CARP

Section: User Commands (1)
Updated: February 12, 1992
Index Return to Main Contents
 

NAME

carp - COPS data analysis tool  

SYNOPSIS

carp [ -x ] cops_directory  

DESCRIPTION

carp (COPS Analysis and Report Program) is a data analysis tool that views and analyze multiple COPS result files (important -- the COPS result files must have been created with the -v flag; carp needs the extra information.) It is run by specifying the root of the cops directory tree that contains various cops output files (as long as the results files are in subdirectories of the cops directory, it will find them, presumably from a network of data. It checks all subdirectories (and hence hostnames) containing cops reports (they are named something like "1992_Dec_31".) It then runs two subprograms; a report analyzer (carp.anlz) and a table generator (carp.table), to produce the final output, which will look something like: 

hostname      rep date     crn dev ftp grp hme is pass
=======================================================
neuromancer  1992_Jan_27  | 1 |   | 2 |   | 1 | 2 |   |
sun          1992_Jan_26  |   |   | 2 | 2 | 1 | 2 |   |
death        1992_Jan_15  |   |   |   | 2 | 1 | 2 | 0 |

The date is the date the cops report was created, the other headers correspond to the various checks that cops runs; cron.chk, ftp.chk, etc. The number refers to the severity of the most serious warning from that host on that particular check:

0 == a problem that, if exploited, can gain root access almost instantly for an intruder.
1 == a serious security problem, such as a guessed password.
2 == a possibly serious security problem, but one that is difficult to analyze via a mere program. Look at the problems in question, and decide for yourself.
Blanks mean that no problem was found (*not* that no problem exists!)

All of these numbers are in the carp.anlz program (see the comments at the top of that file); they can be modified to best suit your needs... and, of course, you should look at the actual cops report for more information on the specific problems encountered.

options are:

-x
Output the path to the result file so that xcarp will be able to find the specific host COPS report information.

In addition, there are two sister tools that can be used in conjunction with carp -- an X previewer ( xcarp; note that xcarp will only work if the "-x" flag is used when running carp), and a filter (carp2ps) that will generate postscript code suitable for printing (or framing, I guess.)  

SEE ALSO

carp.anlz(1) carp2ps(1) xcarp(vaporware right now; soon to exist)  

BUGS

carp dies silently and horribly if the "-v" option wasn't used to generate the COPS reports.

 

Index

NAME
SYNOPSIS
DESCRIPTION
SEE ALSO
BUGS
This document was created by man2html, using the manual pages.
Time: 23:44:36 GMT, February 06, 2023