YASAT - simple
stupid audit tool
yasat [--standard(-s)] [--list(-l)] [--debug(-d)]
[--help(-h)] [--html(-H)] [--html-output PATH] [--advice-lang
LANG] [--full-scan(-f)] [--plugins-dir(-P) PATH]
[--nopause(-a)] [--plugin(-1) PATH] [--scanroot(-r) PATH]
[--Plugin(-p) NAME] [--print-level X] [--check-update]
YASAT (Yet Another Stupid Audit Tool) is a simple stupid
audit tool. Its goal is to be as simple as possible with minimum binary
dependencies (only sed, grep and cut) Second goal is to document each test
with maximum information and links to official documentation. It do many
tests for checking security configuration issue or others good practice.
It checks many software configurations like: Apache, Bind DNS,
CUPS, PHP, kernel configuration, MySQL, network configuration, openvpn,
Packages update, samba, snmpd, squid, tomcat, user accounting, vsftpd,
xinetd,
- --standard (or
-a)
- YASAT will performs a standard check of the system, printing out the
results of each test to stdout. A log is also created in
~/.yasat/yasat.result by default
- --list (or -l)
- List all plugins available
- --html (or -H)
- YASAT will export results in html (default to ~/yasat/yasat.html)
- --html-output
PATH
- With -H, this option permit to change the file where to store html output.
- --advice-lang
LANG
- By default, YASAT print message in english (EN), you can change the
displayed lang with this option. LANG is the 2letter digit of the lang you
want. For the moment only EN is supported.
- --full-scan (or
-f)
- YASAT will do extra (long) tests (lots of find).
- --plugins-dir
PATH (or -P)
- Set the path where YASAT can find plugins to use. (default is ./plugins )
- --nopause (or
-a)
- By default, YASAT made a pause after each plugin. For automatize tests you
can use this.
- --plugin PATH (or
-1)
- YASAT will just use the plugin pointed by PATH (ex: yasat -1 kernel)
- --scanroot PATH (or
-r)
- YASAT will scan PATH instead of / (ex: yasat -r /mnt/centos6)
- --compliance
TYPE
- YASAT will check for a specific compliance (nsa, cce, or all) and will
print the compliance results.
- --print-level
x (or -1)
- YASAT will print infos equal or above the level X (All = 0 (default),
infos = 1 warnings(orange) = 2, errors(red) = 3
- --skip TEST
- A comma separated list of tests to skip without the .test (ex: --skip
nfs,ntp). See yasat --list for all tests.
- --check-update
- Check if an update of YASAT exists
- --send-support
- Like --check-update, but it will send also as parameter your OS version
for statistics. In the future, perhaps also a sort of send_bugs.
YASAT is licensed under the GPL v3 license and under development
by LABBE Corentin.
All contacts informations could be found at
http://yasat.sourceforge.net/