Feeds:
Posts
Comments

Archive for February 8th, 2008

Tiger is a security program for Unix. It scans system configuration files, file system, and user configuration files for possible security problems and reports them.

Tiger was developed by Texas A&M University, 1994 , updated by the Advanced Research Corporation, 1999-2002 and further updated by Javier Fernandez-Sanguino, 2001-2005 .

Tiger is covered by the GNU General Public License (GPL)

Installation

From Ubuntu Linux terminal, type:

taufanlubis@toshiba:~$ sudo apt-get install tiger

Reading package lists… Done

Building dependency tree

Reading state information… Done

Recommended packages:

sendmail mail-transport-agent john chkrootkit

The following NEW packages will be installed:

tiger

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 559kB of archives.

After unpacking 2863kB of additional disk space will be used.

Get:1 http://archive.ubuntu.com gutsy/universe tiger 1:3.2.1-37ubuntu1 [559kB]

Fetched 559kB in 48s (11.5kB/s)

Preconfiguring packages …

Selecting previously deselected package tiger.

(Reading database … 125037 files and directories currently installed.)

Unpacking tiger (from …/tiger_1%3a3.2.1-37ubuntu1_i386.deb) …

Setting up tiger (1:3.2.1-37ubuntu1) …

taufanlubis@toshiba:~$

 

How to run?

taufanlubis@toshiba:~$ sudo tiger

[sudo] password for taufanlubis:

Tiger UN*X security checking system

Developed by Texas A&M University, 1994

Updated by the Advanced Research Corporation, 1999-2002

Further updated by Javier Fernandez-Sanguino, 2001-2005

Covered by the GNU General Public License (GPL)

Configuring…

Will try to check using config for ‘i686′ running Linux 2.6.22-14-generic…

–CONFIG– [con005c] Using configuration files for Linux 2.6.22-14-generic. Using

configuration files for generic Linux 2.

Tiger security scripts *** 3.2.1, 2003.10.10.18.00 ***

06:37> Beginning security report for toshiba.

06:37> Starting file systems scans in background…

06:37> Checking password files…

06:37> Checking group files…

06:37> Checking user accounts…

06:37> Checking .rhosts files…

06:37> Checking .netrc files…

06:37> Checking ttytab, securetty, and login configuration files…

06:37> Checking PATH settings…

06:37> Checking anonymous ftp setup…

06:37> Checking mail aliases…

06:37> Checking cron entries…

06:37> Checking ‘inetd’ configuration…

06:37> Checking ‘tcpd’ configuration…

06:37> Checking ‘services’ configuration…

06:38> Checking NFS export entries…

06:38> Checking permissions and ownership of system files…

–CONFIG– [con010c] Filesystem ‘securityfs’ used by ‘securityfs’ is not recognised as a local filesystem

06:38> Checking for indications of break-in…

–CONFIG– [con010c] Filesystem ‘securityfs’ used by ‘securityfs’ is not recognised as a local filesystem

06:38> Performing rootkit checks…

06:38> Performing system specific checks…

06:42> Performing root directory checks…

06:42> Checking for secure backup devices…

06:42> Checking for the presence of log files…

06:42> Checking for the setting of user’s umask…

06:42> Checking for listening processes…

06:42> Checking SSHD’s configuration…

06:42> Checking the printers control file…

06:42> Checking ftpusers configuration…

06:42> Checking NTP configuration…

06:42> Waiting for filesystems scans to complete…

06:42> Filesystems scans completed…

06:42> Performing check of embedded pathnames…

06:42> Security report completed for toshiba.

Security report is in `/var/log/tiger/security.report.toshiba.080207-06:37′.

taufanlubis@toshiba:~$

 

Check the report

taufanlubis@toshiba:~$ sudo gedit /var/log/tiger/security.report.toshiba.080207-06:37

Security scripts *** 3.2.1, 2003.10.10.18.00 ***

Thu Feb 7 06:37:54 WIT 2008

06:37> Beginning security report for toshiba (i686 Linux 2.6.22-14-generic).

# Performing check of passwd files…

# Checking entries from /etc/passwd.

–WARN– [pass014w] Login (backup) is disabled, but has a valid shell.

–WARN– [pass014w] Login (bin) is disabled, but has a valid shell.

–WARN– [pass014w] Login (daemon) is disabled, but has a valid shell.

–WARN– [pass014w] Login (games) is disabled, but has a valid shell.

–WARN– [pass014w] Login (gnats) is disabled, but has a valid shell.

–WARN– [pass014w] Login (irc) is disabled, but has a valid shell.

–WARN– [pass014w] Login (list) is disabled, but has a valid shell.

–WARN– [pass014w] Login (lp) is disabled, but has a valid shell.

–WARN– [pass014w] Login (mail) is disabled, but has a valid shell.

–WARN– [pass014w] Login (man) is disabled, but has a valid shell.

–WARN– [pass014w] Login (news) is disabled, but has a valid shell.

–WARN– [pass014w] Login (nobody) is disabled, but has a valid shell.

–WARN– [pass014w] Login (proxy) is disabled, but has a valid shell.

–WARN– [pass015w] Login ID sync does not have a valid shell (/bin/sync).

–WARN– [pass014w] Login (sys) is disabled, but has a valid shell.

–WARN– [pass014w] Login (uucp) is disabled, but has a valid shell.

–WARN– [pass014w] Login (www-data) is disabled, but has a valid shell.

–WARN– [pass012w] Home directory /nonexistent exists multiple times (2) in

/etc/passwd.

–WARN– [pass006w] Integrity of password files questionable (/usr/sbin/pwck

-r).

# Performing check of group files…

# Performing check of user accounts…

# Checking accounts from /etc/passwd.

–WARN– [acc006w] Login ID gdm’s home directory (/var/lib/gdm) has group

`gdm’ write access.

–WARN– [acc022w] Login ID nobody home directory (/nonexistent) is not

accessible.

# Performing check of /etc/hosts.equiv and .rhosts files…

# Checking accounts from /etc/passwd…

# Performing check of .netrc files…

# Checking accounts from /etc/passwd…

# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab…

–WARN– [root003w] Root user has message capability turned on.

# Performing check of PATH components…

–WARN– [path009w] /etc/profile does not export an initial setting for PATH.

# Only checking user ‘root’

# Performing check of anonymous FTP…

# Performing checks of mail aliases…

# Checking aliases from /etc/aliases.

# Performing check of `cron’ entries…

–WARN– [cron004w] Root crontab does not exist

–WARN– [cron005w] Use of cron is not restricted

# Performing check of ‘inetd’…

# Checking inetd entries from /etc/inetd.conf

# Performing check of services with tcp wrappers…

# Analysing inetd entries from /etc/inetd.conf

# Performing check of ‘services’ …

# Checking services from /etc/services.

–WARN– [inet003w] The port for service postgres is also assigned to service

postgresql.

–WARN– [inet003w] The port for service postgres is also assigned to service

postgresql.

–WARN– [inet003w] The port for service sane is also assigned to service

sane-port.

# Performing NFS exports check…

# Performing check of system file permissions…

# Checking for known intrusion signs…

# Testing for promiscuous interfaces with /bin/ip

# Testing for backdoors in inetd.conf

# Performing check of files in system mail spool…

# Performing check for rookits…

# Performing system specific checks…

# Performing checks for Linux/2…

# Checking for single user-mode password…

# Checking boot loader file permissions…

–WARN– [boot02] The configuration file /boot/grub/menu.lst has group

permissions. Should be 0600

–FAIL– [boot02] The configuration file /boot/grub/menu.lst has world

permissions. Should be 0600

–WARN– [boot06] The Grub bootloader does not have a password configured.

# Checking for vulnerabilities in inittab configuration…

# Checking for correct umask settings for init scripts…

–WARN– [misc021w] There are no umask entries in /etc/init.d/rcS

# Checking Logins not used on the system …

# Checking network configuration

–WARN– [lin012w] The system accepts ICMP redirection messages

–FAIL– [lin013f] The system is not protected against Syn flooding attacks

–FAIL– [lin014f] The system permits the transmission of IP packets with

invalid addresses

–FAIL– [lin016f] The system permits source routing from incoming packets

–WARN– [lin017w] The system is not configured to log suspicious (martian)

packets

–FAIL– [lin019f] The system does not have any local firewall rules

configured

# Verifying system specific password checks…

# Checking OS release…

–WARN– [osv004w] Unreleased Debian GNU/Linux version `lenny/sid’

# Checking installed packages vs Debian Security Advisories…

# Checking md5sums of installed files

–FAIL– [lin005f] Installed file

`/usr/share/alsa/cards/SI7018/sndoc-mixer.alisp’ checksum differs

from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file

`/usr/share/alsa/cards/SI7018/sndop-mixer.alisp’ checksum differs

from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PC-Speaker.conf’

checksum differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PMac.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PMacToonie.conf’

checksum differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/pcm/dmix.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/pcm/dsnoop.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/sndo-mixer.alisp’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/smixer.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/lib/libasound.so.2.0.0′ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.pcimap’ checksum differs from

installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file `/lib/modules/2.6.22-14-generic/modules.dep’

checksum differs from installed package

‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.ieee1394map’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.usbmap’ checksum differs from

installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.isapnpmap’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.inputmap’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.seriomap’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.alias’ checksum differs from

installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.symbols’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

# Checking installed files against packages…

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-pcm.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq-device.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/oss/snd-seq-oss.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq-midi-event.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-hwdep.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/oss/snd-pcm-oss.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/oss/snd-mixer-oss.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-timer.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd.ko’ does not

belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-rtctimer.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-page-alloc.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/pci/hda/snd-hda-intel.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/misc/vboxdrv.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/volatile/nvidia_new.ko’ does not

belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/volatile/nvidia_legacy.ko’ does not

belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/nvidia.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fxusb.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fwlanusb.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fglrx.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcusb.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcpci.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusba.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusb2.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusb.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/volatile/fcdslslusb.ko’ does not

belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslsl.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdsl2.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdsl.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/ath_hal.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/.mounted’

does not belong to any package.

–WARN– [lin001w] File `/usr/bin/aserver’ does not belong to any package.

# Performing check of root directory…

# Checking device permissions…

–FAIL– [dev002f] /dev/log has world permissions

–WARN– [dev003w] File /dev/sndstat is a regular file in a device directory.

# Checking for existence of log files…

–FAIL– [logf005f] Log file /var/log/btmp permission should be 660

# Checking for correct umask settings…

# Checking listening processes

–WARN– [lin003w] The process `avahi-daemon’ is listening on socket 32768

(UDP on every interface) is run by avahi.

–WARN– [lin003w] The process `avahi-daemon’ is listening on socket 5353 (UDP

on every interface) is run by avahi.

# Checking sshd_config configuration files…

–FAIL– [ssh005w] Cannot find a configuration file for SSH.

# Performing common access checks for root…

–FAIL– [netw020f] There is no /etc/ftpusers file.

# Checking ntpd configuration…

# Checking unusual file names…

# Looking for unusual device files…

–ALERT– [fsys006a] Unexpected device files found:

crw——- 1 root root 5, 1 Oct 16 06:18 /lib/udev/devices/console

crw-r—– 1 root kmem 1, 2 Oct 16 06:18 /lib/udev/devices/kmem

brw——- 1 root root 7, 0 Oct 16 06:18 /lib/udev/devices/loop0

crw——- 1 root root 10, 200 Oct 16 06:18 /lib/udev/devices/net/tun

crw——- 1 root root 1, 3 Oct 16 06:18 /lib/udev/devices/null

crw——- 1 root root 108, 0 Oct 16 06:18 /lib/udev/devices/ppp

lrwxrwxrwx 1 root root 15 Feb 2 17:28 /lib/udev/devices/stderr -> /proc/self/fd/2

# Checking symbolic links…

# Performing check of embedded pathnames…

06:42> Security report completed for toshiba.

Read Full Post »

Follow

Get every new post delivered to your Inbox.

Join 69 other followers