Welcome on YASAT home page

Project description

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)
Second goal is to document each test with maximum information and links to official documentation.
It do many tests for checking security configuration issue or others good practice.
It checks many software configurations like:

• Apache
• Bind DNS
• CUPS
• PHP
• kernel configuration
• mysql
• network configuration
• openvpn
• Packages update
• samba
• snmpd
• squid
• syslog
• tomcat
• user accounting
• vsftpd
• xinetd

YASAT is licensed under GPLv3

YASAT News

• 21 May 2012 YASAT 526

  • Now test the SSLCipherSuite for apache
  • Enhancement: Check size of private key
  • bug: The availability of echo -e was badly tested
  • bug: apache_vhost tested certificate as private key instead of certificate filetype
  • bug: apache_vhost could badly analyze order by clause
  • typo some advice links was bad
  • internal: link tester for advices
  • Enhancement: ssh test
  • Enhancement: vsftpd test
  • Fix some remaining bashism
  • Check the presence of Firewire kernel modules
  • Correction of some problems with dash and some empty variables (shift: cant shift that many)
  • Renamed yasat.sh to yasat
  • Lots of spelling fix
  • Enhancement: now correctly find the user running bind9 under debian
  • Lots of small fix for future Debian Wheezy

• 10 April 2012 YASAT is officially in Debian

  YASAT in Debian Great thanks to V. BERNAT for his help.

• 29 December 2011 YASAT 456

  • add chronyd to known ntpd servers
  • add logwatch test from Mr Sande
  • add password encryption test for shadow
  • add the list of command needed to correct problems reported by yasat in yasat_correct.shell
  • More kernel checks
  • Check for remote syslog logging
  • Check for auditd daemon
  • Arch Linux detection and pacman support
  • Lots of misc enhancement

14 June 2011 YASAT 421

• Skip option patch from Mr Sande
• Misc enhancement from Mr Didier
• Lots of known location added to apache_vhosts
• Typo in partition.test
• Misc enhancement
• POSIX CAPS test for setuid binaries

• 11 March 2011 YASAT 400

  • YASAT incorrectly searched umask value (thanks to Mikal Sande for report and patch)
  • YASAT now have a manpage
  • The CheckFile function will now check if the binary tested have SSP and PIE
  • Lots of advice spell checking and enhancement by Mikal Sande.

• 04 January 2011 YASAT 385

  • Misc modifications of PHP, apache, LDAP, SSH, MySQL
  • Initial test of security options of firefox
  • Better BIND server test
  • Basic support of checking technology behind a vhost (like PHP for testing php_admin_values like open_basedir)
  • Test of NFS mount options and NFSD exports options
  • Basic test if private key is password protected

• 02 August 2010 YASAT 351

  Very minor version. RPM and DEB package are now both available.

• 12 July 2010 YASAT 347

  • Add CUPS tests
  • Add Squid tests
  • Add Samba tests
  • More tests for mysql, kernel, bind, cyrus
  • Minor improvement for apache, package, network, snmp tests
  • Add the check-update option to YASAT
  • Add a css to html report for better HTML report (add div command and div conf)
  • Add test for password visible in mysql_history
  • Added Debian Lenny to binaries checks
  • And still lots of minor bugs corrections and improvements

• 01 July 2010 first RPM of YASAT

  Now, YASAT will be also available also as RPM file. DEB file will follow soon.

• 09 June 2010 YASAT in official gentoo portage tree

  YASAT is now available under the Gentoo distribution.

• 03 June 2010 YASAT 286 is out

  Minor release that correct the yasat Makefile

• 26 May 2010 YASAT 280 is out

  With the release of OpenBSD4.7, i benefited for made a better support of OpenBSD.
  YASAT check now for securelevel, encrypted swap and other features.
  Lots of enhancement like detection of mod_deflate/gzip for apache,
  more kernel test, inetd basic support and more TODOS :D

• 02 March 2010 YASAT 247 is out

  With this alpha release YASAT better support RedHat and clones.

• 12 January 2010.

  Another alpha release that corrects some problems under BSD.
  Fix some bashisms so that yasat works out of the box under FreeBSD (csh).
  Fix also lots of misspelling

• 05 January 2010.

  Happy new year. 5th alpha available. YASAT is just at 137 TODOs of the beta version.

• 1 December 2009.

  First alpha release of YASAT would be available soon

Screenshots

Download

All available downloads can be found at Sourceforge.net

• Last release Yasat 526
  • MD5SUM 0c915684e263e1246669ad19ae905fb4
  • SHA1SUM 15081946fa2481f24e15cd760b1329297f7a0c9d

Installation, configuration, supported systems

YASAT has been tested on

• Gentoo
• Debian
• Ubuntu
• FreeBSD
• OpenBSD
• RedHat
• CentOS
• ArchLinux
• But should work on all unix even if many tests is linux-oriented...

Official distribution

• Gentoo
• Arch Linux
• Debian
• Ubuntu

For a simple installation:

• Simply untar the yasat tarball
tar xvzf yasat-releasenumber.tar.gz
• Change directory to yasat directory
cd yasat
• and type ./yasat

For a classic installation, just do make install (Accept PREFIX and DESTDIR variable)

Support, bugs, patchs, critics, etc..

Patch, contributions, critics ( even bad:) ) are welcome.
You can perhaps find me on channel #yasat on Freenode IRC servers

Similar projects

• Tiger Tiger can be found here
• Lynis Lynis can be found here
• checksecurity checksecurity can be found here
• seccheck Seccheck can be found here
• sectool Sectool can be found here
• OpenVAS OpenVAS can be found here
• W3AF W3AF can be found here
• Checksec Checksec can be found here
• Quick and Dirty CVE Checker (QDCC) Quick and Dirty CVE Checker can be found here

Usefull documents

To be completed

• Server hardening checklists
• Securing productions systems
• Gentoo Kernel security guide
• portability issue of basic commands
• Securing debian

From the same fool

• FWSQL

Project Web Hosted by