Friday, April 08, 2011
Anu
Tiger is a collection of scripts, code and data files for
tracking down security problems. It scans file systems and
configuration files, checking for possible security issues. It's built
around several dozen modules that check everything from guessable
passwords to the presence of a rootkit.
To install and run it:
# sudo apt-get install tiger
# sudo tiger
The report is written to /var/log/tiger and named security.report.hostname.YYMMDD-hh:mm.
You can simply cat this, (note that only root can view it):
# sudo cat /var/log/tiger/security.report.hostname.YYMMDD-hh:mm
but it's a big report and you're really only interested in failed items. Try this instead:
# sudo grep FAIL /var/log/tiger/security.report.hostname.YYMMDD-hh:mm
Failures are logged against an explanatory code, like this:
--FAIL-- [ftp007f] Anonymous FTP directory owned and writable by 'ftp'.
--FAIL-- [lin016f] The system permits source routing from incoming packets
--FAIL-- [lin019f] The system does not have any local firewall rules
You can obtain more details by appending the code to the Tiger Explanation Generator. For example:
# tigexp ftp007f
yields:
| The indicated file is owned by the
'ftp' account and is writable. This may allow unauthorized access to the machine. The indicated file should be owned by 'root' and not writable by group or world. See CERT advisory CA-93:10 for information on setting up an anonymous FTP server. |
Tiger's well-commented configuration file resides in /etc/tiger/tigerrc.
Thanks...
Posted in
0 comments:
Post a Comment