
SARA Self Scan

The SARA Self Scan capability provides a secure and convenient method for 
hosts to scan themsleves.  For example, at one of our installations, the 
SSS is incorporated in the bootup scrips of over 3,000 Windows and Unix 
workstations/servers.  The results of the scan are logged into syslogd.  
At another installation, the interactive facilities of SSS are used by 
the user community to verify their INFOSEC configuration.  The results 
are mailed directly to the user. 

The SARA Support Scanner (SSS) agent enables remote execution through a
Web Server.  There are two modes of operation.  They are:

  o Self Scan:  Place the sss.html under your web deocuments (e.g.htdocs).
                Place sss.cgi under a cgi-bin/sss directory.  Be sure that
                sss.cgi has the same permissions as other cgi scripts.
                Protect this directory with .htaccess so limit access to your
                subnets.  If you don't know what this means, DO NO USE THIS!!
                The make or perl reconfig should build two pseudo named pipes 
		in the tmp directory (sara-in and sara-out).  They should have 
		the same owner as the Web pages on the system.  They should 
		have 700 permissions.  If this is not the case, type 'perl 
		reconfig' and see if they get created or if error messages are 
		generated.

                Addition of sss.organizations file with each line defining an
                organization will change sss/sss.html if you run a 
                'perl reconfig' then 'sss/install'.  A pull down menu will be 
                created in the html document.  Future scans will be placed in
                the selected organization database and will not be deleted
                after scan.

  o Boot Scan:  Configuration is the same as above but the sss.html 
                page is not used.  This facility allows the spawning
                of a SARA scan at a predetermined time (e.g., at bootup).
                Initiation of scan is done through a program such as netcat by
  
	              echo GET /sss/cgi-bin/sss.cgi | netcat -p 80 <sara host>
        	      echo "GET /sss/cgi-bin/sss.cgi | nc -p 80 <sara host>

                You can place in the Windows scheduler or UNIX cron. You can 
		get the netcat binaries from the web.

This is not for inexperienced users.  If these instructions don't make sense,
then don't attempt to install.  You could compromise your host with improper
configuration!
 
