Adeos

Adeos

Adeos (named after the obscure Roman goddess of modesty) is an automated filesystem security scanner. It recursively walks all mounted filesystems on the local system and attempts to identify common security concerns such as SUID and world-writeable files.

The output is available as text or html, with either output type formatted in either report or list style. Text is written to stdout and may be redirected to a file, while HTML is written to a file named results.html in the local directory.

Adeos should compile and run on almost any UNIX-type system. It has been tested on Sun Solaris and Linux 2.x.

Download
adeos-1.0.tar.gz
adeos-1.0.tar.bz2
adeos-1.0.zip

Installation
Adeos uses the GNU autoconf system for compilation and configuration. After you download and uncompress Adeos, run the configure script and then make.

[lamont@chowdah ~]$ tar zxfv adeos-1.0.tar.gz
adeos-1.0/
adeos-1.0/adeos.c
adeos-1.0/INSTALL
adeos-1.0/Makefile.in
adeos-1.0/configure
adeos-1.0/CHANGELOG
adeos-1.0/configure.in
adeos-1.0/README
adeos-1.0/install-sh
[lamont@chowdah ~]$ cd adeos-1.0
[lamont@chowdah adeos-1.0]$ ./configure
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for executable suffix...
checking for object suffix... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for a BSD compatible install... /usr/bin/install -c
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for unistd.h... yes
checking for gcc option to accept ANSI C... none needed
checking for an ANSI C-conforming const... yes
checking for stdlib.h... (cached) yes
checking for working malloc... yes
configure: creating ./config.status
config.status: creating Makefile
[lamont@chowdah adeos-1.0]$ make
gcc -g -O2 -o adeos adeos.c

After the build has completed, the adeos binary will be left in the build directory.

Using Adeos
Adeos must be run from a non-priveleged user account on the system. Since a priveleged account, such as root has much greater priveleges than a standard user, the results would be meaningless.

Adeos supports three scan modes: normal, verbose, and paranoid. A brief description of what each looks for is below.

normal: Set-User-ID (SUID) files, Set-Group-ID (SGID) files, world-writeable files, and world-writeable directories. (Default mode)
verbose: Everything that a Normal scan looks for, "Sticky" files, unreadable directories, and inaccessible files.
paranoid: Everything Normal and Verbose scans look for, world-readable files, world-executable files, world-readable directories, and world-executable directories.

Adeos supports the following command-line options. Note that if you want to use multiple options you must specify each one individually.

-d Include dynamic directories (/dev /devices /proc /tmp) in the scan.
-h Place output in an HTML file named results.html
-r Format output as a collated report.
--help Display usage and help information.

A default Adeos run performs a Normal mode scan with list-formatted text output.

[lamont@chowdah adeos-1.0]$ ./adeos

Example output for this command

This run will perform a Verbose mode scan with report-formatted text output.

[lamont@chowdah adeos-1.0]$ ./adeos -r verbose

Example output for this command

This run will perform a Verbose mode scan with list-formatted HTML output.

[lamont@chowdah adeos-1.0]$ ./adeos -h verbose

Example output for this command

This last run will perform a Normal mode scan with report-formatted HTML output.

[lamont@chowdah adeos-1.0]$ ./adeos -r -h

Example output for this command

Notes

For obvious reasons, Adeos can thrash a system's disks while it's running. It's recommended that you not run Adeos during times when disk activity is critical, such as during backups or large database updates.
When report-style formatting is specified, Adeos stores its results in system memory so they can be collated. Paranoid mode generates such a large amount of data that it's very possible for Adeos to use its memory allotment and cause a bus error or a segmentation fault. For this reason, it's not recommended to specify report-style formatting when you are running Adeos in paranoid mode.
This is important enough it's worth repeating: Adeos should be run from a standard non-priveleged user account on the system. If it's run from a priveleged account such as root the results will be meaningless.

Michael's Homepage WKU-Linux