Sherpa

sherpa inventories basic filesystem security (permissions, file
ownership) and creates a report of what it finds. It can also be used as a
remedial tool, one that will change file permissions and ownership
according to the modes listed in perms.lst. 

sherpa will do a series basic check of RedHat GNU/Linux 5.x/6.x and SuSE
6.0 filesystems and should be run (a) after inital installation of the
operating system and then (b) periodically. Many of the checks performed
herein are based on sources I have studied and found useful. 

sherpa performs the following checks on your local filesystems: 

1.	Checks for SUID and SGID files
2.	Checks for world writable files
3.	Checks for .rhosts and hosts.equiv files
4.	Summarizes configured network services (via inetd) and checks for use
        of tcp_wrappers
5.	Checks for use of shadow passwords
6.	Checks file and directory permissions, as well as ownership against a
        set list (a sample list for RedHat 6.x is here)

Also, sherpa is written in Perl because of ease of use when it comes to
report generation and system administration needs. While I'm sure a C
program would be faster, it would be a lot less *practical* than a Perl
script and less amenable to localized tweaking as the need to do so
arises. 


Features

*	scanning of system configuration files for common problems
*	scanning of file system permissions and ownership bits including
        SUID/SGID bits
*	inventory of world-writable files/dirs
*	generates reports (ASCII or HTML) and/or logs of scanning results
*	suitable for periodic execution via cron
*	can automatically fix permission/ownership problems if desired


To-do

*	Add disk space inventory (using df).
*	Check for anonymous ftp and it's configuration.
*	Check for apache configuration.
*	Examination of package versions for known problematic releases.
*	Check for suspicious file names (recovery/auditing) as suggested
        by Frank Price.
*	Scanning of log files for possible intrusion signs.
*	Add permission lists for other distros.

The Sherpa homepage is located at:

	http://rcrelia.hypermart.net/sherpa/