Tiger is a security program for Unix. It scans system configuration files, file system, and user configuration files for possible security problems and reports them.
Tiger was developed by Texas A&M University, 1994 , updated by the Advanced Research Corporation, 1999-2002 and further updated by Javier Fernandez-Sanguino, 2001-2005 .
Tiger is covered by the GNU General Public License (GPL)
Installation
From Ubuntu Linux terminal, type:
taufanlubis@toshiba:~$ sudo apt-get install tiger
Reading package lists… Done
Building dependency tree
Reading state information… Done
Recommended packages:
sendmail mail-transport-agent john chkrootkit
The following NEW packages will be installed:
tiger
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 559kB of archives.
After unpacking 2863kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com gutsy/universe tiger 1:3.2.1-37ubuntu1 [559kB]
Fetched 559kB in 48s (11.5kB/s)
Preconfiguring packages …
Selecting previously deselected package tiger.
(Reading database … 125037 files and directories currently installed.)
Unpacking tiger (from …/tiger_1%3a3.2.1-37ubuntu1_i386.deb) …
Setting up tiger (1:3.2.1-37ubuntu1) …
taufanlubis@toshiba:~$
How to run?
taufanlubis@toshiba:~$ sudo tiger
[sudo] password for taufanlubis:
Tiger UN*X security checking system
Developed by Texas A&M University, 1994
Updated by the Advanced Research Corporation, 1999-2002
Further updated by Javier Fernandez-Sanguino, 2001-2005
Covered by the GNU General Public License (GPL)
Configuring…
Will try to check using config for ‘i686’ running Linux 2.6.22-14-generic…
–CONFIG– [con005c] Using configuration files for Linux 2.6.22-14-generic. Using
configuration files for generic Linux 2.
Tiger security scripts *** 3.2.1, 2003.10.10.18.00 ***
06:37> Beginning security report for toshiba.
06:37> Starting file systems scans in background…
06:37> Checking password files…
06:37> Checking group files…
06:37> Checking user accounts…
06:37> Checking .rhosts files…
06:37> Checking .netrc files…
06:37> Checking ttytab, securetty, and login configuration files…
06:37> Checking PATH settings…
06:37> Checking anonymous ftp setup…
06:37> Checking mail aliases…
06:37> Checking cron entries…
06:37> Checking ‘inetd’ configuration…
06:37> Checking ‘tcpd’ configuration…
06:37> Checking ‘services’ configuration…
06:38> Checking NFS export entries…
06:38> Checking permissions and ownership of system files…
–CONFIG– [con010c] Filesystem ‘securityfs’ used by ‘securityfs’ is not recognised as a local filesystem
06:38> Checking for indications of break-in…
–CONFIG– [con010c] Filesystem ‘securityfs’ used by ‘securityfs’ is not recognised as a local filesystem
06:38> Performing rootkit checks…
06:38> Performing system specific checks…
06:42> Performing root directory checks…
06:42> Checking for secure backup devices…
06:42> Checking for the presence of log files…
06:42> Checking for the setting of user’s umask…
06:42> Checking for listening processes…
06:42> Checking SSHD’s configuration…
06:42> Checking the printers control file…
06:42> Checking ftpusers configuration…
06:42> Checking NTP configuration…
06:42> Waiting for filesystems scans to complete…
06:42> Filesystems scans completed…
06:42> Performing check of embedded pathnames…
06:42> Security report completed for toshiba.
Security report is in `/var/log/tiger/security.report.toshiba.080207-06:37′.
taufanlubis@toshiba:~$
Check the report
taufanlubis@toshiba:~$ sudo gedit /var/log/tiger/security.report.toshiba.080207-06:37
Security scripts *** 3.2.1, 2003.10.10.18.00 ***
Thu Feb 7 06:37:54 WIT 2008
06:37> Beginning security report for toshiba (i686 Linux 2.6.22-14-generic).
# Performing check of passwd files…
# Checking entries from /etc/passwd.
–WARN– [pass014w] Login (backup) is disabled, but has a valid shell.
–WARN– [pass014w] Login (bin) is disabled, but has a valid shell.
–WARN– [pass014w] Login (daemon) is disabled, but has a valid shell.
–WARN– [pass014w] Login (games) is disabled, but has a valid shell.
–WARN– [pass014w] Login (gnats) is disabled, but has a valid shell.
–WARN– [pass014w] Login (irc) is disabled, but has a valid shell.
–WARN– [pass014w] Login (list) is disabled, but has a valid shell.
–WARN– [pass014w] Login (lp) is disabled, but has a valid shell.
–WARN– [pass014w] Login (mail) is disabled, but has a valid shell.
–WARN– [pass014w] Login (man) is disabled, but has a valid shell.
–WARN– [pass014w] Login (news) is disabled, but has a valid shell.
–WARN– [pass014w] Login (nobody) is disabled, but has a valid shell.
–WARN– [pass014w] Login (proxy) is disabled, but has a valid shell.
–WARN– [pass015w] Login ID sync does not have a valid shell (/bin/sync).
–WARN– [pass014w] Login (sys) is disabled, but has a valid shell.
–WARN– [pass014w] Login (uucp) is disabled, but has a valid shell.
–WARN– [pass014w] Login (www-data) is disabled, but has a valid shell.
–WARN– [pass012w] Home directory /nonexistent exists multiple times (2) in
/etc/passwd.
–WARN– [pass006w] Integrity of password files questionable (/usr/sbin/pwck
-r).
# Performing check of group files…
# Performing check of user accounts…
# Checking accounts from /etc/passwd.
–WARN– [acc006w] Login ID gdm’s home directory (/var/lib/gdm) has group
`gdm’ write access.
–WARN– [acc022w] Login ID nobody home directory (/nonexistent) is not
accessible.
# Performing check of /etc/hosts.equiv and .rhosts files…
# Checking accounts from /etc/passwd…
# Performing check of .netrc files…
# Checking accounts from /etc/passwd…
# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab…
–WARN– [root003w] Root user has message capability turned on.
# Performing check of PATH components…
–WARN– [path009w] /etc/profile does not export an initial setting for PATH.
# Only checking user ‘root’
# Performing check of anonymous FTP…
# Performing checks of mail aliases…
# Checking aliases from /etc/aliases.
# Performing check of `cron’ entries…
–WARN– [cron004w] Root crontab does not exist
–WARN– [cron005w] Use of cron is not restricted
# Performing check of ‘inetd’…
# Checking inetd entries from /etc/inetd.conf
# Performing check of services with tcp wrappers…
# Analysing inetd entries from /etc/inetd.conf
# Performing check of ‘services’ …
# Checking services from /etc/services.
–WARN– [inet003w] The port for service postgres is also assigned to service
postgresql.
–WARN– [inet003w] The port for service postgres is also assigned to service
postgresql.
–WARN– [inet003w] The port for service sane is also assigned to service
sane-port.
# Performing NFS exports check…
# Performing check of system file permissions…
# Checking for known intrusion signs…
# Testing for promiscuous interfaces with /bin/ip
# Testing for backdoors in inetd.conf
# Performing check of files in system mail spool…
# Performing check for rookits…
# Performing system specific checks…
# Performing checks for Linux/2…
# Checking for single user-mode password…
# Checking boot loader file permissions…
–WARN– [boot02] The configuration file /boot/grub/menu.lst has group
permissions. Should be 0600
–FAIL– [boot02] The configuration file /boot/grub/menu.lst has world
permissions. Should be 0600
–WARN– [boot06] The Grub bootloader does not have a password configured.
# Checking for vulnerabilities in inittab configuration…
# Checking for correct umask settings for init scripts…
–WARN– [misc021w] There are no umask entries in /etc/init.d/rcS
# Checking Logins not used on the system …
# Checking network configuration
–WARN– [lin012w] The system accepts ICMP redirection messages
–FAIL– [lin013f] The system is not protected against Syn flooding attacks
–FAIL– [lin014f] The system permits the transmission of IP packets with
invalid addresses
–FAIL– [lin016f] The system permits source routing from incoming packets
–WARN– [lin017w] The system is not configured to log suspicious (martian)
packets
–FAIL– [lin019f] The system does not have any local firewall rules
configured
# Verifying system specific password checks…
# Checking OS release…
–WARN– [osv004w] Unreleased Debian GNU/Linux version `lenny/sid’
# Checking installed packages vs Debian Security Advisories…
# Checking md5sums of installed files
–FAIL– [lin005f] Installed file
`/usr/share/alsa/cards/SI7018/sndoc-mixer.alisp’ checksum differs
from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file
`/usr/share/alsa/cards/SI7018/sndop-mixer.alisp’ checksum differs
from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PC-Speaker.conf’
checksum differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PMac.conf’ checksum
differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PMacToonie.conf’
checksum differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/pcm/dmix.conf’ checksum
differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/pcm/dsnoop.conf’ checksum
differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/sndo-mixer.alisp’ checksum
differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/share/alsa/smixer.conf’ checksum
differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file `/usr/lib/libasound.so.2.0.0′ checksum
differs from installed package ‘libasound2’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.pcimap’ checksum differs from
installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file `/lib/modules/2.6.22-14-generic/modules.dep’
checksum differs from installed package
‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.ieee1394map’ checksum differs
from installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.usbmap’ checksum differs from
installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.isapnpmap’ checksum differs
from installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.inputmap’ checksum differs
from installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.seriomap’ checksum differs
from installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.alias’ checksum differs from
installed package ‘linux-image-2.6.22-14-generic’.
–FAIL– [lin005f] Installed file
`/lib/modules/2.6.22-14-generic/modules.symbols’ checksum differs
from installed package ‘linux-image-2.6.22-14-generic’.
# Checking installed files against packages…
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-pcm.ko’ does
not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq-device.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/oss/snd-seq-oss.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq-midi-event.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-hwdep.ko’ does
not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/oss/snd-pcm-oss.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/oss/snd-mixer-oss.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-timer.ko’ does
not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd.ko’ does not
belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-rtctimer.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-page-alloc.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/kernel/sound/pci/hda/snd-hda-intel.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/misc/vboxdrv.ko’ does
not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/volatile/nvidia_new.ko’ does not
belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/volatile/nvidia_legacy.ko’ does not
belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/nvidia.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fxusb.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fwlanusb.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fglrx.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcusb.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcpci.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusba.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusb2.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusb.ko’
does not belong to any package.
–WARN– [lin001w] File
`/lib/modules/2.6.22-14-generic/volatile/fcdslslusb.ko’ does not
belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslsl.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdsl2.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdsl.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/ath_hal.ko’
does not belong to any package.
–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/.mounted’
does not belong to any package.
–WARN– [lin001w] File `/usr/bin/aserver’ does not belong to any package.
# Performing check of root directory…
# Checking device permissions…
–FAIL– [dev002f] /dev/log has world permissions
–WARN– [dev003w] File /dev/sndstat is a regular file in a device directory.
# Checking for existence of log files…
–FAIL– [logf005f] Log file /var/log/btmp permission should be 660
# Checking for correct umask settings…
# Checking listening processes
–WARN– [lin003w] The process `avahi-daemon’ is listening on socket 32768
(UDP on every interface) is run by avahi.
–WARN– [lin003w] The process `avahi-daemon’ is listening on socket 5353 (UDP
on every interface) is run by avahi.
# Checking sshd_config configuration files…
–FAIL– [ssh005w] Cannot find a configuration file for SSH.
# Performing common access checks for root…
–FAIL– [netw020f] There is no /etc/ftpusers file.
# Checking ntpd configuration…
# Checking unusual file names…
# Looking for unusual device files…
–ALERT– [fsys006a] Unexpected device files found:
crw——- 1 root root 5, 1 Oct 16 06:18 /lib/udev/devices/console
crw-r—– 1 root kmem 1, 2 Oct 16 06:18 /lib/udev/devices/kmem
brw——- 1 root root 7, 0 Oct 16 06:18 /lib/udev/devices/loop0
crw——- 1 root root 10, 200 Oct 16 06:18 /lib/udev/devices/net/tun
crw——- 1 root root 1, 3 Oct 16 06:18 /lib/udev/devices/null
crw——- 1 root root 108, 0 Oct 16 06:18 /lib/udev/devices/ppp
lrwxrwxrwx 1 root root 15 Feb 2 17:28 /lib/udev/devices/stderr -> /proc/self/fd/2
# Checking symbolic links…
# Performing check of embedded pathnames…
06:42> Security report completed for toshiba.
Leave a comment