TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.
Release Notes: This version is mainly a bugfix release that incorporates all the fixes introduced in Debian since 3.2.2. It also updates Linux's gen_mounts to support many more filesystems, and provides a way for local administrators to define local and non-local filesystems. This makes it easier for local admins to define exotic filesystems, if in use, and avoid the warnings Tiger mails each time a script that runs through the filesystems (check_perms, check_known, and find_files) executes.
Release Notes: This release introduces support for some operating systems including Tru64 and Solaris 8/9, and improves the existing support of HP-UX and Linux with new security checks. It also fixes many bugs in the code and check scripts. It includes the new 'audit scripts' written by Marc Heuse. This set of scripts can be used for offline auditing of different operating systems. These scripts will recover information from a system and pack it into a file so that it can be audited offline based on this information. This is less intrusive that running Tiger on the system.
Release Notes: This new release includes a number of bugfixes, enhancements and new checks (check_ndd, check_passwspec, check_trusted, check_rootkit, and check_xinetd), and, finally, aide_run and integrit_run which provide new checks for integrity file checkers. Other security checks have been enhanced or fixed. Other relevant changes include full integration with TARA 3.0.3, improved HPUX support, preliminary Mac OS X support, new functions for safer file creation and removal, and more documentation (such as an annotated version of CERT's Unix Security Checklist).
Release Notes: This new release features a number of bug fixes and enhancements. Eleven new checks have been added (four are still beta). New and improved documentation is provided. An 'ignore' mechanism (similar to logcheck's) has been implemented to make it easier to create OS baselines. This permits some OS providers (such as Debian) to provide Tiger with a baseline OS, where security warnings that are irrelevant are removed. This also allows security administrators to tailor the baseline according to their security policies.
Release Notes: This version includes some improvements from the previous version. Some bugs have been found both from testing in Debian GNU/Linux environments and in other operating systems. New checks have been added also to the current codebase and some others have been improved. 'autoconf' is now used to configure and install TIGER.