|
Previous | Table of Contents | Next |
SATAN is available from the following sites:
After you have downloaded SATAN to your system via ftp, use uncompress satan-1.1.1.tar.Z (or compress -d) and then tar xvf satan-1.1.1.tar to extract all the SATAN files.
At this point, the SATAN directory should look like this:
Changes TODO html/ perllib/ rules/ satan.ps Makefile* bin/ include/ reconfig* satan src/ README config/ perl/ repent* satan.8
A more detailed look at the files and directories included in the SATAN distribution provides an insight into how SATAN works and how it can be extended.
The satan-1.1.1 Directory
The top-level directory contains the following programs:
Note that SATAN creates a satan-1.1.1/results directory to store the results. This directory is only root searchable and readable.
The include Directory
The include directory is created only for Linux. Some distributions of Linux require the 44BSD /usr/include/netinet files to compile. SATAN creates the following two directories but does not put any files into them. If the top-level make for Linux is unable to find ip.h, it assumes that all the netinet files are missing and tells the user to put the netinet files from 44BSD into the following directory:
The rules Directory
The rules directory is critical to the functioning of SATAN. It includes the inference rules that govern the future actions of SATAN, based on previous results, as well as making assumptions based on information gathering. It includes the following files:
The config Directory
SATAN users need to customize the pathnames to system utilities in the appropriate files in the config directory. In addition, the SATAN configuration file, satan.cf, is located here. This configuration file controls the default behavior of SATAN, indicating the scan type, the content of each scan, the proximity search variables, and timeouts.
This directory includes the following files:
The PERLlib Directory
The PERLlib directory includes two files from the PERL5.000 distribution that are sometimes not included on all PERL5.000 FTP sites. Just in case, SATAN includes them in this directory. It includes the following files:
The bin Directory
The bin directory contains the actual executables used by SATAN to investigate remote systems. After the top-level make is executed, all the binaries resulting from builds in the src directory are deposited into this directory. All the distributed .satan files are PERL scripts, and many of them invoke the binaries resulting from src/ builds. Each .satan executable generates a SATAN database record if it finds a piece of information about the remote host.
SATAN refers to each .satan program as a tool. Users can execute each of these PERL scripts by hand to investigate the particular vulnerabilities. Many of them include verbose (-v) options to indicate exactly what they are doing. Users who wish to add extra security checks can create similar files and place them here with the .satan extension.
Previous | Table of Contents | Next |