coSARA: Integration of SARA and coLinux

    Introduction

    With an initial release in 1999, The Security Auditor's Security Assistant (SARA) became one of the premier GPL (limited only by Farmer/Weitse reluctance to release SATAN code as full GPL) network vulnerability scanners supporting the INFOSEC community. One of the limitations of SARA is the requirement that it operate on a Unix/Linux platform.

    Coperative Linux (colinux) provides a cooperative virtual Linux environment on Windows 200* and XP systems. The coLinux environment appears to live peacefully with Windows for most applications.

    Advanced Research Corporation (ARC), the developer of SARA, has integratd SARA into the coLinux infrastructure which has yielded a portable SARA capability that can operate under Windows, Unix, and Linux operating systems!

    This effort would not be possible without the encouragement and support from the National Cancer Institute (NCI) of the National Institutes of Health (NIH).

    Installation

    The coSARA package (denoted as SARA [coLinux]) comprises of the following elements:

    • The SARA binary (sara_fs.bz2)

    • The coLinux binaries (colinux)

    • The root filesystem which contains either:
      • Debian-T distribution: a test based Debian root filesystem (Debian-T.bz2)
      • Debian-X distribution: a X11 based Debian root filesystem (Debian-Z.bz2)

    • VNC client: A Windows-based GUI that accesses Debian-X objects

      The installation program can be found at:

        http://www-arc.com/sara/downloads/cosara-x.y.z.exe (e.g., cosara-6.0.1.exe)

      Once downloaded, go to the directory where it was downloaded and type( using the example above):

        coSARA-6.0.1.exe

      a. This will start the setup program which will present the following:

      b. The next screen shows the License Agreement. For all products, except the SARA core (based on Farmar/Wietse SATAN product), everything is GPL. SATAN stuff is stubbornly not GPL.

      c. If this is a first time installation, all items should be checked. Subsequent installations will drive what options should be selected.

      d. We strongly encourage you to select the default installation path. If you select something different, you will have to edit the *.lnk and *.xml files. Suggstion! Pick the default!

      e. You are prompted to pick a filesystem for coLinux. If this is your first time, pick the "Text-based Debian" for low bandwidth environments and "X11-based Debian for higher bandwidths.

      f. Be patient! Even with broadband links it may take 10 minutes to load 'Text-based Debian' and 60 minutes for the GUI X11-based Debian.

      g. Microsoft will protest, but it should normally be OK to say "Continue Anyway".

      You should now have coSARA installed in c:\Program Files\coSARA. However, we are not done yet.

      coSARA relies on the TAP ethernet driver which has been installed in the above installation process. However, this interface adaptor must be connected to the real adaptor via Microsoft's Internet Connection Sharing (ICS). You can do this by selecting "Network Connections" from your "Control Panel".

      In the example above, the Wireless adaptor is the one connecting our system to the Internet. By clicking on this entry, clicking on "Properties" and then selecting the Advanced tab, the ICS option is visible. To activate ICS, click on the check box and select the "TAP" adaptor in the select box titled "Home networking connection". Aso, you might want to confirm that the IP address on your TAP adaptor is set to 192.168.0.1

      OK, now its time to bring up coLinux! Go to "c:\Program Files\coSARA" and click on the coLinux icon. If you changed the defaut installation path, then this will not work until you change the properties of the coLinux shortcut (and the VNC shortcut if you are going to use the GUI features of the X1-Debian installation.

      You will see normal Unix stuff scroll on the coLinux window. For this example, there was a problem with the network connection between TAP and the Internet adaptor as reported. The coLinux session then provides you the default root password.. Log on as root using that password. Change it immediately!

      For text based operations (i.e., you loaded the Debian-T filesystem), change the current directory to "/usr/local/sara" and then start SARA by typing:

          cd /usr/local/src
          perl reconfig       # You only have to do this once
          ./sara
          

      The SARA start-up page will be presented through the Lynx browser. Though this is more cumbersome than a full featured browser, all SARA features are available.

      If you loaded X11-Debian, then a full GUI environment is available. Start coLinux as before, but once you get to the login prompt, click on the VNC client under C:\Program Files\coSARA". You will be prompted for a VNC password (use the same password as you used for the root login). You should then be presented a full KDE GUI environment. Go to the sara directory, then type ./sara as before.

      If every goes OK, ou should see the stndard SARA screen. Run SARA as you normally would. Check the "Documentation" link for details on SARA.