New Release : Tiger 3.2.2 , the Unix Security Audit Tool

Tiger Security ScannerFollowing the Freshmeat email about the release of version ‘3.2.2’ of ‘Tiger security tool’ I decided to install it and see what can be done with this security scanner.

About:
TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.

Tiger is allready in the main Debian repository and installing is a breeze :

apt-get install tiger 

It’s worth noting that Debian’s TIGER incorporates new checks primarily oriented towards  Debian distribution including:

  • md5sums checks of installed files,
  • location of files not belonging to packages, check of security
  • advisories and analysis of local listening processes.

After a quick manpage browsing I fired tiger eagerly waiting to see the security checks and also the security posture of my system according to best practices and standards.

root@dragos-laptop:~/work/tiger# tiger -l /home/dragos/work/tiger -E -H
Tiger UN*X security checking system
   Developed by Texas A&M University, 1994
   Updated by the Advanced Research Corporation, 1999-2002
   Further updated by Javier Fernandez-Sanguino, 2001-2005
   Covered by the GNU General Public License (GPL)

Configuring…

Will try to check using config for ‘i686’ running Linux 2.6.20-16-generic…
–CONFIG– [con005c] Using configuration files for Linux 2.6.20-16-generic. Using
           configuration files for generic Linux 2.
Tiger security scripts *** 3.2.1, 2003.10.10.18.00 ***
Output Mode is HTML
23:31> Beginning security report for dragos-laptop.
23:31> Starting file systems scans in background…
23:31> Checking password files…
23:31> Checking group files…
23:31> Checking user accounts…
23:31> Checking .rhosts files…
23:31> Checking .netrc files…
23:31> Checking ttytab, securetty, and login configuration files…
23:32> Checking PATH settings…
23:32> Checking anonymous ftp setup…
23:32> Checking mail aliases…
23:32> Checking cron entries…
23:32> Checking ‘services’ configuration…
23:32> Checking NFS export entries…
23:32> Checking permissions and ownership of system files…
–CONFIG– [con010c] Filesystem ‘fuseblk’ used by ‘/dev/disk/by-uuid/3AD8049CD8045891’ is not recognised as a local filesystem
23:32> Checking for indications of break-in…
–CONFIG– [con010c] Filesystem ‘fuseblk’ used by ‘/dev/disk/by-uuid/3AD8049CD8045891’ is not recognised as a local filesystem
23:32> Performing rootkit checks…
23:32> Performing system specific checks…
23:36> Performing root directory checks…
23:36> Checking for secure backup devices…
23:36> Checking for the presence of log files…
23:36> Checking for the setting of user’s umask…
23:37> Checking for listening processes…
23:37> Checking SSHD’s configuration…
23:37> Checking the printers control file…
23:37> Checking ftpusers configuration…
23:37> Checking NTP configuration…
23:37> Waiting for filesystems scans to complete…
23:37> Filesystems scans completed…
23:37> Performing check of embedded pathnames…
23:37> Security report completed for dragos-laptop.
Security report is in `/home/dragos/work/tiger/security.report.dragos-laptop.070827-23:31.html’.

The report was loaded with non compliance warnings and failures and that’s why I extracted only the failures :

FAIL [boot02]The configuration file /boot/grub/menu.lst has world permissions. Should be 0600
FAIL [lin013f]The system is not protected against Syn flooding attacks
FAIL [lin014f]The system permits the transmission of IP packets with invalid addresses
FAIL [lin016f]The system permits source routing from incoming packets
FAIL [lin019f]The system does not have any local firewall rules configured
FAIL [dev002f]/dev/log has world permissions
FAIL [logf005f]Log file /var/log/btmp permission should be 660
FAIL [ssh005w]Cannot find a configuration file for SSH.
FAIL [netw020f]There is no /etc/ftpusers file.

Not so bad considering the brutal way I manage my workstation 🙂 However, I’m very  interested in listening about other experiences you had with this GPL security audit tool

Download Tiger Security Audit and Intrusion Detection Tool



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge