Tiger (security Software)
   HOME

TheInfoList



Click Here for Items Related To - Tiger (security Software)
OR:
Tiger (security Software) on:   [Wikipedia]   [Google]   [Amazon]

Tiger is a security software for
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
computer operating systems. It can be used both as a security audit tool and a host-based
intrusion detection system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
and supports multiple
UNIX Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, ...
platforms. Tiger is free under the GPL license and unlike other tools, it needs only of
POSIX The Portable Operating System Interface (POSIX) is a family of standards specified by the IEEE Computer Society for maintaining compatibility between operating systems. POSIX defines both the system- and user-level application programming in ...
tools, and is written entirely in shell language. ''Tiger'' is based on a set of modular scripts that can be run either together or independently to check different aspects of a
UNIX Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, ...
system including the review of: * available patches not installed * filesystem permissions * dormant users * specific configuration of system files


History

Tiger was originally developed by Douglas Lee Schales, Dave K. Hess, Khalid Warraich, and Dave R. Safford in 1992 at Texas A&M University. The tool was originally developed to provide a check of UNIX systems on the A&M campus that had to be accessed from off campus and, consequently, required clearance through the network security measures set in place. It was developed after a coordinated attack in August 1992 to computers in the campus. The campus system administrators needed something that any user could use to test the system's security and run if they could figure out how to get it down to their machines. The tool was presented in the Fourth USENIX Security Symposium. It was written at the same time that other auditing tools such as COPS, SATAN and Internet Security Scanner were written. Eventually, after the 2.2.4 version, which was released in 1994, development of Tiger stalled. Three different forks evolved after Tiger: TARA (developed by Advanced Research Computing Tiger Analytical Research Assistant), one internally developed by the HP corporation by Bryan Gartner and the last one developed for the Debian GNU/Linux distribution by Javier Fernández-Sanguino (current upstream maintainer). All the forks aimed at making Tiger work in newer versions of different UNIX operating systems. These forks were merged in May 2002 and in June 2002 the new source code, now labeled as the 3.0 release, was published in the download section of the newly created Savannah site. Following this merge, the following releases were published: * The 3.1 release was published in October 2002, it was considered an unstable release and included some new checks, a new autoconf script for automatic configuration, but mostly included fixes for bugs found after testing Tiger in Debian GNU/Linux and in other operating systems. Over 2,200 lines of code and documentation were included in this release. * The 3.2 release was published in May 2003. It improved the stability of the tool and fixed some security problems including a buffer overflow in realpath. * The 3.2.1 release 7 was published in October 2003. It introduced new checks including: check_ndd (for HPUX and
SunOS SunOS is a Unix-branded operating system developed by Sun Microsystems for their workstation and server computer systems. The ''SunOS'' name is usually only used to refer to versions 1.0 to 4.1.4, which were based on BSD, while versions 5.0 an ...
systems), check_passwspec (for
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, whi ...
and HPUX) check_trusted (for HPUX), check_rootkit (which can interact with the chkrootkit tool), check_xinetd, and, finally, aide_run and integrit_run (integrity file checkers). * The 3.2.2 release was published in August 2007. It introduced support for Tru64, Solaris 8 and 9. This release also introduced the audit scripts, a collection of scripts originally written by Marc Heuse that can be used to do offline audits of systems by recovering all the needed information and putting it into an archive. These scripts are intended for use with security operating systems baselines or checklists. * The 3.2.3 release was published in September 2007. It was mainly a bug fix release which also included new features related to handling exotic filesystems in Linux.


Overview

Tiger has some interesting features including a modular design that is easy to expand. It can be used as an audit tool and a host-based intrusion detection system tool as described in the program's manpage and in the source code documentation
README.hostids
. Tiger complements
Intrusion Detection System An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
(IDS) (from network IDS Snort), to the kernel ( Log-based Intrusion Detection System or LIDS, or SNARE for Linux and
Systrace Systrace is a computer security utility which limits an application's access to the system by enforcing access policies for system calls. This can mitigate the effects of buffer overflows and other security vulnerabilities. It was developed by N ...
for OpenBSD, for example), integrity checkers (many of these: AIDE,
integrit
Samhain,
Tripwire A tripwire is a passive triggering mechanism. Typically, a wire or cord is attached to a device for detecting or reacting to physical movement. Military applications Such tripwires may be attached to one or more mines – especially fragme ...
...) and logcheckers, providing a framework in which all of them can work together while checking the system configuration and status.


References

{{DEFAULTSORT:Tiger (Security Software) Unix security-related software de:Tiger (Software)