README FILE : It is important to read this file ----------------------------------------------------- 1)Download the ferret-x.y.tar.gz file into any directory under the root account. Now extract(uncompress) the ferret-x.y.tar.gz file, you will see a folder called ferret-x.y. Go into the ferret-x.y folder and you will see many files and directory. To run the ferret tool you will have to run the ferret file that is within the ferret-x.y folder. Make sure you are in the ferret-x.y folder. 2)Useage (At the command prompt) #perl ferret [--][argument] -mode : This argument can be set to "vul" or "pvg. By default, the arguement is set to "vul". With "vul" Ferret lists all the vulnerabilities found. With "pvg" Ferret lists all the vulnerabilities found and the associated privilege gains. -list : This argument lists all the vulnerability checking plugins with their short descriptions. -longdesc : This arguement lists all the vulnerability checking plugins with their long descriptions. -privgain : This argument lists all the vulnerability checking plugins with the possible privilege changes if the vulnerabilities found by those plugins are exploited. -help : This argument lists the help options. -useos : This argument sets the system OS name to that specified by the user.OS name goes in the option. -useosversion : This argument sets the system OS version to that specified by the user.OS verstion goes in the option. : This argument specifies the keywords at the end of all arguments to run Ferret based on keywords. : This arguement specifies the value of OS name and/or OS version after their corrosponding arguments. example: # perl ferret --mode pvg --useos Solaris password blank above we are using the arguments [mode pvg] and [useos]. We are setting the value of [useos] to . We are also specifying 2 keywords, and . 3) Ferret runs to check the vulnerabilities on your system, so the time it takes to run all the plugin varies from system to system. But it is estimated that it should take a minimum of 3 minutes for a machine. The process will give the result once all the vulnerabilities are checked and right now does not give an indication about how much time is remaining. 4)Use Ctrl-C at anytime to exit the process and you will get the command prompt. 5)When Ferret is run, the output of the process is shown under the shell prompt itself. To redirect the output of the process to a file, use a redirect command. This is important as the output can be saved into a file for future reference. example: # perl ferret [--][argument] > Output_File Here the output is redirected to the file Output_File 6) While Ferret is running there may me many messages such as ypcat, can't opendir or no such file or directory. These messages should be ignored as they are not related to the output or will not interfere with the running of the tool.