Tiger (security software): Difference between revisions

Tiger Security Tool
Stable release	3.2.3 / March 3, 2010; 14 years ago
Operating system	Unix, Linux, Solaris
Available in	English
Type	Security Audit, Intrusion Detection System
License	GPL
Website	http://www.nongnu.org/tiger/

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 11:52, 14 January 2018

Tiger is a security software for Unix-like computer operating systems. It can be used both as a security audit and intrusion detection system and supports multiple UNIX platforms. Tiger is free under the GPL license and unlike other tools, it needs only of POSIX tools, and is written entirely in shell language.

It has not been maintained since the 3.2.3 release in September 2007. Its a good security.

History

Tiger was originally developed by Douglas Lee Schales, Dave K. Hess, Khalid Warraich, and Dave R. Safford in 1992 at Texas A&M University.^[1] It was written at the same time that other auditing tools such as COPS, SATAN and Internet Security Scanner were written. Eventually, after the 2.2.4 version, which was released in 1994, development of Tiger stalled.^[2]

Three different forks evolved after Tiger: TARA (developed by Advanced Research Computing <ref>[http://www-arc.com/tara Tiger Analytical Research Asistant), one internally developed by the HP corporation by Bryan Gartner and the last one developed for the Debian GNU/Linux distribution by Javier Fernández-Sanguino (current upstream maintainer). All the forks aimed at making Tiger work in newer versions of different UNIX operating systems.

These forks were merged on May 2002 and in June 2002 the new source code, now labeled as the 3.0 release, was published in the download section of the newly created Savannah site. Following this merge, the following releases were published:

The 3.1 release was published in October 2002, it was considered an unstable release and included some new checks, a new autoconf script for automatic configuration, but mostly included fixes for bugs found after testing Tiger in Debian GNU/Linux and in other operating systems. Over 2,200 lines of code and documentation were included in this release.

The 3.2 release was published in May 2003. It improved the stability of the tool and fixed some security problems including a buffer overflow in realpath.

The 3.2.1 release 7 was published in October 2003. It introduced new checks including: check_ndd (for HPUX and SunOS systems), check_passwspec (for Linux and HPUX) check_trusted (for HPUX), check_rootkit (which can interact with the chkrootkit tool), check_xinetd, and, finally, aide_run and integrit_run (integrity file checkers).

The 3.2.2 release was published in August 2007. It introduced support for Tru64, Solaris 8 and 9. This release also introduced the audit scripts, a collection of scripts originally written by Marc Heuse that can be used to do offline audits of systems by recovering all the needed information and putting it into an archive. These scripts are intended for use with security operating systems baselines or checklists.

The 3.2.3 release was published in September 2007. It was mainly a bug fix release which also includied new features related to handling exotic filesystems in Linux.

Overview

Tiger has some interesting features that merit its resurrection,^{[citation needed]} including a modular design that is easy to expand. It can be used as an audit tool and a host intrusion detection system tool.

Tiger complements Intrusion Detection System (IDS) (from network IDS Snort), to the kernel (Log-based Intrusion Detection System or LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), integrity checkers (many of these: AIDE, integrit, Samhain, Tripwire...) and logcheckers, providing a framework in which all of them can work together. Tiger is not a logchecker, nor it focused in integrity analysis. It checks the system configuration and status.

The cronrc and tigerrc files are used for configuration.

Binaries used by tiger include md5, realpath, snefru and testsuid.

References

^ Mann, Scott; Mitchell, Ellen L. (2000). Linux System Security. Upper Saddle River, NJ: Prentice Hall PTR. p. 341. ISBN 0-13-015807-0.
^ http://www.net.tamu.edu/network/tools/tiger.html

[1] Mann, Scott; Mitchell, Ellen L. (2000). Linux System Security. Upper Saddle River, NJ: Prentice Hall PTR. p. 341. ISBN 0-13-015807-0.

[2] ttp://www.net.tamu.edu/network/tools/tiger.html

[1]

[2]

@@ Line 25: / Line 25: @@
 == History ==
-Tiger was originally developed by Douglas Lee Schales, Dave K. Hess, Khalid Warraich, and Dave R. Safford started Tiger in 1992 at [[Texas A&M University]].<ref>
+Tiger was originally developed by Douglas Lee Schales, Dave K. Hess, Khalid Warraich, and Dave R. Safford in 1992 at [[Texas A&M University]].<ref>
 {{cite book
 |title=Linux System Security
@@ Line 39: / Line 39: @@
 |page=341
 }}
-</ref> It was written at the same time that [[COPS (software)|COPS]], [[SATAN]] and [[Internet Scanner]] were. Eventually, after the 2.2.4 version, which was released in 1994, development of Tiger stalled.<ref>http://www.net.tamu.edu/network/tools/tiger.html</ref>
+</ref> It was written at the same time that other auditing tools such as [[COPS (software)|COPS]], [[SATAN]] and [[Internet Security Scanner]] were written. Eventually, after the 2.2.4 version, which was released in 1994, development of Tiger stalled.<ref>http://www.net.tamu.edu/network/tools/tiger.html</ref>
-Three different forks evolved after Tiger: [[TARA]] (developed by Advanced Research Computing <ref>[http://www-arc.com/tara The Advanced Research Corporation <!-- Bot generated title -->]</ref>), one internally developed by the HP corporation by Bryan Gartner and the last one developed for the [[Debian|Debian GNU/Linux]] distribution by Javier Fernández-Sanguino (current upstream maintainer).
+Three different forks evolved after Tiger: [[TARA]] (developed by Advanced Research Computing <ref>[http://www-arc.com/tara Tiger Analytical Research Asistant), one internally developed by the HP corporation by Bryan Gartner and the last one developed for the [[Debian|Debian GNU/Linux]] distribution by Javier Fernández-Sanguino (current upstream maintainer). All the forks aimed at making Tiger work in newer versions of different UNIX operating systems.
-These forks were merged on May 2002 and in June 2002 the new source code, now labeled as the 3.0 release, was published at the Savannah site. The 3.1 release was distributed in October 2002, it was considered an unstable release and included some new checks, a new autoconf script for automatic configuration, but mostly included fixes for bugs found after testing Tiger in Debian GNU/Linux and in other operating systems. Over 2200 lines of code and documentation were included in this release.
+These forks were merged on May 2002 and in June 2002 the new source code, now labeled as the 3.0 release, was published in the [http://download.savannah.nongnu.org/releases/tiger/ download] section of the newly created  Savannah site. Following this merge, the following releases were published:
+* The 3.1 release was published in October 2002, it was considered an unstable release and included some new checks, a new autoconf script for automatic configuration, but mostly included fixes for bugs found after testing Tiger in Debian GNU/Linux and in other operating systems. Over 2,200 lines of code and documentation were included in this release.
-The release 3.2 was published in May 2003. It improved the stability of the tool and fixed some security problems including a [[buffer overflow]] in realpath.
+* The 3.2 release was published in May 2003. It improved the stability of the tool and fixed some security problems including a [[buffer overflow]] in realpath.
-The 3.2.1 release was published in October 2003. It introduced  new checks including: check_ndd (for [[HPUX]] and [[SunOS]] systems), check_passwspec (for [[Linux]] and HPUX) check_trusted (for HPUX), check_rootkit (which can interact with the [[chkrootkit]] tool), check_xinetd, and, finally, aide_run and integrit_run (integrity file checkers).
+* The 3.2.1 release 7 was published in October 2003. It introduced  new checks including: check_ndd (for [[HPUX]] and [[SunOS]] systems), check_passwspec (for [[Linux]] and HPUX) check_trusted (for HPUX), check_rootkit (which can interact with the [[chkrootkit]] tool), check_xinetd, and, finally, aide_run and integrit_run (integrity file checkers).
-The 3.2.2 release was published in August 2007. It introduced support for [[Tru64]], [[Solaris (operating system)|Solaris 8 and 9]]. This release also introduced the audit scripts, a collection of scripts originally written by Marc Heuse that can be used to do offline audits of systems by recovering all the needed information and putting it into an archive. These scripts are intended for use with security operating systems baselines or checklists.
+* The 3.2.2 release was published in August 2007. It introduced support for [[Tru64]], [[Solaris (operating system)|Solaris 8 and 9]]. This release also introduced the audit scripts, a collection of scripts originally written by Marc Heuse that can be used to do offline audits of systems by recovering all the needed information and putting it into an archive. These scripts are intended for use with security operating systems baselines or checklists.
-The 3.2.3 release was published in September 2007 and is mainly a bug fix release and also including new features related to handling exotic filesystems in Linux.
+* The 3.2.3 release was published in September 2007. It was mainly a bug fix release which also includied new features related to handling exotic filesystems in Linux.
 ==Overview==