Tiger integration in Fedora

Stephen J. Smoogen smooge at gmail.com
Mon Sep 5 20:44:18 UTC 2005 

Well.. it didnt work for me :). Mostly Bastille seemed to be a set of
items to tighten a system down.. not check if something has been
tightened down. As someone who is writing a bunch of stuff similar to
tiger.. they are very different beasts.

On 9/5/05, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
> why not just use bastille (which already works on fedora):
> http://www.bastille-linux.org/ ?
> 
> 
> 
> Aurelien Bompard wrote:
> > Hi *,
> >
> > I've packaged Tiger for Fedora Extras, and it is available for review in bug
> > 165311.
> >
> > Tiger is a set of bash scripts to run automatic security audits and
> > intrusion detection on Unix systems.
> > The project was abandoned since mid-90's, and has been resurrected by one of
> > the main Debian security developers (Javier Fernández-Sanguino), and further
> > improved.
> > It proved very useful many times on the Debian servers I manage, and I'm
> > pretty sure it could be as useful on Fedora.
> >
> > Since Tiger is very system-specific, it needs customization to integrate it
> > into Fedora. Right now, I've only ported Javier's fixes and adaptations for
> > Debian (which is a quite large patch, I've splitted and cleaned it).
> > I'd like to make sure it works as this, and I'll add more Fedora-specific
> > checks afterwards (such as "yum check-update", "rpm -V", and maybe even
> > SELinux checks, there's much to do)
> >
> > I'm looking for people to help fine-tune the default configuration. So here
> > are the best ways you can help review Tiger if you want to:
> >  - Check for packaging errors, as usual
> >  - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if
> > you have error messages.
> >  - Tell me what false-positive alerts you get in the previous command so I
> > can add them to /etc/tiger/tiger.ignore
> >  - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored
> > something valid
> >  - Please review my one-liner patch for a C program not compiling with gcc4,
> > as I really don't know C...
> >  - Tell me where Tiger could be better integrated into Fedora
> >
> > When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But
> > there is also an automatic testing system, where the scripts are run at
> > different times according to /etc/tiger/cronrc. If you can, please run each
> > script in this crontab and tell me which false-positive you get.
> >
> > One of Tiger's best features is to report only what's changed since the last
> > run (configurable in /etc/tiger/tigerrc), but it does not mean we should
> > not get rid of false-positives in the first place.
> >
> > Of course, if you don't feel like checking all this, just do what you're
> > interested in (packaging, coding errors, further integration, ...). Any bit
> > will help.
> >
> > Thanks
> >
> > Aurélien
> 
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-devel-list
> 


-- 
Stephen J Smoogen.
CSIRT/Linux System Administrator

More information about the fedora-devel-list mailing list