DOKK / manpages / debian 11 / yasat / yasat.8.en
YASAT(8) YASAT 848 YASAT(8)

YASAT - simple stupid audit tool

yasat [--standard(-s)] [--list(-l)] [--debug(-d)] [--help(-h)] [--html(-H)] [--html-output PATH] [--advice-lang LANG] [--full-scan(-f)] [--plugins-dir(-P) PATH] [--nopause(-a)] [--plugin(-1) PATH] [--scanroot(-r) PATH] [--Plugin(-p) NAME] [--print-level X] [--check-update]

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut) Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking security configuration issue or others good practice.

It checks many software configurations like: Apache, Bind DNS, CUPS, PHP, kernel configuration, MySQL, network configuration, openvpn, Packages update, samba, snmpd, squid, tomcat, user accounting, vsftpd, xinetd,

YASAT will performs a standard check of the system, printing out the results of each test to stdout. A log is also created in ~/.yasat/yasat.result by default

List all plugins available

YASAT will export results in html (default to ~/yasat/yasat.html)

With -H, this option permit to change the file where to store html output.

By default, YASAT print message in english (EN), you can change the displayed lang with this option. LANG is the 2letter digit of the lang you want. For the moment only EN is supported.

YASAT will do extra (long) tests (lots of find).

Set the path where YASAT can find plugins to use. (default is ./plugins )

By default, YASAT made a pause after each plugin. For automatize tests you can use this.

YASAT will just use the plugin pointed by PATH (ex: yasat -1 kernel)

YASAT will scan PATH instead of / (ex: yasat -r /mnt/centos6)

YASAT will check for a specific compliance (nsa, cce, or all) and will print the compliance results.

YASAT will print infos equal or above the level X (All = 0 (default), infos = 1 warnings(orange) = 2, errors(red) = 3

A comma separated list of tests to skip without the .test (ex: --skip nfs,ntp). See yasat --list for all tests.

Check if an update of YASAT exists

Like --check-update, but it will send also as parameter your OS version for statistics. In the future, perhaps also a sort of send_bugs.

YASAT is licensed under the GPL v3 license and under development by LABBE Corentin.

All contacts informations could be found at http://yasat.sourceforge.net/

30 August 2015 848