sherpa v0.1.4 - a system security configuration tool ---------------------------------------------------------------------- PREREQUISITES In order to install and use this package you will need Perl version 5.004 or later. sherpa uses the File module that comes with the above version of Perl. If you don't have it, it is available on CPAN. While you might be able to get sherpa to work with earlier versions of Perl, there is no guarantee that it will work nor can I support these earlier versions. INSTALLATION 1) Extract the archive file (sherpa-.tar.gz) into a directory where sherpa will live. A good place might be /usr/local/sherpa (default location). Set permissions on this directory to 750, with root being both the UID and GID for the archive file contents. NOTE: You should run sherpa as superuser since it can make changes to system files in terms of permissions and ownership. If you set the permissions to 750, then the average user will not be able to access sherpa (which is probably what you want). 2) Read through the README file. Read through the enclosed copy of the AUSCERT Unix security checklist. Many of it's suggestions are incorporated in sherpa where appropriate. 3) Edit the perms.lst file based on your local needs. Included are sample files for RedHat 5.x/6.x and SuSE 6.0 installs. 4) Edit find.lst based on your local needs. Only first-level directory entries are possible (this will likely change in future versions). 5) Edit sherpa.pl for local information needs. All configurable options are found in sherpa.pl near the beginning of the script and are demarcated accordingly. 6) Run sherpa.pl as root. By default, sherpa will use a verbose mode for results of its running. You can always turn this off if you like (-V commandline option). You must specify at least one of the three system checks (-s, -c, or -p); otherwise, sherpa will exit with an error message. 7) Examine sherpa's output file to see if you need to change any options and to see how the first run was completed. 8) If you would like sherpa to automatically enforce the permissions as outlined in your perms.lst template, run sherpa with the -f option on the commandline. NOTE: Once you have sherpa running the way you like, feel free to add it as a cron job for periodic system scanning. Depending upon your site needs, sherpa can be cron-ed to run as often you like.