Integration of Tiger in Fedora
Aurelien Bompard
gauret at free.fr
Wed Aug 24 11:45:58 UTC 2005
Hi *,
I've packaged Tiger for Fedora, and it is available for review in bug
165311.
Tiger is a set of bash scripts to run automatic security audits and
intrusion detection on Unix systems.
The project was abandoned since mid-90's, and has been resurrected by one of
the main Debian security developers (Javier Fernández-Sanguino).
It proved very useful many times on the Debian servers I manage, and I'm
pretty sure it could be as useful on Fedora.
Since Tiger is very system-specific, it needs customization to integrate it
into Fedora. Right now, I've only ported Javier's fixes and adaptations for
Debian (which is a 20000+ lines patch...).
I'd like to make sure it works as this, and I'll add more Fedora-specific
checks afterwards (such as "yum check-update", "rpm -V", and maybe even
SELinux checks, there's much to do)
I'm looking for people to help fine-tune the default configuration. So here
are the best ways you can help review Tiger :
- Check for packaging errors, as usual
- Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if
you have error messages.
- Tell me what false-positive alerts you get in the previous command so I
can add them to /etc/tiger/tiger.ignore
- Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored
something valid
- Please review my one-liner patch for a C program not compiling with gcc4,
as I really don't know C...
- Tell me where Tiger could be better integrated into Fedora
When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But
there is also an automatic testing system, where the scripts are run at
different times according to /etc/tiger/cronrc. If you can, please run each
script in this crontab and tell me which false-positive you get.
One of Tiger's best features is to report only what's changed since the last
run (configurable in /etc/tiger/tigerrc), but it does not mean we should
not get rid of false-positives in the first place.
Thanks for your help
Aurélien
--
http://aurelien.bompard.org ~~~~ Jabber : abompard at jabber.fr
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." -- Rich Cook
More information about the fedora-extras-list
mailing list