changes.
--------------------------------------------------------------------------------
Current working systems:

LSAT currently compiles and works under RedHat 6.x systems. It should
compile and run under RedHat 7.x systems, but the xinetd.d functionality
in checkinetd.c is not yet implemented for 7.x. This should be soon.

The goal is to have it work under many *NIX systems, including but not
limited to Solaris, Debian, RedHat (and derivatives), FreeBSD etc.
--------------------------------------------------------------------------------
Compilation: See Makefile or just do a:

make

in the lsat-<version> directory.
--------------------------------------------------------------------------------
Running:

To run the program:

./lsatmain

This may take some time on older systems as it (at some point in time) does
an rpm -qa while checking installed packages. It also checks all SETUID and
SETGID files on the system. On a system more "modern" than mine (30Mhz) it
should not take long.

The output is in the file in the directory where lsatmain was run and 
should be called lsat.out. If you have previously run lsatmain then the
previous output will be moved to lsat.old. This is so that you may check
your imcremental security improvements to the system.

--------------------------------------------------------------------------------
Modules:

Currently there are only three (checkinetd checkset checkrpms) and there
is a breif description of what they do in each one. All modules are called
from lsatmain, and may or may not have function parameters passed to them.
At this point in time the function parameters may consist of the kernel
version, redhat-release and the output file. This should be changed in the
near future (before this error gets out of hand) such that the kernel
version also includes the system type (linux, SunOS, etc).
Writing a module is fairly easy and straigtforward. See one of the 
current modules for details.
Note: modules should be returning more info than they are now. Not
necessarily in terms of output, but in terms of return value and
success/failure. I will fix this shortly.
--------------------------------------------------------------------------------
License:

This software is licensed under the GNU/GPL, please see http://www.gnu.org
for more detals.
--------------------------------------------------------------------------------
Contact:

I am number9. Sometimes known as Triode. You may reach me at

number9@www.dimlight.org
--------------------------------------------------------------------------------
Donations:

The machine this is being tested on is incredibly slow. (really, sparc 10
with a SM30, 64megs and a 3700rpm scsi drive) 
OTOH:
I have an entire machine (enlight ATX case/power supply/cd/hard drive/
scsi controller/nic/RAM/floppy/video/fan-heatsink for the cpu)
but alas the mobo/cpu that was in it died (very odd). If someone wants
to sell (really cheap) a PII/PIII mobo/cpu combo (ATX that accepts DIMMS) 
or just give it to me, let me know :)
--------------------------------------------------------------------------------
