HnTool
------
What is it?
~~~~~~~~~~~
HnTool is an open source (GPLv2) hardening tool for Unix. It scans your system for
vulnerabilities or problems in configuration files allowing you to get a quick
overview of the security status of your system.
To use HnTool download it and run: ::
# ./hntool
Supported systems
~~~~~~~~~~~~~~~~~
HnTool was already tested and is working on:
* Arch Linux
* CentOS
* Debian
* Fedora
* Gentoo
* Ubuntu
If you are using HnTool on a system that is not listed above, please, let us know.
How to install
~~~~~~~~~~~~~~
To install HnTool run the following command, as root: ::
# python setup.py install --prefix /usr/ --root /
How to use
~~~~~~~~~~
Run HnTool with: ::
# ./hntool
You can also see the hntool(1) manual by typing 'man hntool' at the command line
or see the usage help: ::
$ hntool -h
Understanding the output
~~~~~~~~~~~~~~~~~~~~~~~~
There are 5 types of results:
* OK :
Means that the item checked is fine and that you do not need to worry
* INFO:
Means that you should know the item status, but probably it is fine. A port
opened, for example.
* LOW:
Means that a security problem was found, but it does not provides a high risk
for your system.
* MEDIUM:
Things are getting worse and you should start to worry about these itens.
* HIGH:
You have an important security hole/problem on your system and you
should fix it NOW or run and save your life.
How can I help?
~~~~~~~~~~~~~~~
There are several ways that you can contribute and help HnTool's development.
You can contribute with code, patchs, bugs and feature requests.
To report a bug or a feature request for HnTool, file a issue in our Google Code
page: http://code.google.com/p/hntool/
If you're reporting a bug, please give concrete examples of how and where the
problem occurs.
If you've a patch (fixing a bug or a new HnTool module), then you can file an
issue on Google Code too: http://code.google.com/p/hntool/issues/list
HnTool's source is available on:
http://code.google.com/p/hntool/
How to create a module
~~~~~~~~~~~~~~~~~~~~~~
This section documents the innards of HnTool and specifies how to create
a new module.
The main HnTool program (hntool.py) runs a list of rules defined in __files__
and __services__.
* __files__ :
defines the rules which process simple files and configs.
* __services__ :
defines the rules which checks the security on services and
daemons.
Once your module is finalized, remember to add it to the appropriate array
(__files__ or __services__) defined in hntool/__init__.py
A sample HnTool module is like this (hntool/ssh.py): ::
import os
class rule:
def short_name(self):
return "ssh"
def long_name(self):
return "Checks security problems on sshd config file"
def __init__(self, options):
pass
def analyze(self, options):
check_results = {'ok': [], 'low': [], 'medium': [], 'high': [], 'info': []}
ssh_conf_file = ['/etc/ssh/sshd_config', '/etc/sshd_config']
for sshd_conf in ssh_conf_file:
if os.path.isfile(sshd_conf):
try:
fp = open(sshd_conf,'r')
except IOError, (errno, strerror):
check_results['info'].append('Could not open %s: %s' % (sshd_conf, strerror))
continue
lines = [x.strip('\n') for x in fp.readlines()]
# Checking if SSH is using the default port
if 'Port 22' in lines or '#Port 22' in lines:
check_results['low'].append('SSH is using the default port')
else:
check_results['ok'].append('SSH is not using the default port')
# Closing the sshd_config file
fp.close()
return check_results
def type(self):
return "files"
Mostly, the code is self-explanatory. The following are the list of the methods
that each HnTool module must have:
* short_name(self)
Returns a string containing a short name of the module. Usually,this is the
same as the basename of the module file.
* long_name(self)
Returns a string containing a concise description of the module. This
description is used when listing all the rules using hntool -l.
* analyze(self)
Should return a list comprising in turn of five lists: ok, low, medium,
high and info.
* type(self)
"files" for a module processing simple files and configs
"services" for a module processing services and daemons
