1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
Here's a quick "HOW TO" on using 'tiger'...
First: Make sure you are using a 'tigerrc' file to your liking. The
tigerrc-TAMU file disables a lot of checks. The 'tigerrc-dist'
file enables all of them. You should probably edit one to your
tastes, though I do recommend the full check.
Second, for just a test run, it is *NOT* necessary to install 'tiger'.
Just 'cd' into the top-level tiger directory and run './tiger'. This
will create a security report after some time (times vary based on system
size and extent of checking defined in 'tigerrc').
If you fix some things, and want to run just part of the system without
having to wait for the entire thing, 'cd' to the 'scripts' directory
and you can run any of the scripts there standalone. Just use
'./scriptname'. The output will go to stdout, so if you want to save
it to a file, you'll need to redirect it.
If you want more information on a particular message generated by 'tiger'
(or any of the scripts), you can use the 'tigexp' (TIGer EXPlain) facility.
You have three choices here.
First, if you just want more information on a specific message, just use
'./tigexp msgid', where 'msgid' is the text inside the [] associated with
each message. For example, to obtain more information about:
--WARN-- [acc001w] Login ID backup is disabled, but still has a valid shell
(/bin/sh).
one would use './tigexp acc001w'.
Second, if you want to insert the explanations in the report, you can
either run 'tiger' (or the individual scripts) with the '-E' option,
or if you have already run it, then use 'tigexp -F report-file'. This
will write a copy of the security report to stdout, with explanations
inserted.
The third option is to generate a separate explanation file from a
report file. To do this, use 'tigexp -f report-file'. An explanation
report will be generated with message identifiers with each explanation.
This can be used when the report file has lots of repeated message ID's
and inserting explanations will increase the size of the report to
absurd proportions.
------------------------------------------------------------------------
Running 'tiger' regularly.
First: It still isn't necessary to "install" 'tiger'. Installing it
is only a convenience. If you do not install it, then it will be
necessary to either invoke 'tiger' (or the individual scripts) with
the '-B' option or 'cd' to the 'tiger' directory before running it.
The '-B' option informs the scripts where the top level 'tiger'
directory is.
You have two options when running 'tiger' regularly. The first is
to simply run 'tiger' out of cron. Since on large systems, a full run
can take hours, this is probably not desirable.
The more desirable is to use 'tigercron'. With 'tigercron', it is
possible to run the individual scripts spread out over a time period
(some can be run three times a day, others once a week or month).
In addition, 'tigercron' will (on some systems) e-mail a "change"
report to the specified person (in 'tigerrc'). The "change" report
will only contain "new" information and will only be mailed when
there *is* new information.
------------------------------------------------------------------------
Installing 'tiger'. If you do decide to install 'tiger', simply edit
the 'Makefile' and set the variables at the top. Then type 'make
install'. NOTE NOTE NOTE: It is important that the destination
directory (TIGERHOME) is *NOT* be the same as the source directory
(where 'tiger' was extracted). The Makefile currently doesn't have
the smarts (I'm not sure it has any) to handle such a situation and
will mangle TIGER horribly.
------------------------------------------------------------------------
|
