|
Previous | Table of Contents | Next |
The Control Panel
The SATAN Control Panel is your primary control menu for using SATAN (see fig. 8.1). There you find links to HTML pages that enable you to do the following:
Figure 8.1 The SATAN Control Panel.
In addition to the major options listed, a few links permit the user to FTP the latest version of SATAN from a Dutch FTP archive, to change the name of the program to SANTA (if the name SATAN offends you), to find information about the artwork in the program, and to find information about the authors of the program.
Data Management
Each SATAN scan of a target system generates a series of database records that are stored in a database file. The default name of the database file is satan-data. For maintaining large amounts of data, SATAN enables you to specify the name of the database file. If you choose the SATAN Data Management option from the SATAN Control Panel, your web browser displays the screen shown in figure 8.2. The screen shows you the names of the existing databases and enables you to do the following:
Figure 8.2 The SATAN Data Management screen.
Notice that the URL in the Location field of figure 8.2 includes a TCP port number and a 32-byte value. The port number corresponds to the port that the SATAN HTML daemon (html.pl) is listening on, and the 32-byte value is the password that permits access. The password is generated by an md5 hash function and should be unique to your system.
Target Selection
When you are ready to run a SATAN scan, choose the SATAN Target Selection option on the SATAN Control Panel. By selecting that option, you are first presented with the screen shown in figure 8.3the SATAN Target Selection screen. From here, you can specify the following:
Figure 8.3 The SATAN target selection screen.
After specifying this information, you can now initiate the scan. As the scan proceeds, you see the name of each component scan program (mostly .satan scripts) being executed, along with parameters, on the SATAN Data Collection screen shown in figure 8.4. Note that each component scan program is invoked using the timeout program. This timeout program acts as a wrapper around the actual program, using the first argument as the maximum number of seconds that the program is permitted to run before the timeout causes the program to execute. The signal that the timeout program sends, and the timeout values, can be configured using the satan.cf file or the SATAN Configuration Management screen. Notice from figure 8.4 that the scan of this single host took about 38 seconds.
Figure 8.4 The SATAN data collection screen
After the scan completes, you can select the View Primary Target Results option from the SATAN Data Collection screen to get to the SATAN Results screen, shown in figure 8.5. The SATAN Results screen provides a summary of information about the host, as well as a list of vulnerability information. These results are based on the database records generated by the scan.
Figure 8.5 The SATAN Results screen.
Reporting and Data Analysis
After running scans on several hosts, you might want to generate reports or analyze the data from multiple hosts. By choosing the SATAN Reporting & Data Analysis option from the SATAN Control Panel, you are presented with the screen shown in figure 8.6. From this SATAN Reporting and Analysis screen, you can generate reports on all the scan results by the following criteria:
Figure 8.6 The SATAN Reporting and Analysis screen.
You can also generate a list of trusted hosts and trusting hosts. By selecting the By Type of Vulnerability option on the SATAN Reporting and Analysis screen, you get the SATAN Vulnerabilities - By Type report shown in figure 8.7. This screen is very useful if you are trying to eliminate security problems of a certain type. For example, if you thought that hackers were actively attacking systems running rexd, this screen would be very useful in helping you to determine the scope of the problem.
Figure 8.7 The SATAN Vulnerabilities - By Type report.
Configuration Management
By choosing the SATAN Configuration Management option from the SATAN Control Panel, you can modify the configuration set in satan.cf. Using the screens shown in figures 8.8 and 8.9, you can modify the following parameters:
Figure 8.8 The SATAN Configuration Management screen, part 1.
Figure 8.9 The SATAN Configuration Management screen, part 2.
Previous | Table of Contents | Next |