Re: Bug#653580: ITP: yasat -- YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.

To: "corentin.labbe" <corentin.labbe@geomatys.fr>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#653580: ITP: yasat -- YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
From: Francisco Manuel Garcia Claramonte <francisco@debian.org>
Date: Wed, 04 Jan 2012 13:42:33 +0100
Message-id: <[🔎] 1325680953.4243.7.camel@fgc.Belkin>
Reply-to: francisco@debian.org
In-reply-to: <[🔎] 4F042260.8060000@geomatys.fr>
References: <20111229144146.318.68047.reportbug@localhost> <[🔎] 1325622087.3343.10.camel@debian.org> <[🔎] 4F042260.8060000@geomatys.fr>

El mié, 04-01-2012 a las 10:56 +0100, corentin.labbe escribió:
> Le 03/01/2012 21:21, Francisco Manuel Garcia Claramonte a écrit :
> > Hi Corentin,
> > 
> > According to website, YASAT doesn't look to provide any new feature
> > than lynis or tiger.
> > What are the advantages or differences with Lynis?.
> 
> Hello

Hi Corentin,
First of all thank you for your fast answer.

> 
> Tiger is old and unmaintened. For example, it warn me that my sha512 shadow password for root "is not using an acceptable password hash".
> And said the same for user without password.
> 
> Lynis is not really actively developed (2 years without release), 

Recently It was released the new upstream version 3.0.0. 
Now I am working on packaging it.


> YASAT is actively developed.
> 
It is Ok.


> One of the advantages of YASAT over lynis/tiger is the number of test done:
> - 277 for lynis (grepped register in include directory)

I count 307,
grep "Register --test-no" /usr/share/lynis/include/* | wc -l

(I'll review it).

> - 600 for YASAT (grepped display and relevant data files)
> 

> One other advantages of YASAT is that it doesn't just said what is bad or good, it tried to said why and give external links to informations about the report.
> Example, YASAT wont just said that file_uploads must be turned off it give also the following link http://phpsec.org/projects/phpsecinfo/tests/file_uploads.html.
> Ok, it is not like this for all tests, but it is one of the goal.
> 
> I also think YASAT is better architectured (at least for some test)
> example: for adding an option in php.ini to be tested, you must copy all test block in lynis and changes some values in it.
> In YASAT you have just to add a line in php_conf.data.
> 
> One recent advantages is the creation of a shell script for automatic correction of reported problems. (But for the moment this feature is not used by all YASAT parts)
> 
> But I am probably one-sided, so for conclude, just test it both and made your opinion.
> 

It looks a good audit tool. I am going to try with it. 
Thank you.

Regards,

> Regards,
> 
> > 

-- 
Francisco M. García Claramonte 
Debian GNU/Linux Developer   <francisco@debian.org>
GPG: public key ID 556ABA51
http://people.debian.org/~francisco/

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Re: Bug#653580: ITP: yasat -- YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
  - From: Francisco Manuel Garcia Claramonte <francisco@debian.org>
- Re: Bug#653580: ITP: yasat -- YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
  - From: "corentin.labbe" <corentin.labbe@geomatys.fr>

Prev by Date: Re: Packaging best practice when upstream git contains more directory levels than the upstream tarball?
Next by Date: Re: Bug#644788: Bug#654116: RFH: screen -- terminal multiplexor with VT100/ANSI terminal emulation
Previous by thread: Re: Bug#653580: ITP: yasat -- YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
Next by thread: Bug#654532: ITP: luasseq -- LuaLaTeX package for drawing spectral sequences.
Index(es):
- Date
- Thread