LinuxSA - HowTo
    logo by W.David Ashley

Introduction

LinuxSA can perform a read-only assessment of a running Linux system and then provide a report of the findings. The assessment can be made on the local system where LinuxSA is installed or a remote system over the network via SSH. The assessment queries the target system for vulnerabilities in many ways including looking for installed/running services, vulnerable file permissions, user and group problems, and many other items.

Once the assessment has been completed a report can be produced which groups the queries together and provides recommendations which the system administrator can use to implement the necessary policy for the system. By design, LinuxSA does not implement a policy on an assessed system. LinuxSA never modifies the target system in any way.

Security policies can vary widely from company to company and even between systems. It is not really possible to implement an automated security policy that would satisfy a large number of systems. So LinuxSA does not ever try to implement a security policy. That job is left to the system administrator. But it is hoped that the report output of the LinuxSA assessment can provide the administrator with a check list of things that may need to be adjusted to implement the security policy for the assessed system.

Getting and Installing LinuxSA

A Python interpreter is required to run LinuxSA. You can use any version of Python >= 2.7. For a Linux distribution it is recommended that you install the latest RPM/DEB package that is available for your distribution. For a Windows system you can download Python from https://www.python.org/downloads/.

There are two ways of obtaining the LinuxSA code and XML files that make up LinuxSA. Both methods utilize SourceForge as the source for the code.

The first method can provide you with a specific recommended release of LinuxSA. Click on the link below.
http://sourceforge.net/projects/linuxsa/files/
This will display a list of the available LinuxSA releases. Click on the release you want (probably the latest release). That should present you with a list of release files. Click on the zip or tar file and it will be downloaded to you system. You can now unzip/untar the file to a location of your choice.

The second method is for the more adventurous among you. This method will supply you with the latest development code base of LinuxSA. To obtain this code you will need to have the Subversion client installed on your workstation. The command listed below will work for both a Linux and Windows workstation.

svn export svn+ssh://username@svn.code.sf.net/p/linuxsa/trunk/ linuxsa

This command will export the current code base to the local linuxsa subdirectory, which must exist prior to issuing the command.

Running LinuxSA

Running LinuxSA is really easy. There are a minimum of command line options to worry about and once started, the program never prompts you for any reason. There are two basic method in which to run LinuxSA.

Assessing the Local Linux Machine

Using LinuxSA to assess the local machine is really easy. Only a simple command is necessary.

python ./linuxsa.py

This command will assess the local Linux machine.

Assessing a Remote Linux Machine

Assessing a remote machine is almost as easy as a local machine. The simple version is as follows:

python ./linuxsa.py --system 192.168.1.67

This will assess the specified remote machine using SSH. Here the assumption is that the user's current account will be used to perform SSH commands on the remote system. If you need to use a different account name then the command will look like this:

python ./linuxsa.py --system 192.168.1.67 --user remoteusername

This will cause LinuxSA to use the remoteusername in the SSH commands to the remote system.

Using a SSH Public Key to Prevent Password Prompts

There will be a very large number of SSH commands issued to a remote system. Continually entering the remote user's password will get tedious quickly. The trick to avoiding these password prompts is to store the remote user's SSH public key in your ~/.ssh/authorized_keys file. The process is very easy if the remote user already has a public key. If not then consult any SSH howto for an explanation of how to generate a public/private key and also how to install the public key onto the local system. A good short tutorial is located at https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2.

Creating a LinuxSA Assessment Report

In order to create an assessment report you need to have the Publican document system installed on your local machine (where LinuxSA is installed). If you are using LinuxSA on a Linux distribution just install the Publican and the Common brand RPMs/DEBs from your distribution. For Windows you will need to install Publican from its web site at https://fedorahosted.org/releases/p/u/publican/. Look for the latest .exe file (that was version 3.0 when this HowTo was written).

For Linux users there are some supplied commands to help you out with creating a report. The first command copies a skeleton report to the ./report directory. This command can be run either before or after you have run the linuxsa.py command.

./cpreport

If you have not already done so you can now run the linuxsa.py report to complete the report structure.

The next Linux command will actually create the PDF report.

./buildrpt

This command will create the entire report as a PDF file. The file will be located in the

./report/tmp/en-US/pdf

directory.

Windows users will need to consult the publican documentation in order build a report.

Customizing the LinuxSA Assessment Report

LinuxSA provides several ways for the report to be customized. All of them involve modifying existing skeleton files in the report. The following lists some common file that can be modified.

report/en-US/report.ent

You can change any entry in this file. All of the entries change the title page of the report.

report/en-US/summary.xml

This file allows you to add your own text to summarize the report to the reader. The format of the text must be in DocBook XML. You can add any text you like.

WARNING! Do not modify any text in files that have all capital letters in their name. Your changes will be lost after a subsequent run of the linuxsa.py command. The same is also true for changes to the skeleton files. Your changes will be lost in them after a subsequent cpreport command.

Keeping LinuxSA Reports Safe

LinuxSA reports should be stored in a safe place. The reports obviously contain sensitive data and that data could be used as a source of information to exploit the assessed system.