1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<HTML>
<HEAD>
<title>Getting started!</title>
<LINK REV="made" HREF="mailto:satan@fish.com">
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<H1><IMG SRC="../images/satan.gif" ALT="[SATAN IMAGE]">Getting started</H1>
<HR>
<p>
<A NAME="what-you-need"><H3>What you need to do to
run SATAN even if you don't want to read documentation</H3></A>
In a nutshell, all you really have to do is type <I>make</I>, edit the
configuration file <A HREF="satan.cf.html">(config/satan.cf)</A>
if desired, and then run SATAN; to use the HTML interface to run SATAN
you may simply type <I>satan</I>, then use <I>SATAN Target selection</I>
to choose a target. To run SATAN from the command line you would type
something like <I>satan victim.com</I>.
<p>
<STRONG> Remember - you should run SATAN as "root"!</STRONG>
<p>
After the probe is done, you can then go into the HTML interface (again, just
type <I>satan</I>), go to the <I>SATAN Reporting & Data Analysis</I>
section. Look at the <I>Vulnerabilities</I> section first, then examine
the other methods (<I>Information</I> and <I>Trust</I>).
<p>
<STRONG>One important caveat!</STRONG>
<p>
Remember, if you have the <i>tcpd
wrappers</i> or some other mechanism that does a reverse finger, turn
off that feature before running SATAN! There is a reasonable chance that
someone else out on the network will have the same feature turned on, and
you do NOT want to enter into a "finger war" or infinite loop of
fingers going back and forth between you and your targets, each of you
slowly getting buried in mail and/or logs. Make sure to turn it
back on after finishing the data collection, of course!
<p>
<A NAME="getting-n-compiling"><H3>Getting and compiling
all those programs if you don't have them already</H3></A>
You'll need <i>perl5</i> (see
<A HREF="system_requirements.html#other-requirements">
system requirements</A>) as well as a C compiler to get SATAN running properly.
To compile and prepare SATAN, look at the
<A HREF="../tutorials/first_time/make.html">
first section</A> of the SATAN tutorial.
<p>
<A NAME="satan-files"><H3>What are all the files for?</H3></A>
SATAN creates and uses quite a few files, but a user typically only has
to really be concerned with one - the configuration file,
(<A HREF="satan.cf.html">config/satan.cf</A>.) Besides the program files that
actually run SATAN, the following files are read or generated by SATAN:
<OL>
<li><i>bin/*</i> These are the programs that SATAN depends on for
data acquisition.
<li><i>config/*</i> Configuration files that SATAN need to find other
programs, and for default settings.
<li><I>html/*</I>. All of these files are either <i>html</i> pages or
<i>perl</i> programs to generate the pages for the user interface.
<li><i>perl/*</i> Code modules used by either SATAN or by the data
acquisition tools.
<li><I>results/database-name</i>. SATAN databases. Each database is made
up of three files:
<ol>
<li><I>all-hosts</I>. This is a list of all the hosts that
SATAN found out about during the scan, including hosts that it never touched.
<li><I>facts</I>. This is a list of all the output records
emitted by the <i>*.satan</i> tools. These records are what gets processed
by SATAN to generate the reports.
<li><i>todo</I>. This lists all the hosts and probes
that SATAN actually ran against the hosts. With this table, SATAN knows what
probes it can skip when you scan the hosts again.
</OL>
<li><I>rules/*</I>. The rules that SATAN uses to assess the situation
and infer facts from the existing information. Extremely flexible
(simply <i>perl</i> code that is interpreted), this is one of the most powerful
features of SATAN. See the <A HREF="satan.rules.html">rules</A> section for
more.
<li><i>src/*</i> The source code to some of the SATAN support programs.
</OL>
<hr>
<a href="satan_overview.html"> Back to the Introductory TOC/Index</a>
</BODY>
</HTML>
|
