coSARA: Integration of SARA and coLinux

    Introduction

    With an initial release in 1999, The Security Auditor's Security Assistant (SARA) became one of the premier GPL (limited only by Farmer/Weitse reluctance to release SATAN code as full GPL) network vulnerability scanners supporting the INFOSEC community. One of the limitations of SARA is the requirement that it operate on a Unix/Linux platform.

    Coperative Linux (colinux) provides a cooperative virtual Linux environment on Windows 200* and XP systems. The coLinux environment appears to live peacefully with Windows for most applications.

    Advanced Research Corporation (ARC), the developer of SARA, has integratd SARA into the coLinux infrastructure which has yielded a portable SARA capability that can operate under Windows, Unix, and Linux operating systems!

    This effort would not be possible without the encouragement and support from the National Cancer Institute (NCI) of the National Institutes of Health (NIH).

    Installation

    The coSARA package (denoted as SARA [coLinux]) comprises of the following elements:

    • The SARA binary (sara_fs.bz2)

    • The coLinux binaries (colinux)

    • Links to a Debian root filesystem (Debian.bz2) which can be configured for:
      • Debian-T distribution: a test based Debian root filesystem
      • Debian-X distribution: a X11 based Debian root filesystem

    • VNC client: A Windows-based GUI that accesses Debian-X objects

      The installation program can be found at:

        http://www-arc.com/sara/downloads/cosara/cosara-x.y.z.exe (e.g., cosara-6.0.2.exe)

      Once downloaded, go to the directory where it was downloaded and type( using the example above):

        coSARA-6.0.2.exe

      a. This will start the setup program which will present the following:

      b. The next screen shows the License Agreement. For all products, except the SARA core (based on Farmar/Wietse SATAN product), everything is GPL. SATAN stuff is stubbornly not GPL.

      c. If this is a first time installation, all items should be checked. Subsequent installations will drive what options should be selected.

      d. We strongly encourage you to select the default installation path. If you select something different, you will have to edit the *.lnk and *.xml files. Suggstion! Pick the default!

      e. You are prompted to pick the filesystem for coLinux. This and future versions of coSARA will load a basic filesystem. Once the filesystem is entered, it will prompt you to either download the X11 or text based components for coLinux.

      f. Be patient! Even with broadband links it may take 10 minutes to load 'Debian' and 60 minutes for the GUI X11-based Debian.

      g. Microsoft will protest, but it should normally be OK to say "Continue Anyway".

      You should now have coSARA installed in c:\Program Files\coSARA. However, we are not done yet.

      coSARA relies on the TAP ethernet driver which has been installed in the above installation process. However, this interface adaptor must be connected to the real adaptor via Microsoft's Internet Connection Sharing (ICS). You can do this by selecting "Network Connections" from your "Control Panel".

      In the example above, the Wireless adaptor is the one connecting our system to the Internet. By clicking on this entry, clicking on "Properties" and then selecting the Advanced tab, the ICS option is visible. To activate ICS, click on the check box and select the "TAP" adaptor in the select box titled "Home networking connection". Aso, you might want to confirm that the IP address on your TAP adaptor is set to 192.168.0.1. Note that the "Home networking connection" text box may not always be displayed. Not to worry.

      OK, now its time to bring up coLinux! Go to "c:\Program Files\coSARA" and click on the coLinux icon. If you changed the defaut installation path, then this will not work until you change the properties of the coLinux shortcut (and the VNC shortcut if you are going to use the GUI features of the X1-Debian installation).

      You will see normal Unix stuff scroll on the coLinux window. For this example, there was a problem with the network connection between coLinux and the Internet. (It could be the ICS configuration or some problem with the host machine and its ability to connect to the Internet.) Log on as root (initially there will be no password).

      Once you login, the system will ask you to configure the system for either X11 or text-based operations. X11 will provide you with a graphical user interface (GUI). Text-based will utilize the lynx browser.

      If you select the X11 configuration, coSARA will eventually prompt you with a series of questions. Select the default in all cases (they really don't matter much, but the applications require them).

      Once the process is complete, you are ready to 'rumble'. Type the following: 

          
cd /usr/local/src
./sara

      If you selected the text-based Debian option, The SARA start-up page will be presented through the Lynx browser. Though this is more cumbersome than a full featured browser, all SARA features are available.

      If you selected the X11-based Debian option, then a full GUI environment is available. Before you enter the SARA commands above, click on the VNC client icon under C:\Program Files\coSARA". You will be prompted for a VNC password (use the one you set in the configuration step). You should then be presented a full KDE GUI environment. Go to the sara directory, then type ./sara as before.

      If every goes OK, ou should see the stndard SARA screen. Run SARA as you normally would. Check the "Documentation" link for details on SARA.

      When you want close the coLinux session, simply type "reboot" in the coLinux Console window. After a few seconds, the window will close and coLinux will terminate.