[SARA IMAGE]Getting started


What you need to do to run SARA even if you don't want to read documentation

In a nutshell, all you really have to do is type make, edit the configuration file (config/sara.cf) if desired, and then run SARA; to use the HTML interface to run SARA you may simply type sara, then use SARA Target selection to choose a target. To run SARA from the command line you would type something like sara victim.com.

Remember - you should run SARA as "root"!

After the probe is done, you can then go into the HTML interface (again, just type sara), go to the SARA Reporting & Data Analysis section. Look at the Vulnerabilities section first, then examine the other methods (Information and Trust).

One important caveat!

Remember, if you have the tcpd wrappers or some other mechanism that does a reverse finger, turn off that feature before running SARA! There is a reasonable chance that someone else out on the network will have the same feature turned on, and you do NOT want to enter into a "finger war" or infinite loop of fingers going back and forth between you and your targets, each of you slowly getting buried in mail and/or logs. Make sure to turn it back on after finishing the data collection, of course!

Getting and compiling all those programs if you don't have them already

You'll need perl5 (see system requirements) as well as a C compiler to get SARA running properly. To compile and prepare SARA, look at the first section of the SARA tutorial.

What are all the files for?

SARA creates and uses quite a few files, but a user typically only has to really be concerned with one - the configuration file, (config/sara.cf.) Besides the program files that actually run SARA, the following files are read or generated by SARA:
  1. bin/* These are the programs that SARA depends on for data acquisition.
  2. config/* Configuration files that SARA need to find other programs, and for default settings.
  3. html/*. All of these files are either html pages or perl programs to generate the pages for the user interface.
  4. perl/* Code modules used by either SARA or by the data acquisition tools.
  5. results/database-name. SARA databases. Each database is made up of three files:
    1. all-hosts. This is a list of all the hosts that SARA found out about during the scan, including hosts that it never touched.
    2. facts. This is a list of all the output records emitted by the *.sara tools. These records are what gets processed by SARA to generate the reports.
    3. todo. This lists all the hosts and probes that SARA actually ran against the hosts. With this table, SARA knows what probes it can skip when you scan the hosts again.
  6. rules/*. The rules that SARA uses to assess the situation and infer facts from the existing information. Extremely flexible (simply perl code that is interpreted), this is one of the most powerful features of SARA. See the rules section for more.
  7. src/* The source code to some of the SARA support programs.

Back to the Introductory TOC/Index