WHAT IS IT?
-----------------------------

hntool is a hardening tool for Linux/BSD.

HOW CAN I HELP?
-----------------------------

There are several ways that you can contribute and help hntool's development. 
You can contribute with code, patchs, bugs and feature requests.

To report a bug or a feature request for hntool, file a bug in GitHub or send 
a mail to mail@hugodoria.org. If you're reporting a bug, please give concrete 
examples of how and where the problem occurs.

If you've a patch (fixing a bug or a new hntool module), then you can send it 
to mail@hugodoria.org. hntool development is managed with git, so 
git-formatted patches are preferred. 

hntool's source is available on:

http://github.com/hdoria/hntool/tree/master

HOW TO USE
-----------------------------

Run hntool with:

$ python hntool.py

or

# ./hntool.py

You can also see the hntool(1) manual by typing man hntool at the command line 
or see the usage help:

$ hntool -h 


UNDERSTANDING THE OUTPUT
-----------------------------

There are 5 types of results:

OK : 
  Means that the item checked is fine and that you do not need to worry

INFO: 
  Means that you should know the item status, but probably it is fine. A port
  opened, for example.

LOW:
  Means that a security problem was found, but it does not provides a high risk
  for your system.

MEDIUM:
  Things are getting worse and you should start to worry about these itens.

HIGH:
  You have an important security hole/problem on your system and you
  should fix it NOW or run and save your life.



HOW TO CREATE A MODULE
-----------------------------

This section documents the innards of hntool and specifies how to create 
a new module.

The main hntool program (hntool.py) runs a list of rules defined in __files__ 
and __services__.

  * __files__ :
    defines the rules which process simple files and configs.

  * __services__ :
    defines the rules which checks the security on services and
    daemons. 

Once your module is finalized, remember to add it to the appropriate array 
(__files__ or __services__) defined in hntool/__init__.py

A sample hntool module is like this (hntool/ssh.py):

import os

class rule:
  def short_name(self):
    return "ssh"
  def long_name(self):
    return "Checks security problems on sshd config file"
  def analyze(self):
    check_results = [[],[],[],[],[]]
    ssh_conf_file = ['/etc/ssh/sshd_config', '/etc/sshd_config']

    for sshd_conf in ssh_conf_file:
      if os.path.isfile(sshd_conf):
        fp = open(sshd_conf,'r')
        lines = [x.strip('\n') for x in fp.readlines()]

        # Checking if SSH is using the default port
        if 'Port 22' in lines or '#Port 22' in lines:
          check_results[1].append('SSH is using the default port')
        else:
          check_results[0].append('SSH is not using the default port')      

        # Closing the sshd_config file
        fp.close()

    return check_results
  def type(self):
    return "files"


Mostly, the code is self-explanatory. The following are the list of the methods 
that each hntool module must have:

  * short_name(self) 
  Returns a string containing a short name of the module. Usually,this is the 
  same as the basename of the module file.
  
  * long_name(self) 
  Returns a string containing a concise description of the module. This 
  description is used when listing all the rules using hntool -l.  
  
  * analyze(self) 
  Should return a list comprising in turn of five lists: ok, low, medium, 
  high and info, respectively. 
  
  * type(self) 
  "files" for a module processing simple files and configs
  "services" for a module processing services and daemons