Tiger integration in Fedora
Harry Hoffman
hhoffman at ip-solutions.net
Mon Sep 5 18:51:20 UTC 2005
why not just use bastille (which already works on fedora):
http://www.bastille-linux.org/ ?
Aurelien Bompard wrote:
> Hi *,
>
> I've packaged Tiger for Fedora Extras, and it is available for review in bug
> 165311.
>
> Tiger is a set of bash scripts to run automatic security audits and
> intrusion detection on Unix systems.
> The project was abandoned since mid-90's, and has been resurrected by one of
> the main Debian security developers (Javier Fernández-Sanguino), and further
> improved.
> It proved very useful many times on the Debian servers I manage, and I'm
> pretty sure it could be as useful on Fedora.
>
> Since Tiger is very system-specific, it needs customization to integrate it
> into Fedora. Right now, I've only ported Javier's fixes and adaptations for
> Debian (which is a quite large patch, I've splitted and cleaned it).
> I'd like to make sure it works as this, and I'll add more Fedora-specific
> checks afterwards (such as "yum check-update", "rpm -V", and maybe even
> SELinux checks, there's much to do)
>
> I'm looking for people to help fine-tune the default configuration. So here
> are the best ways you can help review Tiger if you want to:
> - Check for packaging errors, as usual
> - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if
> you have error messages.
> - Tell me what false-positive alerts you get in the previous command so I
> can add them to /etc/tiger/tiger.ignore
> - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored
> something valid
> - Please review my one-liner patch for a C program not compiling with gcc4,
> as I really don't know C...
> - Tell me where Tiger could be better integrated into Fedora
>
> When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But
> there is also an automatic testing system, where the scripts are run at
> different times according to /etc/tiger/cronrc. If you can, please run each
> script in this crontab and tell me which false-positive you get.
>
> One of Tiger's best features is to report only what's changed since the last
> run (configurable in /etc/tiger/tigerrc), but it does not mean we should
> not get rid of false-positives in the first place.
>
> Of course, if you don't feel like checking all this, just do what you're
> interested in (packaging, coding errors, further integration, ...). Any bit
> will help.
>
> Thanks
>
> Aurélien
More information about the devel
mailing list