TIGER - Basic Config: Difference between revisions

Return to Wiki Index

Tiger configuration files are located in the /etc directory, and these files control the checks Tiger performs during its audits. Some common files include:

• /etc/tiger/tigerrc - The main configuration file for Tiger's settings.
• /etc/tiger/tiger.def - This file contains default definitions for various checks.
• /etc/tiger/checks - A collection of individual check scripts for different audits.

To run Tiger, simply execute the following command:

tiger

By default, Tiger runs a comprehensive security check on the system. It will output results to the terminal or a log file depending on the configuration settings.

Tiger generates reports after running an audit. These reports are usually stored in /var/log/tiger. The log files include detailed information about potential security issues identified during the audit. You can review the logs to determine the severity of each issue and take corrective action if necessary.

Example of a log entry:

/var/log/tiger/var_log_audit: Potential unauthorized users:
    User: testuser
    Home Directory: /home/testuser
    UID: 1001

Tiger performs various checks to identify potential vulnerabilities. Below are some examples of key checks that are part of the Tiger security audit:

Tiger checks for the existence of unauthorized or insecure user accounts. It verifies that all user accounts comply with system security policies (e.g., proper UID/GID, shell permissions, etc.).

Example check:

# Check for passwordless accounts
tigercmd -C /etc/passwd -u

This command will check for user accounts that do not have a password set.

Tiger can also check the integrity of critical system files by comparing the current file hash against known good values. It helps detect unauthorized changes to important files such as binaries, system libraries, and configuration files.

Example check:

# Check file integrity of system binaries
tigercmd -C /usr/bin

Tiger audits the system for binaries that have the SUID (Set User ID) or SGID (Set Group ID) bits set, which could potentially be exploited by attackers to gain unauthorized privileges.

Example check:

# List SUID/SGID binaries
tigercmd -C /usr/bin -s

This command will list all binaries with the SUID/SGID flags set.

Tiger can verify that various system security settings are configured properly. This includes checks for firewall settings, user authentication methods, and login policies.

Example check:

# Check for weak password policies
tigercmd -C /etc/pam.d/common-password

This will review the password policies and flag weak configurations.

You can automate Tiger audits by setting up periodic scans using cron jobs. Below is an example of a cron job to run Tiger weekly:

# Open crontab file for editing
crontab -e

# Add the following line to run Tiger every Sunday at 2 AM
0 2 * * 0 /usr/local/bin/tiger > /var/log/tiger_weekly.log 2>&1

This cron job will run Tiger every Sunday at 2 AM and log the output to /var/log/tiger_weekly.log.

Tiger allows you to customize which checks to perform by modifying the configuration files. You can enable or disable specific checks based on your needs.

To customize checks, edit the configuration file `tigerrc`:

# Open the configuration file
sudo nano /etc/tiger/tigerrc

# Add or remove checks as needed. For example:
# disable_check='check_suid_binaries'

This allows you to disable checks that are not necessary for your system or to focus on particular areas of security.

If you encounter issues while running Tiger, you can enable verbose mode to get more detailed output, which can help identify problems.

To run Tiger in verbose mode:

tiger -v

This will provide additional debug information, such as the status of individual checks and any errors encountered during the audit.

• Tiger Source Code
• Securing Debian Guide
• Tiger Security Website
• man page for Tiger
• Security Tools for Linux