File: tiger

package info (click to toggle)
tiger 1%3A3.2.4~rc1-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 11,872 kB
  • sloc: sh: 15,065; ansic: 1,933; perl: 573; makefile: 328; sql: 38
file content (555 lines) | stat: -rwxr-xr-x 15,932 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 1, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# tiger - 06/14/93
#
# The UN*X security check system. This is the main program that will run
# all the checks configured for your system in the tigerrc configuration 
# file.
#
# 05/14/2005 jfs Patch from Nicolas Franois which fixes aide output handling
# 01/25/2005 cslater Added separate config variable for 
#		 check_passwdformat.
# 01/15/2003 jfs Check should use INETDCONF (and not INETDFILE).
#                (Temporary fix: defined it if undefined)
# 09/03/2003 jfs Included check_ssh to the checks
# 08/19/2003 jfs check_cron is now check_crontabs
# 08/15/2003 jfs Integrated ARSC log to syslog mechanism but modified
#                the check for it (better to use the same mechanism as
#                used by the sendtologger function in order to avoid
#                some issues and prepended it to the use of -E since
#                otherwise a wrong LOGDIR would be used (with \@) for
#                the logfile and expfile)
# 08/14/2003 jfs Commands now run through run_script (except for check_cron
#                since many systems hold a check_cron script)
# 05/09/2003 jfs Fixed missing bracket (syntax error)
# 05/01/2003 jfs Added missing checks
# 04/27/93 dls check_passwd is now check_accounts
# 04/15/2003 jfs Added new year
# 05/26/2002 jfs Added check_tcpd test
# 04/29/93 dls Added support for 'tigerrc' file.
#
#-----------------------------------------------------------------------------
#
echo "Tiger UN*X security checking system"
echo "   Developed by Texas A&M University, 1994"
echo "   Updated by the Advanced Research Corporation, 1999-2002"
echo "   Further updated by Javier Fernandez-Sanguino, 2001-2018"
echo "   Contributions by Francisco Manuel Garcia Claramonte, 2009-2010"
echo "   Covered by the GNU General Public License (GPL)"
echo
TigerInstallDir="."
#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

sendtologger()
{
  file=$1
  if [ -r "$file" ]; then
  	echo "Cannot read report in $file to send to syslog"
	exit 1
  fi
  logger_port="5353"
  logger_name=`echo $LOGDIR | $AWK -F\@ '{print $2}'`
  safe_temp $WORKDIR/logger.$$
  $TigerCleanup="$TigerCleanup $WORKDIR/logger.$$"
  echo "sleep 5; cat $logfile; sleep 5" >$WORKDIR/logger.$$
  sh $WORKDIR/logger.$$ | telnet $logger_name $logger_port
  if [ "$?" -ne 0 ]; then
   echo "TIGER logger server [$logger_name] is not available"
   delete $WORKDIR/logger.$$
   exit 1
  fi
  delete $WORKDIR/logger.$$
  # Do not proceed since the LOGDIR value would be useless for us
  # TODO: Consider use a -s switch to define logging to syslog
  # so that logs are always kept locally too
  exit 0
}

tigercleanup()
{
  [ -n "$fspid" ] && kill -1 $fspid 2>/dev/null
  [ -f "$Tiger_PasswdFiles" ] && {
    while read __file
    do
      delete $__file $__file.src
    done < $Tiger_PasswdFiles
  }
  [ -n "$TigerCheckEmbedded" ] && delete $TigerCheckEmbedded
  delete $WORKDIR/fsscan.log$$ $Tiger_PasswdFiles

  [ -n "$TigerCleanup" ] && {
    delete $TigerCleanup
  }  
}

trap 'tigercleanup; exit 1' 1 2 3 15

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds CAT DATE DATECMD GEN_PASSWD_SETS GREP MV RM TIMECMD || exit 1
  haveallfiles BASEDIR SCRIPTDIR WORKDIR CONFIG_DIR LOGDIR || exit 1
  haveallvars HOSTNAME OS REL REV ARCH || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------

haveallcmds CAT DATE DATECMD GEN_PASSWD_SETS GREP MV RM TIMECMD || exit 1
haveallfiles BASEDIR SCRIPTDIR CONFIG_DIR LOGDIR WORKDIR || exit 1
haveallvars HOSTNAME OS REL REV ARCH || exit 1

version="$TIGERVERSION"

echo "Tiger security scripts *** $version ***"

[ "$Tiger_TESTMODE" != 'Y' ] && {
  datestamp="`$DATECMD`-`$TIMECMD`"

  logtmp="$LOGDIR/security.report.${HOSTNAME}.tmp.$$"
  logfile="$LOGDIR/security.report.${HOSTNAME}.$datestamp"
  expreport="$LOGDIR/explain.report.${HOSTNAME}.$datestamp"
}

> $logtmp

[ "$Tiger_TESTMODE" != 'Y' ] && {

  echo "Security scripts *** $version ***" >> $logtmp
  [ "$HTML" = "Y" ] && {
  	echo '<H2><CENTER>TIGER System Security Scanner</H2></Center>' > $logtmp
  	echo '<PRE>' >> $logtmp
        echo "Tiger security scripts *** $version ***" >> $logtmp
        echo "Output Mode is HTML"
        echo "HTML Generator developed by the Advanced Research Corporation (R)" >> $logtmp
  }
  


  $DATE >> $logtmp
  echo "`$TIMECMD`> Beginning security report for ${HOSTNAME} ($ARCH $OS $REV)." >> $logtmp
  echo "`$TIMECMD`> Beginning security report for ${HOSTNAME}."
}

_TIGER_RUN=Y
export _TIGER_RUN
OUTPUTMETHOD="$CAT"

Tiger_PasswdFiles=$WORKDIR/passwd.list.$$
export Tiger_PasswdFiles

[ "$Tiger_Check_EMBEDDED" != 'N' ] && {
  TigerCheckEmbedded="$WORKDIR/embed.list.$$"
  > $TigerCheckEmbedded
}
export TigerCheckEmbedded

[ "$Tiger_TESTMODE" != 'Y' ] && {
  delete $Tiger_PasswdFiles
  $GEN_PASSWD_SETS $Tiger_PasswdFiles
}

[ "$Tiger_Check_FILESYSTEM" != 'N' ] && {
  if [ "$Tiger_TESTMODE" = 'Y' ]; then
    echo "`$TIMECMD`> Performing file systems scans..."
    run_script find_files >> $logtmp
  else
    echo "`$TIMECMD`> Starting file systems scans in background..."
    $SCRIPTDIR/find_files > $WORKDIR/fsscan.log$$ 2>/dev/null &
    fspid=$!
  fi
}

crackpid=
[ "$Tiger_Run_CRACK" != 'N' ] && {
  if [ "$Tiger_TESTMODE" = 'Y' ]; then
    echo "`$TIMECMD`> Running Crack (password cracker)..."
    run_script crack_run
  else
    crackout=$WORKDIR/crack.out.$$
    echo "`$TIMECMD`> Running Crack (password cracker) in background..."
    nice -6 $SCRIPTDIR/crack_run > $crackout &
    crackpid=$!
  fi
}

trippid=
[ "$Tiger_Run_TRIPW" != 'N' ] && {
  if [ "$Tiger_TESTMODE" = 'Y' ]; then
    echo "`$TIMECMD`> Running Tripwire..."
    run_script tripwire_run
  else
    tripout=$WORKDIR/tripwire.out.$$
    echo "`$TIMECMD`> Running Tripwire in background..."
    nice -6 $SCRIPTDIR/tripwire_run > $tripout &
    trippid=$!
  fi
}

aidepid=
[ "$Tiger_Run_AIDE" != 'N' ] && {
  if [ "$Tiger_TESTMODE" = 'Y' ]; then
    echo "`$TIMECMD`> Running Aide..."
    run_script aide_run
  else
    export aideout=$WORKDIR/aide.out.$$
    echo "`$TIMECMD`> Running Aide in background..."
    nice -6 $SCRIPTDIR/aide_run > $aideout &
    aidepid=$!
  fi
}


[ "$Tiger_Check_PASSWD" != 'N' ] && {
  echo "`$TIMECMD`> Checking password files..."
  run_script check_passwd >> $logtmp
}

[ "$Tiger_Check_PASSWD_FORMAT" != 'N' ] && {
  echo "`$TIMECMD`> Checking password format..."
  run_script check_passwdformat >> $logtmp
}

[ "$Tiger_Check_PASSWD_NIS" != 'N' ] && {
  echo "`$TIMECMD`> Checking NIS settings..."
  run_script check_nisplus >> $logtmp
}

[ "$Tiger_Check_GROUP" != 'N' ] && {
  echo "`$TIMECMD`> Checking group files..."
  run_script check_group >> $logtmp
}

[ "$Tiger_Check_ACCOUNTS" != 'N' ] && {
  echo "`$TIMECMD`> Checking user accounts..."
  run_script check_accounts >> $logtmp
}

[ "$Tiger_Check_RHOSTS" != 'N' ] && {
  echo "`$TIMECMD`> Checking .rhosts files..."
  run_script check_rhosts >> $logtmp
}

[ "$Tiger_Check_NETRC" != 'N' ] && {
  echo "`$TIMECMD`> Checking .netrc files..."
  run_script check_netrc >> $logtmp
}

# Note: TARA calls this script with Tiger_Check_ROOT so we keep it
# there for compatibility purposes
[ \( "$Tiger_Check_ROOT" != 'N' -a -n "$Tiger_Check_ROOT" \) -o "$Tiger_Check_ROOT_ACCESS" != 'N' ] && {
  echo "`$TIMECMD`> Checking ttytab, securetty, and login configuration files..."
  run_script check_root >> $logtmp
}


[ "$Tiger_Check_PATH" != 'N' ] && {
  echo "`$TIMECMD`> Checking PATH settings..."
  run_script check_path >> $logtmp
}

[ "$Tiger_Check_ANONFTP" != 'N' ] && {
  echo "`$TIMECMD`> Checking anonymous ftp setup..."
  run_script check_anonftp >> $logtmp
}

[ "$Tiger_Check_ALIASES" != 'N' ] && {
  echo "`$TIMECMD`> Checking mail aliases..."
  run_script check_aliases >> $logtmp
}

[ "$Tiger_Check_CRON" != 'N' ] && {
  echo "`$TIMECMD`> Checking cron entries..."
  run_script check_crontabs >> $logtmp
}

[ "$Tiger_Check_INETD" != 'N' ] && {
  # Temporary definition until all the config files (and gen_inetd
  # scripts) are updated.
  [ -z "$INETDCONF" ] && INETDCONF="/etc/inetd.conf"
  [ -z "$XINETDCONF" ] && XINETDCONF="/etc/xinetd.conf"

  [ -n "$INETDCONF" ] && [ -f "$INETDCONF" ] && {
    echo "`$TIMECMD`> Checking 'inetd' configuration..."
    run_script check_inetd >> $logtmp
    echo "`$TIMECMD`> Checking 'tcpd' configuration..."
    run_script check_tcpd >> $logtmp
  }
  [ -n "$XINETDCONF" ] && [ -f "$XINETDCONF" ] && {
    echo "`$TIMECMD`> Checking 'xinetd' configuration..."
    run_script check_xinetd >> $logtmp
  }
}

[ "$Tiger_Check_SERVICES" != 'N' ] && {
  echo "`$TIMECMD`> Checking 'services' configuration..."
  run_script check_services >> $logtmp
}

[ "$Tiger_Check_EXPORTS" != 'N' ] && {
  echo "`$TIMECMD`> Checking NFS export entries..."
  run_script check_exports >> $logtmp
}

[ "$Tiger_Check_PERMS" != 'N' ] && {
  echo "`$TIMECMD`> Checking permissions and ownership of system files..."
  run_script check_perms >> $logtmp
}

[ "$Tiger_Check_SIGNATURES" != 'N' ] && {
  echo "`$TIMECMD`> Checking for altered or out of date binaries..."
  run_script check_signatures >> $logtmp
}

[ "$Tiger_Check_KNOWN" != 'N' ] && {
  echo "`$TIMECMD`> Checking for indications of break-in..."
  run_script check_known >> $logtmp
}

[ "$Tiger_Check_ROOTKIT" != 'N' ] && {
  echo "`$TIMECMD`> Performing rootkit checks..."
  run_script check_rootkit >> $logtmp
}

[ "$Tiger_Check_SYSTEM" != 'N' ] && {
  echo "`$TIMECMD`> Performing system specific checks..."
  run_script check_system >> $logtmp
}


[ "$Tiger_Check_ROOTDIR" != 'N' ] && {
  echo "`$TIMECMD`> Performing root directory checks..."
  run_script check_rootdir >> $logtmp
}

[ "$Tiger_Check_ETCISSUE" != 'N' ] && {
  echo "`$TIMECMD`> Performing /etc/issue login banner checks..."
  run_script check_issue >> $logtmp
}


[ "$Tiger_Check_BACKUPS" != 'N' ] && {
  echo "`$TIMECMD`> Checking for secure backup devices..."
  run_script check_devices >> $logtmp
}


[ "$Tiger_Check_LOGFILES" != 'N' ] && {
  echo "`$TIMECMD`> Checking for the presence of log files..."
  run_script check_logfiles >> $logtmp
}

[ "$Tiger_Check_USERUMASK" != 'N' ] && {
  echo "`$TIMECMD`> Checking for the setting of user's umask..."
  run_script check_umask >> $logtmp
}

#
# The following check has been "promoted" from Linux to
# any system since it is pretty general
#
[ "$Tiger_Check_LISTENING" != 'N' ] && {
  echo "`$TIMECMD`> Checking for listening processes..."
  run_script check_listeningprocs >> $logtmp
}

# A general watchdog for system processes
[ "$Tiger_Check_RUNPROC" != 'N' ] && {
  echo "`$TIMECMD`> Checking for running processes..."
  run_script check_runprocs >> $logtmp
}

[ "$Tiger_Check_DELETED" != 'N' ] && {
  echo "`$TIMECMD`> Checking for processes using deleted files..."
  run_script check_finddeleted >> $logtmp
}

[ "$Tiger_Check_APACHE" != 'N' ] && {
  echo "`$TIMECMD`> Checking Apache's configuration..."
  run_script check_apache >> $logtmp
}

[ "$Tiger_Check_SSH" != 'N' ] && {
  echo "`$TIMECMD`> Checking SSHD's configuration..."
  run_script check_ssh >> $logtmp
}

[ "$Tiger_Check_SENDMAIL" != 'N' ] && {
  echo "`$TIMECMD`> Checking Sendmail's configuration..."
  run_script check_sendmail >> $logtmp
}

[ "$Tiger_Check_PRINTCAP" != 'N' ] && {
  echo "`$TIMECMD`> Checking the printers control file..."
  run_script check_printcap >> $logtmp
}

[ "$Tiger_Check_EXRC" != 'N' ] && {
  echo "`$TIMECMD`> Checking for exrc files..."
  run_script check_exrc >> $logtmp
}

# This test should be changed from Perl to shell script, also there
# is repeated functionality from check_listeningprocs (jfs)
#[ "$Tiger_Check_STRICTNW" != 'N' ] && {
#  echo "`$TIMECMD`> Checking for network configuration..."
#  run_script check_network >> $logtmp
#}

[ "$Tiger_Check_FTPUSERS" != 'N' ] && {
  echo "`$TIMECMD`> Checking ftpusers configuration..."
  run_script check_ftpusers >> $logtmp
}

[ "$Tiger_Check_OMNIBACK" != 'N' ] && {
  echo "`$TIMECMD`> Checking omniback configuration..."
  run_script check_omniback >> $logtmp
}

[ "$Tiger_Check_NTP" != 'N' ] && {
  echo "`$TIMECMD`> Checking NTP configuration..."
  run_script check_ntp >> $logtmp
}

#
# When not doing checks of all setuid executables, we can do
# embedded checks while the file system scans are running.
#
[ "$Tiger_Check_EMBEDDED" != 'N' -a "x$Tiger_Embed_Check_SUID" != 'xY' ] && {
  echo "`$TIMECMD`> Performing check of embedded pathnames..."
  run_script check_embedded >> $logtmp
}

[ "$Tiger_Check_FILESYSTEM" != 'N' -a "$Tiger_TESTMODE" != 'Y' ] && {
  echo "`$TIMECMD`> Waiting for filesystems scans to complete..."
  wait $fspid
  fspid=
  echo "`$TIMECMD`> Filesystems scans completed..."

  [ -s $WORKDIR/fsscan.log$$ ] && $CAT $WORKDIR/fsscan.log$$ >> $logtmp
  delete $WORKDIR/fsscan.log$$
}
#
# When checking SUID executables, wait until after file system scans
# have completed.
#
[ "$Tiger_Check_EMBEDDED" != 'N' -a "x$Tiger_Embed_Check_SUID" = 'xY' ] && {
  echo "`$TIMECMD`> Performing check of embedded pathnames..."
  run_script check_embedded >> $logtmp
}

[ -n "$crackpid" ] && {
  if /bin/kill -0 $crackpid 2>/dev/null; then
    if [ "$Tiger_Collect_CRACK" = 'Y' ]; then
      wait $crackpid
      $CAT $crackout >> $logtmp
      delete $crackout
    else
      echo "`$TIMECMD`> \`Crack' not finished. Output will be in $crackout."
      echo "# \`Crack' not finished. Output will be in $crackout." >> $logtmp
    fi
  else
    $CAT $crackout >> $logtmp
    delete $crackout
  fi
} 2>/dev/null

[ -n "$trippid" ] && {
    echo "`$TIMECMD`> Waiting for Tripwire to finish..."
    wait $trippid
    $CAT $tripout >> $logtmp
    delete $tripout
} 2>/dev/null

[ -n "$aidepid" ] && {
    echo "`$TIMECMD`> Waiting for Aide to finish..."
    wait $aidepid
    $CAT $aideout >> $logtmp
    delete $aideout
} 2>/dev/null

#echo "`$TIMECMD`> Security report completed for ${HOSTNAME}."

[ "$Tiger_TESTMODE" != 'Y' ] && {
  echo "`$TIMECMD`> Security report completed for ${HOSTNAME}."
  echo "`$TIMECMD`> Security report completed for ${HOSTNAME}." >>$logtmp

  if [ -n "`echo $LOGDIR | $AWK -F\@ '{print $2}'`" ]; then
    sendtologger $logtmp
  fi

  if [ "$EXPLAINREPORT" = "Y" ]; then
    $BASEDIR/tigexp -f $logtmp > $expreport
    $MV $logtmp $logfile
  elif [ "$EXPLAINREPORT" = "I" ]; then
    $BASEDIR/tigexp -F $logtmp > $logfile
    delete $logtmp
  else
    $MV $logtmp $logfile
  fi


  [ "$HTML" = "Y" ] && {
    htmlfile="$logfile.html"
    $MV $logfile $htmlfile
#    $CAT html/* >> $htmlfile
    echo "Security report is in \`$htmlfile'."
  }
  [ "$HTML" = "N" ] && {
    echo "Security report is in \`$logfile'."
  }

 
}

# Cleanup now before exiting
tigercleanup

#
exit 0