Technical Library

MSG Home

Security Administrator's Tool for Analyzing Networks (SATAN) is a program which is capable of finding a variety of security problems on networked computers. None of the things SATAN probes for are new and previously undocumented; all have been widely publicized and patches for them are available.

Many Internet ftp sites have SATAN available for downloading, but some sites are better than others. It is best to download it from one of the major university or government ftp sites.

There have been rumors about hackers adding trojan horse features in some copies of SATAN. To avoid this problem, checksums of the SATAN package have been calculated and posted on certain reputable Web sites such as the one that CERT maintains. To ensure that you are installing a clean version, it is recommended that you verify your package using these checksums (performing this task will be described later on in this manual).

The latest release of SATAN is 1.1.1. Here is a list of recommended sites from which to download SATAN:

ftp://ciac.llnl.gov/pub/ciac/sectools/unix/satan/
ftp://ftp.mcs.anl.gov/pub/security/
ftp://ftp.net.ohio-state.edu/pub/security/satan/
ftp://sunsite.unc.edu/pub/packages/security/
More SATAN sites

The file to download is satan-1.1.1.tar.Z. It can be downloaded using a Web Browser or via anonymous ftp. If you use ftp, make sure you set your client to type image (or binary) before copying the file.

Here is the MD5 signature generated by CERT to ascertain whether you have a valid copy of SATAN 1.1.1:

This signature may be used in place of the checksums. The official signatures are posted at:

Referred to the official signatures when performing this verification task.

How to calculate the checksums/MD5 signature

Download the MD5 program. A good place to do this from is qiclab.scn.rain.com located in /pub/security/checksum. Alternatively, you could do an Archie search for MD5 and get the program that way. Because of the function that the MD5 program performs, it should be downloaded from a reputable internet site.

Upon compiling MD5 for the first time, you should create an MD5 signature of the MD5 program itself and store that signature in a safe place. If the reliability of your MD5 program should ever come into question, you will have that original signature to refer back to. Since MD5 is designed to warn of possible tampering, it would only make sense that a hacker might try to tamper with MD5 itself. As with SATAN, the signature for the MD5 binary is available from various security organizations in order to ensure that yours is a clean copy.

If you are an accomplished shell script programmer, you may also use checksums to check your pertinent files. Shell scripts have the added benefit of flexibility, which means a more custom approach to the problem of verification is possible. You may want to automate the job of checking various files throughout your system--shell scripts are an easy way to do this.

Writing these scripts is outside of the scope of this manual, but there are many good books on the subject. One efficient means for doing this is to use Perl, which has built in functions to calculate checksums (one is called unpack()).

Uncompressing and compiling SATAN

SATAN is just like any other program you would download off the internet. It is tarred and compressed using the standard UNIX tools.

First, place the satan-1.1.1.tar.Z file in the directory where you want it to create its subdirectory.

Uncompress SATAN with the uncompress command, then de-tar it using the tar -xvf command.

SATAN's source code is now installed in a subdirectory entitled satan-1.1.1. There is a README file in that directory which explains how to configure and compile SATAN on your system. This file lists which systems SATAN has successfully been compiled and run on.

For SunOS 4.1.3_U1, this process was very straightforward and required little intervention. Using the GNU C compiler (gcc 2.7.0 is the latest at the time this is being written) is highly recommended. If you follow the instructions in the README file, compiling SATAN shouldn't pose much of a problem, as long as your particular system is on the list of supported systems.

Running SATAN

You should add the location of SATAN's executable file to your search path or move the binary into a directory already in the path.

Make sure the appropriate protections are set on the file. SATAN can be run by non-privileged users, though leaving them access may not be a wise choice. You must decide what level of protection is necessary at your site.

To run SATAN, just type satan. Note: You must be using an X-Window interface; SATAN will not run via a serial terminal.

If all goes well, your Web Browser will appear and the morose caricature of SATAN will be staring you in the face.

The program, with its HTML interface, is very straightforward, and there is plenty of online help available. You may scan one host, or an entire range of hosts, and choose whether or not to log these scans.