|
Getting started
What you need to do to
run SAINT
SAINT supports two different procedures for configuring
and compiling the software. The newer procedure uses
the "configure" script to set the configuration parameters
appropriately for your operating system:
- From the UNIX prompt, run "./configure".
- From the UNIX prompt, run "make".
- Run "make install" if you want to install the man page
on your system.
- Edit the config/saint.cf file, if so desired.
The older procedure uses predefined Makefile targets for each
supported operating system:
- From the UNIX prompt, run "perl reconfig".
- From the UNIX prompt, run "make -f old <target>", where
<target> is your operating system type. Type "make -f old" to
see a list of supported operating system types.
- Edit the config/saint.cf file, if so desired.
Once SAINT is configured and compiled, SAINT is used by following these steps:
- From the UNIX prompt, run "./saint" to begin using SAINT from
the HTML interface. (To run SAINT from the command line, see below.)
Note - SAINT should always be run as "root"!
- Choose Configuration Management to change the default scan
configuration if desired.
- Choose Target Selection to select the target host(s), scan level,
and firewall support, and to start the scan.
- When the scan finishes, choose Data Analysis to view the results. Look at the
Vulnerabilities section first, then examine the other
sections, Information and Trust.
If the HTML interface is not desired, then use SAINT from the command
line. All of the options available from the Configuration Management
and Target Selection screen are also available using command-line
options. Type "./saint -H" to look at the options.
After the probe is done, the results will be displayed in a text format.
If you wish to review the results in HTML, you can then go into the HTML interface
(again, just type "./saint") and choose Data Analysis
to view the results.
There is one important caveat. Please remember, if you have tcpd
wrappers installed on the SAINT platform, or some other mechanism
that does reverse fingering, turn off the feature before running the
SAINT program! This must be done as there is a reasonable chance that
a target of the probe may also have this feature enabled. If the
SAINT platform and a target of the SAINT probe both have reverse
fingering enabled, the result will be a "finger war". In other words,
an infinite loop of fingers between the SAINT platform and the probe
target will be generated. If this happens, both machines will quickly be
overwhelmed by the resulting mail and/or logs generated. After
running the SAINT probe, remember to turn the reverse fingering
feature back on, of course!
Downloading and Compiling SAINT components
You will need PERL version 5.00 or above
as well as a C compiler to get SAINT running properly. It is also
recommended to have NMAP and Samba utilities installed on the system
running SAINT.
See system requirements
for information on obtaining these tools.
To compile and prepare SAINT, look at the
first section of the SAINT tutorial.
What are all these files?
SAINT creates and uses quite a few files, but a user typically only has
to really be concerned with one - the configuration file,
(config/saint.cf.) Besides the program files that
actually run SAINT, the following files are read or generated by SAINT:
- bin/*: The programs in this directory are those that SAINT uses
for data acquisition functions.
- config/*: These files are configuration files that SAINT uses
to locate needed supplemental programs. These files also contain all SAINT
default settings.
- html/*: The files found in this directory are either html pages or
perl programs. They are used by SAINT to generate the components of the HTML
interface.
- perl/*: Here you will find code modules used either by SAINT or the data
acquisition tools.
- results/<database name>: These directories contain all of the SAINT databases.
Each database is made up of four files:
- all-hosts: This file contains a list of all the hosts that
SAINT discovered during the scan, including hosts that it did not scan.
- facts: This file contains a list of all the output records
emitted by the *.saint tools. These records are processed
by SAINT to generate the reports.
- todo: This file contains a list of all the probes
that SAINT actually ran against the target hosts. SAINT uses this file
to avoid duplicating probes if a SAINT scan is rerun against a target host.
- cve: This file contains a list of all the vulnerabilities
that were found which either had a corresponding CVE
number or were on the list of SANS Top 10
Internet Security Threats.
- rules/*. The files in this directory are used by SAINT to
assess the situation
and infer facts from the existing information. These files comprise one
of the most powerful features of the SAINT program. This feature is known
for its extreme flexibility. The underlying rules were built using PERL,
and may be easily configured.
See the rules section for more information.
- src/* This directory contains the source code to some of
the SAINT support programs.
Back to the Introductory TOC/Index
|