Section 15.2 The SARA and SAINT Security Auditors

15.2 The SARA and SAINT Security Auditors

The SARA Security Auditor is a new tool based on SATAN and SAINT. SAINT is also based on SATAN. SARA and SAINT have diverged; both will continue to be enhanced in a timely fashion and continuously updated as new exploits are discovered, sometimes before these exploits become common knowledge. SARA finds security holes in your systems before the crackers do; they will be using the same tools! Get SARA from

www-arc.com/sara/

Also, they offer a mailing list that you may subscribe to thusly:

 echo subscribe sara-l | Mail -s subscribe list@mail-arc.com 

SAINT, too, is worth taking a look at. It scans your network, looking for vulnerabilities, including old versions of various servers that contain known security bugs. It will detect whether any of your systems have versions of WU-FTP, sendmail, or named (DNS) that have remotely exploitable security bugs. Recall that on otherwise well-secured Linux systems, crackers break into more Linux systems (and UNIX systems) by taking advantage of bugs in these services. SAINT tests for all the SANS top 10 vulnerabilities on the Internet that apply to Linux and UNIX.

SAINT may be obtained from the CD-ROM or downloaded from

www.wwdsi.com/saint/

Although the downloads are free, they also offer a Web-based version of SAINT. For a fee, they will scan one of your systems or your whole network and issue a report to you. Besides finding systems with vulnerabilities, this will test how well your firewall is doing its job. The nmap program, too, offers a similar capability. The SANS top 10 vulnerabilities can, and should, be viewed from

www.sans.org/topten.htm