CARP
Section: User Commands (1)
Updated: February 12, 1992
Index
Return to Main Contents
NAME
carp - COPS data analysis tool
SYNOPSIS
carp
[
-x
]
cops_directory
DESCRIPTION
carp
(COPS Analysis and Report Program) is a data analysis tool that
views and analyze multiple COPS result files (important -- the
COPS result files must have been created with the -v flag;
carp
needs the extra information.) It is run by
specifying the root of the cops directory tree that contains
various cops output files (as long as the results files are in
subdirectories of the cops directory, it will find them, presumably
from a network of data. It checks all subdirectories (and hence
hostnames) containing cops reports (they are named something like
"1992_Dec_31".) It then runs two subprograms; a report analyzer
(carp.anlz)
and a table generator
(carp.table),
to produce the final output, which will look something like:
hostname rep date crn dev ftp grp hme is pass
=======================================================
neuromancer 1992_Jan_27 | 1 | | 2 | | 1 | 2 | |
sun 1992_Jan_26 | | | 2 | 2 | 1 | 2 | |
death 1992_Jan_15 | | | | 2 | 1 | 2 | 0 |
The date is the date the cops report was created, the other headers
correspond to the various checks that cops runs;
cron.chk,
ftp.chk,
etc. The number refers to the severity of the most serious warning
from that host on that particular check:
-
0 == a problem that, if exploited, can gain root access almost instantly
for an intruder.
-
1 == a serious security problem, such as a guessed password.
-
2 == a possibly serious security problem, but one that is difficult
to analyze via a mere program. Look at the problems in question,
and decide for yourself.
Blanks mean that no problem was found (*not* that no problem exists!)
All of these numbers are in the
carp.anlz
program (see the comments at the top of that file); they can be modified
to best suit your needs... and, of course, you should look at the actual
cops report for more information on the specific problems encountered.
options are:
- -x
-
Output the path to the result file so that
xcarp
will be able to find the specific host COPS report information.
In addition, there are two sister tools that can be used in conjunction
with
carp
-- an X previewer (
xcarp;
note that
xcarp
will only work if the "-x" flag is used when running
carp),
and a filter
(carp2ps)
that will generate postscript code suitable for printing (or framing,
I guess.)
SEE ALSO
carp.anlz(1) carp2ps(1) xcarp(vaporware right now; soon to exist)
BUGS
carp
dies silently and horribly if the "-v" option wasn't used to generate
the COPS reports.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- SEE ALSO
-
- BUGS
-
This document was created by
man2html,
using the manual pages.
Time: 23:44:36 GMT, February 06, 2023