Tiger integration in Fedora

Aurelien Bompard gauret at free.fr
Mon Sep 5 18:16:21 UTC 2005 

Hi *,

I've packaged Tiger for Fedora Extras, and it is available for review in bug
165311.

Tiger is a set of bash scripts to run automatic security audits and
intrusion detection on Unix systems.
The project was abandoned since mid-90's, and has been resurrected by one of
the main Debian security developers (Javier Fernández-Sanguino), and further
improved.
It proved very useful many times on the Debian servers I manage, and I'm
pretty sure it could be as useful on Fedora.

Since Tiger is very system-specific, it needs customization to integrate it
into Fedora. Right now, I've only ported Javier's fixes and adaptations for
Debian (which is a quite large patch, I've splitted and cleaned it).
I'd like to make sure it works as this, and I'll add more Fedora-specific
checks afterwards (such as "yum check-update", "rpm -V", and maybe even
SELinux checks, there's much to do)

I'm looking for people to help fine-tune the default configuration. So here
are the best ways you can help review Tiger if you want to:
 - Check for packaging errors, as usual
 - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if
you have error messages.
 - Tell me what false-positive alerts you get in the previous command so I
can add them to /etc/tiger/tiger.ignore
 - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored
something valid
 - Please review my one-liner patch for a C program not compiling with gcc4,
as I really don't know C...
 - Tell me where Tiger could be better integrated into Fedora

When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But
there is also an automatic testing system, where the scripts are run at
different times according to /etc/tiger/cronrc. If you can, please run each
script in this crontab and tell me which false-positive you get.

One of Tiger's best features is to report only what's changed since the last
run (configurable in /etc/tiger/tigerrc), but it does not mean we should
not get rid of false-positives in the first place.

Of course, if you don't feel like checking all this, just do what you're
interested in (packaging, coding errors, further integration, ...). Any bit
will help.

Thanks

Aurélien
-- 
http://aurelien.bompard.org  ~~~~  Jabber : abompard at jabber.fr
If one keeps trying, one successes eventually. Therefore, the more one
fails, the closer one is to success. -- Shadok moto.

More information about the fedora-devel-list mailing list