Hidden Linux: Put a tiger in your tank
Tiger is a collection of scripts, code and data files for tracking down security problems. It scans file systems and configuration files, checking for possible security issues. It's built around several dozen modules that check everything from guessable passwords to the presence of a rootkit.
To install and run it:
| # sudo apt-get
install tiger # sudo tiger |
The report is written to /var/log/tiger and named security.report.hostname.YYMMDD-hh:mm. You can simply cat this, (note that only root can view it):
| # sudo cat /var/log/tiger/security.report.hostname.YYMMDD-hh:mm |
but it's a big report and you're really only interested in failed items. Try this instead:
| # sudo grep FAIL /var/log/tiger/security.report.hostname.YYMMDD-hh:mm |
Failures are logged against an explanatory code, like this:
| --FAIL-- [ftp007f] Anonymous FTP
directory owned and writable by 'ftp'. --FAIL-- [lin016f] The system permits source routing from incoming packets --FAIL-- [lin019f] The system does not have any local firewall rules |
You can obtain more details by appending the code to the Tiger Explanation Generator. For example:
| # tigexp ftp007f |
yields:
| The indicated file is owned by the
'ftp' account and is writable. This may allow unauthorized access to the machine. The indicated file should be owned by 'root' and not writable by group or world. See CERT advisory CA-93:10 for information on setting up an anonymous FTP server. |
Tiger's well-commented configuration file resides in /etc/tiger/tigerrc.
 |
 |
PC World is New Zealand’s top selling computing and technology magazine.
Comments
Manu: It works for me! (Running Kubuntu 10.10) But I see there's a bug filed -- and a workaround. Check out https://bugs.launchpad.net/ubuntu/+source/tiger/+bug/556028
Posted by: Geoff | March 16, 2011 8:49 AM
Does tiger work on Ubuntu ? The script seems to fail finding inittab :
/bin/grep: /etc/inittab: No such file or directory
Posted by: Manu | March 15, 2011 11:53 PM