[Bug 165311] New: Review Request: Tiger, security auditing on UNIX systems

bugzilla at redhat.com bugzilla at redhat.com
Sun Aug 7 16:32:28 UTC 2005 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165311

           Summary: Review Request: Tiger, security auditing on UNIX systems
           Product: Fedora Extras
           Version: devel
          Platform: All
               URL: http://www.nongnu.org/tiger/
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: Package Review
        AssignedTo: gdk at redhat.com
        ReportedBy: gauret at free.fr
         QAContact: dkl at redhat.com
                CC: fedora-extras-list at redhat.com


Spec : http://gauret.free.fr/fichiers/rpms/fedora/tiger.spec
SRPM : http://gauret.free.fr/fichiers/rpms/fedora/tiger-3.2.1-1.src.rpm
Description:
Tiger is a set of bash scripts to run automatic security audits and intrusion detection on Unix systems.
The project was abandoned since mid-90's, and got resurrected by one of the main Debian security developers (Javier Fernández-Sanguino).
It proved very useful many times on the Debian servers I manage, and I'm pretty sure it could be as useful on Fedora.

Since Tiger is very system-specific, it needs customization to integrate it into Fedora. Right now, I've only ported Javier's fixes and adaptations for Debian (which is a 20000+ lines patch...).
I'd like to make sure it works as this, and I'll add more Fedora-specific checks afterwards (such as "yum check-update", "rpm -V", and maybe even SELinux checks, there's much to do)

So here are the best ways you can review Tiger :
 - Check for packaging errors, as usual
 - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if you have error messages.
 - Tell me what false-positive alerts you get in the previous command so I can add them to /etc/tiger/tiger.ignore
 - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored something valid
 - Please review my one-liner patch for a C program not compiling with gcc4, as I really don't know C...
 - Tell me where Tiger could be better integrated into Fedora

When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But there is also an automatic testing system, where the scripts are run at different times according to /etc/tiger/cronrc. If you can, please run each script in this crontab and tell me which false-positive you get.

One of Tiger's best features is to report only what's changed since the last run (configurable in /etc/tiger/tigerrc), but it does not mean we should not get rid of false-positives in the first place.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-extras-list mailing list