Audit Unix
Information Security
Englėsh   Franįais   Espaņol   Deutsch   Russian   Japanese   Chinese
About Chris Tools and Downloads Presentations, Instructions, and Booklets Contact Support
Linux, Solaris, HP-UX, and AIX Unix Security Analysis Tool
Unix Security Analyzer Tool Downloads
Download configuration extractor and analyzer
This tool has two parts:
  1. The Unix configuration extractor is a script that runs on the server to extract necessary security configurations. This script doesn't make any changes to the server other than creating the dump files

    System Requirements:
    Any computer AIX, HP-UX, Solaris, or Linux

    Download Extract Script version 4 (2007-10-21).

  2. The Unix configuration analysis tool runs on your workstation to analyze the information extrated by the script. Since most IT Security auditors use Windows workstations, the analyzer runs on Windows.

    System Requirements:
    Windows Vista, XP, 7, 8, NT4, 2000, 2003, 2008, or 2012. With .net 2.0
    Please note: The program will install the .net Framework 2.0 if not already installed.
    512MB RAM required, 1GB+ recommended.

    Download Analyzer version 2.1 for .net 2.0 (2013-02-26).

  1. Download the Extract Script and Analyzer
  2. Have the system administrator of the server in question copy the extract script into a new blank directory, review and run the script (the script is a plain batch file to assure administrators that it won't harm their production servers)
  3. Note that the extraction script is designed for many flavours of Unix. As such, it produces many file not found errors as it runs. This is normal and does not indicate any problems.
  4. Install/run the analyzer tool onto a separate workstation
  5. If you encounter an error while installing a new version of the application, do the following:
    1. Click Start
    2. Click Control Panel
    3. Click Add/Remove programs
    4. Scroll Down and Click Unix Analyzer
    5. Select Remove the application from this computer and click OK
    6. Reinstall the analyzer by downloading it again
  6. once the script runs, copy the generated files to the analysis workstation. If sending to an auditor, I recommend compressing and encrypting the folder in which the script was executed.
  7. In the Analyzer, click the "Browse" button and select the directory that contains the dump files. The analysis will happen automatically.

How does the program send optional anonymous statistic contributions?
The analyzer program sends the anonymous statistics through an SSL Connection. The analyzer does not send information that may identify the analyzed computer.

Can I prevent the program from sending anonymous statistics?
Yes, uncheck the checkbox beside "Compare results to common practice (sends anonymous statistics to web server)" on the Options tab. Please note, however, that disabling this option will prevent the analyzer from comparing your results to common practice.

When and why does the program access the Internet?
The program accesses the Internet three times:
  • When the program starts, it checks for updates in the background. If an update is available, the next time the program starts, it will ask you if you want to update.
  • If comparing results to common practice is enabled, anonymous statistics are sent to the web server, which will return a comparison of the analyzed results to common practice. All of these communications are encrypted through SSL encryption
  • After clicking "more info" beside test results, the program will download help pages from the web server into the "Help" tab.

    Is this program really free?
    Yes. I wrote this program to help automate my Windows security analysis and to understand industry practice. The program tests the target computer's configuration against industry best practice. However, would like to better understand industry common practice. I hope that the optional anonymous statistics contribution system will provide a means to rate configurations against common industry practice in addition to the best practice. Starting with the December 2006 edition, the analyzer will rate your configuration against the common practice.

    How do you make money?
    I audit IT controls. I created this tool to make my job easier and to help put controls into perspective for clients. To help to pay for this website, I have also added Google ads to the pages on this site.

    Unix security analysis features

    Please note that some of the following features are only reported on operating systems that support them.
  • Save results to Excel
  • Comprehensive help on test results to provide background risk information
  • Operating System version more info
  • Failed user logon attepts more info
  • HP-UX TCB Failed Logon attepts from a terminal more info
  • Syslog failed logon attempt reporting
  • Null Passwords more info
  • Password Length more info
  • Minimum password age more info
  • Maximum password age more info
  • Dictionary list more info
  • Password reuse count more info
  • Password reuse time more info
  • Password composition limitations
  • Inactive account lockout thresholds more info
  • Root-specific password limitations
  • Telnet banner
  • FTP banner
  • Pre-login (issue) banner more info
  • Post-login (message of the day) banner more info
  • Banner set through Herald more info
  • Sendmail greeting displaying version information
  • List files that run as root (SUID) more info
  • List files that run with group permissions
  • List files that may be difficult to delete
  • Files with world-writable permissions more info
  • Files with world read, write, and execute (777) permissions more info
  • Files without a user owner more info
  • Files without a group owner more info
  • Hidden files more info
  • Accounts without passwords more info
  • HP-UX TCB Accounts without passwords more info
  • Server configuration to force password use more info
  • Restrictions to prevent root from logging in remotely more info
  • Bootp
  • Chargen
  • Daytime
  • Discard
  • Echo
  • Finger
  • FTP
  • Netstat
  • RCP
  • rexec
  • rlogin
  • rquota
  • rsh
  • rstat
  • rusers
  • rwall
  • spray
  • talk
  • telnet
  • tftp
  • time
  • DNS Server
  • DHCP Server
  • SNMP
  • Process Accounting
  • Network Tracing and Logging (NETTL)
  • Automatic saving of hardware logs (PDCINFO)
  • Auditing
  • NIS+ Server
  • NIS Master Server
  • NIS Slave Server
  • NIS Client
  • NIS+ Client
  • Password/group caching/hashing daemon (PWGRD) with NIS
  • Password/group caching/hashing daemon (PWGRD)
  • Apache Server
  • Sendmail Server
  • Web Administration Server
  • APC UPS Powerchute
  • SU logging more info
  • and more...

    2072 visitors have downloaded the Unix Analyzer directly from this site and reviewed at least 2602 Unix servers.
  • New
    Active Directory Date Converter

    Unix Timestamp Date Converter

    Unix Security Analyzer

    Windows Security Analyzer

    NIST SP 800-63 password policy compliance checker

    News: ThreatPost
    Threatpost | The first stop for security news

    IRS Hack Exposes 100,000 Taxpayer Records

    POS Malware Nitlove Seen Spreading Through Spam Campaign

    Researchers Exploit Patched Windows Group Policy Bug

    Exploit Kit Using CSRF to Redirect SOHO Router DNS Settings

    News: SecurityFocus
    News: Change in Focus

    News: Twitter attacker had proper credentials

    News: PhotoDNA scans images for child abuse

    News: Conficker data highlights infected networks

    Brief: Google offers bounty on browser bugs

    News: CNN
    Is it the future of news?

    Technology will make humans rise

    U.S. Air Force confirms targeted EMP

    The invention that changed music forever

    This table sucks up heat to lower your AC bills

    Mesothelioma Survival