Tiger integration in Fedora

Stephen J. Smoogen smooge at gmail.com
Tue Sep 6 15:07:11 UTC 2005 

On 9/5/05, Stephen J. Smoogen <smooge at gmail.com> wrote:
> Well.. it didnt work for me :). Mostly Bastille seemed to be a set of
> items to tighten a system down.. not check if something has been
> tightened down. As someone who is writing a bunch of stuff similar to
> tiger.. they are very different beasts.
> 

I have to amend this statement.. I couldnt get bastille -a to work on
my box earlier but found that it was due to a bad box (smoke and ashes
today). For some reason, I think the choice of Bastille and Tiger are
probably personal issues of what works best for someone (like
KDE/Gnome) Both should be available at some point... and used to check
the others work.


> On 9/5/05, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
> > why not just use bastille (which already works on fedora):
> > http://www.bastille-linux.org/ ?
> >
> >
> >
> > Aurelien Bompard wrote:
> > > Hi *,
> > >
> > > I've packaged Tiger for Fedora Extras, and it is available for review in bug
> > > 165311.
> > >
> > > Tiger is a set of bash scripts to run automatic security audits and
> > > intrusion detection on Unix systems.
> > > The project was abandoned since mid-90's, and has been resurrected by one of
> > > the main Debian security developers (Javier Fernández-Sanguino), and further
> > > improved.
> > > It proved very useful many times on the Debian servers I manage, and I'm
> > > pretty sure it could be as useful on Fedora.
> > >
> > > Since Tiger is very system-specific, it needs customization to integrate it
> > > into Fedora. Right now, I've only ported Javier's fixes and adaptations for
> > > Debian (which is a quite large patch, I've splitted and cleaned it).
> > > I'd like to make sure it works as this, and I'll add more Fedora-specific
> > > checks afterwards (such as "yum check-update", "rpm -V", and maybe even
> > > SELinux checks, there's much to do)
> > >
> > > I'm looking for people to help fine-tune the default configuration. So here
> > > are the best ways you can help review Tiger if you want to:
> > >  - Check for packaging errors, as usual
> > >  - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if
> > > you have error messages.
> > >  - Tell me what false-positive alerts you get in the previous command so I
> > > can add them to /etc/tiger/tiger.ignore
> > >  - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored
> > > something valid
> > >  - Please review my one-liner patch for a C program not compiling with gcc4,
> > > as I really don't know C...
> > >  - Tell me where Tiger could be better integrated into Fedora
> > >
> > > When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But
> > > there is also an automatic testing system, where the scripts are run at
> > > different times according to /etc/tiger/cronrc. If you can, please run each
> > > script in this crontab and tell me which false-positive you get.
> > >
> > > One of Tiger's best features is to report only what's changed since the last
> > > run (configurable in /etc/tiger/tigerrc), but it does not mean we should
> > > not get rid of false-positives in the first place.
> > >
> > > Of course, if you don't feel like checking all this, just do what you're
> > > interested in (packaging, coding errors, further integration, ...). Any bit
> > > will help.
> > >
> > > Thanks
> > >
> > > Aurélien
> >
> > --
> > fedora-devel-list mailing list
> > fedora-devel-list at redhat.com
> > http://www.redhat.com/mailman/listinfo/fedora-devel-list
> >
> 
> 
> --
> Stephen J Smoogen.
> CSIRT/Linux System Administrator
> 


-- 
Stephen J Smoogen.
CSIRT/Linux System Administrator

More information about the fedora-devel-list mailing list