Home / Products / Security Audit Analysis Tool for Unix

Send Page

Latest Version

2.1.1

Screenshots

More details

Trial

UNIX, LINUX, SOLARIS, HPUX, AND AIX SECURITY AUDIT ANALYSIS TOOL FOR WINDOWS^®

The Unix Security Analyzer for Windows® has two parts: the Configuration Dump Script and the Analyzer.

The Unix configuration analysis tool runs on your workstation to analyze the information extrated by the script. Since most IT Security auditors use Windows^® workstations, the analyzer runs on Windows^®.

System Requirements:
Windows^® XP, 2000, 2003, or Vista.^® With .net^® 2.0
Please note: The program will install the .net^® Framework 2.0 if not already installed.
512MB RAM required, 1GB+ recommended.
Mac, Solaris, Linux, and UNIX users click here to download Mono, which replaces the .net Framework for non-Windows platforms.

Please Note:
This product runs on Microsoft® Windows®, but was not developed by Microsoft® and is not supported by Microsoft®.

Windows, Windows Vista, Window NT, and the Windows logo are registered trademarks of Microsoft Corporation.

Features
Instructions
F.A.Q.
Case Studies

In addition to the checks listed below, the tool also displays the following useful information:

The full "well-known" name of applications currently communicating over a network

The full "well-known" name of applications waiting for communication partners

Local and Domain groups

Members of built-in groups

Users with security-policy permissions

The following is a list of the current checks:

Please note that some of the following features are only reported on operating systems that support them.

Save results to Excel

Comprehensive help on test results to provide background risk information

Heartbleed OpenSSL vulnerability

Shellshock or BASHdoor BASH vulnerability

Operating System version

Failed user logon attepts

HP-UX TCB Failed Logon attepts from a terminal

Syslog failed logon attempt reporting

Password composition limitations

Inactive account lockout thresholds

Root-specific password limitations

Heartbleed and OpenSSL vulnerabilities

Telnet banner

FTP banner

Pre-login (issue) banner

Post-login (message of the day) banner

Banner set through Herald

Sendmail greeting displaying version information

List files that run as root (SUID)

List files that run with group permissions

List files that may be difficult to delete

Files with world-writable permissions

Files with world read, write, and execute (777) permissions

Files without a user owner

Files without a group owner

Hidden files

Accounts without passwords

HP-UX TCB Accounts without passwords

Server configuration to force password use

Restrictions to prevent root from logging in remotely

Java^®

Bootp

Chargen

Daytime

Discard

Echo

Finger

FTP

Netstat

RCP

rexec

rlogin

rquota

rsh

rstat

rusers

rwall

spray

talk

telnet

tftp

time

DNS Server

DHCP Server

SNMP

Process Accounting

Network Tracing and Logging (NETTL)

Automatic saving of hardware logs (PDCINFO)

Auditing

NIS+ Server

NIS Master Server

NIS Slave Server

NIS Client

NIS+ Client

Password/group caching/hashing daemon (PWGRD) with NIS

Password/group caching/hashing daemon (PWGRD)

Apache Server

Sendmail Server

Web Administration Server

APC UPS Powerchute

SU logging

and more...

Download the Analyzer (a download link will be emailed to you after your purcase)
Open the Analyzer and click the Download Configuration Extraction Script button to download the extraction script.
Have the system administrator of the server in question copy the extract script into a new blank directory, review and run the script (the script is a plain batch file to assure administrators that it won't harm their production servers)
Note that the extraction script is designed for many flavours of Unix. As such, it produces many file not found errors as it runs. This is normal and does not indicate any problems.
Install/run the analyzer tool onto a separate workstation
If you encounter an error while installing a new version of the application, do the following:
1. Click Start
2. Click Control Panel
3. Click Add/Remove programs
4. Scroll Down and Click Unix Analyzer
5. Select Remove the application from this computer and click OK
6. Reinstall the analyzer by downloading it again
once the script runs, copy the generated files to the analysis workstation. If sending to an auditor, I recommend compressing and encrypting the folder in which the script was executed.
In the Analyzer, click the "Browse" button and select the directory that contains the dump files. The analysis will happen automatically.

How does the program send optional anonymous statistic contributions?
The analyzer program sends the anonymous statistics through a 1024-bit SSL Connection. The analyzer does not send information that may identify the analyzed computer.

Can I prevent the program from sending anonymous statistics?
Yes, uncheck the checkbox beside "Compare results to common practice (sends anonymous statistics to web server)" on the Options tab. Please note, however, that disabling this option will prevent the analyzer from comparing your results to common practice.

When and why does the program access the Internet?
The program accesses the Internet three times:
When the program starts, it checks for updates in the background. If an update is available, the next time the program starts, it will ask you if you want to update.
If comparing results to common practice is enabled, anonymous statistics are sent to the web server, which will return a comparison of the analyzed results to common practice. All of these communications are encrypted through 1024-bit SSL encryption

After clicking "more info" beside test results, the program will download help pages from the web server into the "Help" tab.

In 2007, a Fortune 50 conglomerate’s corporate Internal Audit department completed a value stream mapping analysis after replacing manual server review processes with the ThreeShield™ Unix Security Analyzer Tool for Windows®. The analysis found that the ThreeShield™ tools automated 100% of the audit department’s data gathering (which previously took five days of lead time). The tools also reduced server testing by 66%, saving an average of 16 hours of work per domain plus 2.3 additional hours of testing per server.

The study also found that manual server security analysis time is linear (i.e. if one server takes 2.3 hours to review, two servers take 4.6 hours). However, ThreeShield™ tools add efficiency with easy-to-follow reports, so two servers take almost as little time to review as one server.

The month after the department implemented the ThreeShield™ tools, they were able to avoid trips from Connecticut to England and Chile. These avoided travel and entertainment expenses easily recovered the cost of a site license. The audit department also reported that they were able to identify far more control weaknesses than in the past – and report them a week earlier than was possible before implementing the tools!

Windows, Windows Vista, Window NT, and the Windows logo are registered trademarks of Microsoft Corporation. HP-UX is a trademark of Hewlett-Packard Company. AIX is a trademark of the IBM Corporation. Sun, Java, Solaris, and logos that contain Sun, Solaris, or Java are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries.

Home | About ThreeShield | Products & Services | Support | Contact Us

UNIX, LINUX, SOLARIS, HPUX, AND AIX SECURITY AUDIT ANALYSIS TOOL FOR WINDOWS®

UNIX, LINUX, SOLARIS, HPUX, AND AIX SECURITY AUDIT ANALYSIS TOOL FOR WINDOWS^®