
SARA Self Scan

The SARA Self Scan capability provides a secure and convenient method for 
hosts to scan themsleves.  For example, at one of our installations, the 
SSS is incorporated in the bootup scrips of over 3,000 Windows and Unix 
workstations/servers.  The results of the scan are logged into syslogd.  
At another installation, the interactive facilities of SSS are used by 
the user community to verify their INFOSEC configuration.  The results 
are mailed directly to the user. 

The SARA Support Scanner (SSS) agent enables remote execution through a
Web Server.  There are two modes of operation.  They are:

  o Self Scan:  Place the sss.html, lighthouse.gif, and sara.gif under 
                your web deocuments (e.g.htdocs). Place sss.cgi under 
                cgi-bin/sss directory.  Also, put a copy of fping (from 
                the bin directory) into cgi-bin/sss. Be sure that sss.cgi 
                and fping have the same permissions as other cgi scripts 
                except that the setuid permission must be set on fping 
                (e.g., chmod u+s fping).  A script, sss/install will do this
                for you, but you must specify in the script where your root
                web directories are.

                Protect this directory with .htaccess so limit access to your
                subnets.  If you don't know what this means, DO NO USE THIS!!
                The make or perl reconfig should build two pseudo named pipes 
		in the tmp directory (sara-in and sara-out).  They should have 
		the same owner as the Web pages on the system.  They should 
		have 700 permissions.  If this is not the case, type 'perl 
		reconfig' and see if they get created or if error messages are 
		generated.

                Addition of sss.organizations file with each line defining an
                organization will change sss/sss.html if you run a 
                'perl reconfig' then 'sss/install'.  A pull down menu will be 
                created in the html document.  Future scans will be placed in
                the selected organization database and will not be deleted
                after scan.

  o Boot Scan:  Configuration is the same as above but the sss.html 
                page is not used.  This facility allows the spawning
                of a SARA scan at a predetermined time (e.g., at bootup).
                Initiation of scan is done through a program such as netcat by
  
	              echo GET /cgi-bin/sss/sss.cgi | netcat -p 80 <sara host>
        	      echo GET /cgi-bin/sss/sss.cgi | nc -p 80 <sara host>

                You can place in the Windows scheduler or UNIX cron. You can 
		get the netcat binaries from the web.

In both cases, sss.pl must be running in the background.  You can execute 
sss.pl in a startup script, or simply execute the following command from the
sara root directory:

   nohup perl sss/sss.pl > /sss.txt &

This is not for inexperienced users.  If these instructions don't make sense,
then don't attempt to install.  You could compromise your host with improper
configuration!
 
