|
Merlin Information
|
|
|
Merlin is a tool for managing other tools -- it can take a powerful
but cryptic command-line tool and provide it with an easy-to-use
interface. Here are some of Merlin's features:
- Utilization of Netscape 1.1: Provides a well-known
interface and close integration with the vast information resources
available via the Internet.
- Standard support for several popular security analysis
tools: Comes with support for COPS 1.04, TAMU Tiger 2.2.3, Crack
4.1, Tripwire 1.2, and SPI 3.2.2 (for DOE, DOD and their contractors
only).
- Plug-and-play style of tool support: Can be easily extended
to support any command-line oriented tool which sends information to
the standard output. All code is written in Perl and is designed for
easy extendability.
- A powerful report browser: Provides the ability to sort
reports based on the type of tool used, the creation date, or the host
where the report is produced.
Since Merlin utilizes an HTTP server, security is an issue. Your data
is protected in several ways:
- Each session utilizes an arbitrary free socket port.
- The server only accepts requests from the local host.
- All requests to the server must include a "magic cookie" value,
generated by the server at the beginning of each session.
Merlin was designed to be easily extended to support new
tools. Currently Merlin is oriented toward security tools, but in fact
can be used for most any kind of tool.
UCRL-MI-119788
[CIAC Home Page]
[Disclaimer]
Last modified: Friday, 18-Oct-96 17:10:06 PDT
CIAC Web Server / CIAC / webmaster@ciac.llnl.gov