#
# 'rc' file for tiger.  This file is preprocessed, and thus
# can *only* contain variable assignments and comments.
#
#------------------------------------------------------------------------
#
# Select checks to perform.  Specify 'N' (uppercase) for checks
# you don't want performed.
#
TigerNoBuild=Y			# C files are corrupted (ouch.)
Tiger_Check_PASSWD=Y		# Fast
Tiger_Check_GROUP=Y		# Fast
Tiger_Check_ACCOUNTS=Y		# Time varies on # of users
Tiger_Check_RHOSTS=Y		# Time varies on # of users
Tiger_Check_NETRC=Y		# Time varies on # of users
Tiger_Check_ALIASES=Y		# Fast
Tiger_Check_CRON=Y		# Fast
Tiger_Check_ANONFTP=Y		# Fast
Tiger_Check_EXPORTS=Y		# Fast
Tiger_Check_INETD=Y		# Could be faster, not bad though
Tiger_Check_KNOWN=Y		# Fast
Tiger_Check_PERMS=Y		# Could be faster, not bad though
Tiger_Check_SIGNATURES=Y	# Several minutes
Tiger_Check_FILESYSTEM=Y	# Time varies on disk space... can be hours
Tiger_Check_PATH=Y		# Fast for just root... varies for all 
Tiger_Check_EMBEDDED=Y		# Several minutes
Tiger_Check_EVERYLISTENING=Y	# Give warning on services listening on 
				# all interfaces (not limited to only one)
# 
# Should reports with no info be sent on cron?
#
Tiger_Cron_SendOKReports=N
#
# Should reports be compared with a template? (if available)
# (Note: takes precedence over previous run check)
#
Tiger_Cron_Template=N
#
# Should reports be compared with previous runs? (if available)
#
Tiger_Cron_CheckPrev=Y
#
# Should messages tagged with INFO be shown?
#
Tiger_Show_INFO_Msgs=N
#
# In order for this to be effective, you should define 'CRACK' in
# a 'site' file.
#
# Note: Disabled for Debian since it (currently) does not work and 
# the 'john' package can be configured to crack the passwords periodicly 
Tiger_Run_CRACK=N               # First time, ages; subsequent fairly quick
#
# Should we use canonical fully qualified domain names
# in the reports?
#
Tiger_Output_FQDN=Y
#
# Line size (for formatting of output)... default is 79...
# Specifying '0' means unlimited
#
Tiger_Output_Width=79
#
# Same as above, except used when run via 'tigercron'...
# You should set this once and never change it, 'cause if you
# change it, you'll get lots and lots of new stuff according
# to the scripts (the diff's against previous reports will find
# lots of changes due to the formatting changes).
#
Tiger_CRON_Output_Width=0
#
# If an embedded pathname refers to an executable file, this executable
# will in turn be checked.  This will continue "recursively" until
# either no new executables are found, or a maximum reference depth
# is reached.  Setting this variable to 0 is equivalent to infinity.
# On a Sun 4/490, SunOS 4.1.2, 6GB disk, an infinite depth check
# took about 30 minutes.  Your milage will vary.
#
# On small memory systems, a large search depth can result in out
# of memory situations for 'sort'... :-(...
#
Tiger_Embed_Max_Depth=3
#
# Only search executables for embedded pathnames.  If this is
# set to 'N', then all regular files will be searched.  Otherwise
# only executable files will be searched.
#
Tiger_Embed_Check_Exec_Only=Y
#
# Check all setuid executables found.  This will cause 'tiger'
# to run longer on many systems, as it will have to wait for the
# file system scans to complete before it can begin checking the
# embedded pathnames.
#
Tiger_Embed_Check_SUID=Y
#
# Only report executables which are writable or not owned by root.  If set
# to 'Y' only the executables will be reported.  Any other value will result
# in regular files and directories being reported as well.
#
# Note that currently, device files are never reported.
#
Tiger_Embed_Report_Exec_Only=Y
#
# Who do you allow to own system files.
# List of usernames separated by '|'... no whitespace
#
Tiger_Embedded_OK_Owners='root|bin|uucp'
#Tiger_Embedded_OK_Owners=root
#
# What groups can have write access to system files?
# List of group names separated by '|'... no whitespace.
# No value means no groups should have write access.
#
Tiger_Embedded_OK_Group_Write=root
#
# Should all users' PATH variables be checked.  This has the potential
# of being dangerous because of the way it is done.  You might want to
# take a look at check_path and decide for yourself whether the precautions
# are sufficient before enabling this.
#
Tiger_Check_PATHALL=N           # Check all user PATHs in startup files.
#
# Who can own executables in 'root's PATH?
# List of usernames separated by '|'... no whitespace
#
Tiger_ROOT_PATH_OK_Owners='root|uucp|bin|news'
#Tiger_ROOT_PATH_OK_Owners='root'
#
# What groups can have write access to executables in 'root's PATH?
# List of group names separated by '|'... no whitespace.
# No value means no groups should have write access.
#
Tiger_ROOT_PATH_OK_Group_Write=root
#
# Who can own things in other users PATH?
# List of usernames separated by '|'... no whitespace
#
Tiger_PATH_OK_Owners='root|bin|daemon|uucp|sys|adm'
#
# What groups can have write access to executables in non-root user PATH?
# List of group names separated by '|'... no whitespace.
# No value means no groups should have write access.
#
Tiger_PATH_OK_Group_Write=
#
# Should 'tiger' wait for Crack to finish?  If set to 'Y' it will wait
# until it finishes.  If set to 'N', it will collect the output if
# Crack finishes before the rest of the checks.  If it isn't finished
# 'tiger' will simply report where the output will be stored.
#
Tiger_Collect_CRACK=Y
#
# Run Crack on local password sources only?  If set to Y, no network
# sources will be used.  If set to 'N', NIS, NIS+, NetInfo, etc
# sources will also be used.
#
Tiger_Crack_Local=Y
#
# Who gets output from 'tigercron'?
#
Tiger_Mail_RCPT=root
#
# List of '/' separated filename globs (NOT pathnames) to look for
# on the filesystems.
#
Tiger_Files_of_Note="..[!.]*/.* */.*	*/.[!.]/.log/.FSP*"
#
# File system scan - things to look for
#
Tiger_FSScan_Setuid=Y		# Setuid executables
Tiger_FSScan_Devs=Y		# device files
Tiger_FSScan_SymLinks=Y		# strange symbolic links
Tiger_FSScan_ofNote=Y		# weird filenames
Tiger_FSScan_WDIR=Y		# world writable directories
Tiger_FSScan_Unowned=Y		# files with undefined owners/groups
#
# Should we scan read-only filesystems
#
Tiger_FSScan_ReadOnly=N
#
# List of dot files commonly found in user home directories.  These
# will be checked by check_accounts for proper access permissions.
# 
# Note that .rhosts and .netrc need not appear here, as they will
# be checked by scan_rhosts or scan_netrc.
#
USERDOTFILES=".alias .kshrc .cshrc .profile .login .mailrc .exrc .emacs .forward .tcshrc .zshenv .zshrc .zlogin .zprofile .rcrc .bashrc .bash_profile .inputrc .xinitrc .fvwm2rc .Xsession .Xclients"
#
# Rhost sites which are expected to be in the .rhosts files.
# Anything that doesn't match will be reported.  The patterns
# are simple patterns as used in Bourne Shell 'case' statement. 
#
#RHOST_SITES='*.tamu.edu|jupiter'

# What uid's should not give warnings about valid shells 
# (trusted or default users)
# Debian GNU/Linux: default is 999, users are generated over 1000
# Solaris: default should be 99, users are generated over 100
Tiger_Accounts_Trust=999
#
# Which *user* do you allow to have processes listening for incoming connections 
# on the system?
# List of usernames separated by '|'... no whitespaces allowed (but wildcards are)
#
Tiger_Listening_ValidUsers='root'
#
# Which processes are always considered valid, regardless of how are they
# listening for incoming connections on the system?
# This allows administrators to disable warnings on processes that might change
# the listening port dynamically (and thus cannot be removed through the 
# template definitions)
# List of processes separated by '|'... no whitespaces allowed (but wildcards are)
#
Tiger_Listening_ValidProcs=''
#
# Should we optimize DPKG checks? (by not using dpkg but looking on
# the file database at /var/lib/dpkg?)
#
Tiger_DPKG_Optimize=Y