Introduction to the security administrator network analysis tool SATAN in Linux

SATAN is designed for UNIX. It is mainly written in C and Perl (HTML technology is also used for user interface friendliness ). It can run on many UNIX-like platforms, some of which do not need to be transplanted at all, but are only omitted for transplantation on other platforms.

Note: Running SATAN on Linux has a special problem. Some rules applied to the original system may cause a fatal defect of system failure on the Linus platform; select () is implemented in the tcp-scan module () the call may also cause problems. Finally, If you scan a complete subnet, reverse fping explosion will be introduced, that is, socket buffer overflow. However, a website not only contains the improved SATAN binary code for Linux, but also the diff file. These terms can be found at ftp.lod.com.

Or you can directly obtain the diff file from the Sun site (sunsite.unc.edu:

/Pub/linux/system/network/admin/satan-linux.1.1.1.diff.gz

SATAN scans many known vulnerabilities on remote hosts, including but not limited to the following:

■ FTPD Vulnerability and writable FTP directory

■ NFS Vulnerability

■ NIS vulnerability

■ RSH Vulnerability

■ Sendmail

■ X Server Vulnerability

Installation Process

The installation of SATAN is the same as that of other applications. The SATAN directory on each platform may be slightly different, but it is generally/satan-1.1.1. The first step for installation (after reading instructions in the user documentation) is to run the Perl program reconfig. This program searches for various components and defines the directory path. If it cannot find or define a browser. The operation fails. Users who install the browser in a non-standard directory (and do not set it in PATH) will have to set it manually. Similarly, users who do not use DNS (do not run DNS on their own machines) must log on to/satan-1.1.1/conf/satan. in cf, perform the following settings: $ dont_use_nslookuo = 1. After solving all path problems, you can run the installation program (IRIX or SunOS) on the distributed system ), I suggest you observe the compilation carefully to find out the error.

Tip: SATAN requires more resources than normal scanners, especially for memory and processor functions. If you are slow in running SATAN, you can try several solutions. The most direct method is to expand the memory and improve the processor capabilities. However, if this method fails, I suggest using the following two methods: First, try to delete other processes; the second is to limit the number of hosts you scan at a time to less than 100. The last note is that SATAN has a line command interface for hosts without powerful video support or limited memory resources, which is very important.