[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#653580: ITP: yasat -- YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.

Le 03/01/2012 21:21, Francisco Manuel Garcia Claramonte a écrit :
> Hi Corentin,
> According to website, YASAT doesn't look to provide any new feature
> than lynis or tiger.
> What are the advantages or differences with Lynis?.


Tiger is old and unmaintened. For example, it warn me that my sha512 shadow password for root "is not using an acceptable password hash".
And said the same for user without password.

Lynis is not really actively developed (2 years without release), YASAT is actively developed.

One of the advantages of YASAT over lynis/tiger is the number of test done:
- 277 for lynis (grepped register in include directory)
- 600 for YASAT (grepped display and relevant data files)

One other advantages of YASAT is that it doesn't just said what is bad or good, it tried to said why and give external links to informations about the report.
Example, YASAT wont just said that file_uploads must be turned off it give also the following link http://phpsec.org/projects/phpsecinfo/tests/file_uploads.html.
Ok, it is not like this for all tests, but it is one of the goal.

I also think YASAT is better architectured (at least for some test)
example: for adding an option in php.ini to be tested, you must copy all test block in lynis and changes some values in it.
In YASAT you have just to add a line in php_conf.data.

One recent advantages is the creation of a shell script for automatic correction of reported problems. (But for the moment this feature is not used by all YASAT parts)

But I am probably one-sided, so for conclude, just test it both and made your opinion.


> Regards,
> El jue, 29-12-2011 a las 14:21 +0000, Corentin LABBE escribió:
>> Package: wnpp
>> Severity: wishlist
>> Owner: Corentin LABBE <corentin.labbe@geomatys.fr>
>> * Package name    : yasat
>>   Version         : 456
>>   Upstream Author : Corentin LABBE <corentin.labbe@geomatys.fr>
>> * URL             : http://yasat.sourceforge.net/
>> * License         : (GPLv3)
>>   Programming Lang: (Shell)
>>   Description     : YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
>>   YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
>>   Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)
>>   Second goal is to document each test with maximum information and links to official documentation.
>>   It do many tests for checking security configuration issue or others good practice.
>>   It checks many software configurations like: Apache, Bind DNS, CUPS, PHP, kernel configuration, mysql, network configuration, openvpn, Packages update, samba, snmpd, squid, syslog, tomcat, user accounting, vsftpd, xinetd

Reply to: