Integration of Tiger in Fedora

Aurelien Bompard gauret at free.fr
Wed Aug 24 11:45:58 UTC 2005


Hi *,

I've packaged Tiger for Fedora, and it is available for review in bug
165311.

Tiger is a set of bash scripts to run automatic security audits and
intrusion detection on Unix systems.
The project was abandoned since mid-90's, and has been resurrected by one of
the main Debian security developers (Javier Fernández-Sanguino).
It proved very useful many times on the Debian servers I manage, and I'm
pretty sure it could be as useful on Fedora.

Since Tiger is very system-specific, it needs customization to integrate it
into Fedora. Right now, I've only ported Javier's fixes and adaptations for
Debian (which is a 20000+ lines patch...).
I'd like to make sure it works as this, and I'll add more Fedora-specific
checks afterwards (such as "yum check-update", "rpm -V", and maybe even
SELinux checks, there's much to do)

I'm looking for people to help fine-tune the default configuration. So here
are the best ways you can help review Tiger :
 - Check for packaging errors, as usual
 - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if
you have error messages.
 - Tell me what false-positive alerts you get in the previous command so I
can add them to /etc/tiger/tiger.ignore
 - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored
something valid
 - Please review my one-liner patch for a C program not compiling with gcc4,
as I really don't know C...
 - Tell me where Tiger could be better integrated into Fedora

When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But
there is also an automatic testing system, where the scripts are run at
different times according to /etc/tiger/cronrc. If you can, please run each
script in this crontab and tell me which false-positive you get.

One of Tiger's best features is to report only what's changed since the last
run (configurable in /etc/tiger/tigerrc), but it does not mean we should
not get rid of false-positives in the first place.

Thanks for your help

Aurélien
-- 
http://aurelien.bompard.org  ~~~~  Jabber : abompard at jabber.fr
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." -- Rich Cook




More information about the fedora-extras-list mailing list