LinuxSA Files

                           Linux Security Assessment
                                 Apr 14, 2015

W. David Ashley
w.david.ashley@gmail.com


The Linux Security Assessment (LinuxSA) tool provides an automated method of assessing
the security settings of a Linux distributions. It has been tested on the following
distributions.

Red Hat 6 and 7
CentOS 7
Fedora 20 and 21
openSUSE 13.2
SuSE 11
Ubuntu 14.10
Linux Mint 17.1

LinuxSA uses the "Guide to the Secure Configuration of Red Hat Enterprise Linux 5"
published by the National Security Agency (NSA) as the specification for\ assessment
activities. This document is freely available from the US Government at
https://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf
The LinuxSA assessment tool is generally organized to reflect this document so finding
a specific assessment activity is as easy as possible.

Altouugh the NSA document has not been updated for later versions of Red Hat or
other non RPM-based operating systems, LinuxSA has updated the assessment mechanisms to
reflect RHEL 6 and 7 as well as Fedora, SuSE, Ubuntu, and OpenSuSE. All efforts will be
made to continue updating LinuxSA to support newer operating system releases and services.


Requirements
============

1. This tools is meant to be run from your laptop or workstation. But it can also be
   installed on the target machine and run locally. Running it locally is the safest
   method. If you choose to run linuxsa.py remotely, be sure that the local machine
   is on a safe internal network. Running linuxsa.py over the Internet can obviously 
   be very unsafe.
2. Python 2.7 or later is required. Version 2.5 might work but has not been tested.
3. The target Linux distribution must be configured as follows:
   a. A remote target machine must have at least one network interface that allows a
      standard user or root to login via ssh.
   b. In order to eliminate the prompts for the user's password you should utilize the
      remote user's SSH public key and install it into the local machine containing LinuxSA.
      SSH keys are not required if the local machine is also the target machine.
   c. For Windows you should install the latest version of Putty to provide SSH.
4 The Publican document system is required to build the output report. You will need to
  install the Publican RPM or the Publican-Installer-xxx.exe for Windows. There is also
  a version for Mac OSX and DEB-based systems (see the Publican Users's Guide).

Notes
=====

1. The linuxsa.py and other commands assume the the current directory is the directory
   where the linixsa.py command resides. All LinuxSA commands should be run with this as the
   current directory.
2. Before creating the report you should copy the files from the report_skel subdirectory to
   the report subdirectory using the cpreport command. Please be aware that cpreport
   will remove all files from the report directory tree every time you run it. So if you 
   have a report that needs to be saved you should do that before running cpreport.
3. Edit the report/en-US/report.xml and report.ent files and apply the customer name and the
   current date to the files.
4. Now run the linuxsa.py command. There are two optional arguments that can be passed to the 
   command. You can get help by providing the --help argument.
5. After running the linuxsa.py script you should review the output and make any
   changes/additions necessary to the report/en-US/summary.xml file. There are any number
   of items you may want to note concerning both specific and general security settings of
   the customer's target host. After you make your additions you can rebuild the report.
6. The buildrpt script will build the the report only on a Linux machine. You will need to
   manually run the necessary commands on Windows.
7. Be sure to save the output PDF report to a safe location. It contains valuable information
   that could be used to exploit weaknesses in the target system.