home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Unix System Administration Handbook 1997 October
/
usah_oct97.iso
/
index
/
tiger.txt
< prev
next >
Wrap
Text File
|
1997-09-22
|
3KB
|
66 lines
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEX ENTRY FOR TIGER:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Name: tiger - Easy-to-use system security checker
Version: 2.2.3
Author(s): Doug Schales <Doug.Schales@net.tamu.edu>
Ellen Mitchell <ellenm@net.tamu.edu> (current maintainer)
On the CD-ROM in: security/tiger.tar
Ftp source: net.tamu.edu:/pub/security/TAMU/
Size on the CD: 1.2 MB (partially compressed)
Description:
TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
C programs and data files which are used to perform a security
audit of UNIX systems. It is designed to hopefully be easy to
use, easy to understand and easy to enhance.
TIGER has one primary goal: report ways 'root' can be compromised.
While checks are performed for other purposes, most of the checks
are directed at this goal.
What does it do to do this? Paths into 'root' (cron, inetd,
setuid executables, PATH, etc, etc) are all checked to see if
anyone other than 'root' can alter that path. such instances
are flagged. (In reality, paths into other accounts are checked
for vulnerability, but 'root' receives special attention).
A brief run down of some of the checks (not complete):
o cron entries are checked
o mail aliases are checked
o NFS exports are checked
o inetd entries are checked
o PATH variables are checked
o .rhosts & .netrc files are checked
o Specific file & directory access permissions are checked
o File system scans locate unusual files
o Cryptographic hashes are used to detect alterations to key
binaries (hashes are generated from CD-ROM) and also to
report binaries for which (updated) security patches exist.
o Pathnames embedded in any files reported by most of the other
checks are checked.
-- Quoted from the DESCRIPTION file
Advertised architectures:
Currently, support for SunOS 4.x and SunOS 5.x is the best,
followed by NeXT 3.x. Other systems for which (at least partial)
configuration files are provided are IRIX 4.x, AIX 3.x, UNICOS
6.x, Linux 0.99.x and HP/UX. These configurations are not tested
as thoroughly as the SunOS and NeXT configurations, and in some
cases, may barely work. For other systems, a "best effort" check
will be performed.
-- Quoted from the DESCRIPTION file
Prerequisites: C compiler