[192] in linux-security and linux-alert archive
Report: LINUX and SATAN
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Apr 6 00:59:54 1995
Resent-From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
Resent-To: linux-security@tarsier.cv.nrao.edu
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: Olaf Kirch <okir@monad.swb.de>
cc: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
Date: Wed, 5 Apr 1995 22:00:16 -0400 (EDT)
Hi,
Here's the report. As Temple still does not have any position
about SATAN, I can't say that this part of Linux security FAQ is written
by me.
Best wishes,
Alex
============================================================================
SATAN and Linux
LINUX SECURITY FAQ UPDATE
April 5, 1995, 22:30 EST
I think that it is fair to say now that the SATAN toolkit that was
released today was not worth all the talks about it. On other hand
it did provide the tool to efficiently analyze security of Linux
systems. The following is a brief report.
QUESTION: Does the Satan run on Linux?
ANSWER: Yes it does. The default Satan configuration for Linux is unusable.
In order to compile parts of Satan on Linux you will need to
obtain SunOS's /usr/include/netinet/ip.h and
/usr/include/netinet/ip_icmp.h. Use these files instead of Linux
ip.h and ip_icmp.h. You will also need to change name of variables
in in the udp_scan.c
QUESTION: What can be said about security of Linux systems in general?
ANSWER: Of 174 systems scanned, 17 (10%) had a problem with anonymous ftp
and 5 with the Universal NFS Server 2.0. Olaf Kirch's server
version 2.1 was not detected as the one having holes.
QUESTION: Does Courtney-1.2 detect SATAN's attacks?
ANSWER: NO IT DOES NOT! Courtney-1.2. was not able detect any total 500
attacks made against network of DEC Alphas, Sun's and Linux systems.
=============================================================================
WARNING: YOU HAVE TO UPDATE THE DEFAULT NFS SERVER THAT COMES WITH
SLACKWARE 2.1.0
=============================================================================
[Mod: The newly-released Slackware 2.2.0 also still uses this woefully
insecure NFS server (version 2.0). --Jeff.]
