Projects / Linux Security Auditing Tool

Linux Security Auditing Tool

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks many system configurations and local network settings on the system for common security/config errors and for packages that are not needed. It has been tested on Linux (Gentoo, Red Hat, Debian, etc.) and Solaris (SunOS 2.x).

Operating Systems

Recent releases

  •  21 May 2014 18:14

    Release Notes: Bugs and errors were fixed in the following modules: checklogging, checknet, checknetpromisc, checkipv4, checkhosts, and checkservices. Improvements were made to the checkipv4 and checkservices module. An issue where LSAT was failing on Gentoo and Red Hat/CentOS when certain features were enabled was fixed. modules.html is now consistent with current modules in LSAT.

    •  27 Apr 2014 01:53

      Release Notes: Adds Ubuntu and LinuxMint distributions. Makes the Gentoo check more thorough. Adds checks for grub2. Changes checkservices to include Debian, derivatives, and Gentoo. Numerous cleanups, improved HTML output, help and man page additions, and the addition of ubuntu and linuxmint checks to checkrcperms.

      •  04 May 2008 21:11

        Release Notes: This release adds an extra limits check on resource limits, a Redhat/Fedora specific check in checkcfg, and checking for strict mode in SSH config. It fixes a few small output errors.

        •  21 May 2007 02:51

          Release Notes: The dependency on the popt library has been removed. This release adds extra passwd and group checks under Linux, a check for failed logins under Linux/Solaris, a check for kernel modules under Solaris, network interface stats, and routing checks. It fixes a problem in checknetforward giving false positives, and an issue where verbose output was not very consistent. The kernel module check under Linux has been modified.

          •  28 Apr 2007 19:30

            Release Notes: Headers were missing from a number of modules, and checkrc was not working under Linux kernel 2.6 and gentoo. A possible symlink attack in various modules and notes in modules writing instructions were fixed. The checkinit module returning false positive under gentoo was fixed. checknet was changed to reflect a network promiscuity change under the Linux 2.6 kernel. The behavior of checkopenfiles was changed, as it would not catch some open files. More checking was added to the checkdotfiles module. Various typos and formatting errors were fixed.

            Recent comments

            11 Apr 2003 07:38 Triode

            Re: Thorough program

            Thanks for the input. The securitylinks.txt file has been
            updated to reflect this, and also the output of
            LSAT has been changed to make note of this. It should also be more careful about system account checks now. Additionally, the httpd checking error should be resolved. These notes apply to lsat-0.6.7.

            20 Mar 2003 03:13 CanadaGeek

            Thorough program
            Thourough program - full check.

            But be careful taking the advice of the output file as it may lead to rendering your machine unbootable. Example - it suggested I delete users sashroot, sys and uucp. I deleted sashroot (since root, also user 0 was a duplicate) and uucp. But had I deleted sys, my entire /dev folder and contents would have been toast!

            It also made an error by saying Apache was being run as root. Apache isn't even installed on my system.

            Other that those two, I give it a 7, as it seems quite useful :-)


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.