Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
GNU is Not Unix Security

The Tiger Security Tool Has Been Resurrected 7

javifs writes "Do you remember TAMU's security tools? If so you might remember a tool that was developed when COPS, SATAN, and ISS were (back in 1994): Tiger. You might think it was dead, well it's not. Tiger has resurrected at Savannah and even has a new webpage and logo! (cool, isn't it?) Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge: an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways, however, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit samhain, tripwire...) and logcheckers (even more of these, check Counterpane's Log Analysis pages). Also, free software Linux/*BSD distributions have a miriad of security tools to do local security checks: Mandrake's msec, OpenBSD's /etc/security, SUSE's Seccheck... maybe Tiger could substitute them at some point in the future. Do you think Tiger has a place in the toolkit of the security professional? (I might be biased, though, after all I'm the upstream developer for Tiger now :-) ) In any case, have you downloaded and tested the latest release candidate for Tiger version 3.2?"
This discussion has been archived. No new comments can be posted.

The Tiger Security Tool Has Been Resurrected

Comments Filter:
  • have you downloaded and tested the latest release candidate for Tiger version 3.2?
    No.
  • Look at all of the programs that already perform the same task as this program. What does Tiger do that all of the above listed programs don't do?

    In other words, what will make this become a "killer app" and not just another "also ran"?

    • > What does Tiger do that all of the above listed > programs don't do?

      Tiger it is not a logchecker, nor it focused in integrity analysis. It does "the other stuff", it checks the system configuration and status.

      Just read the manpage [nongnu.org] (and it's not fully up to date, i.e, it does not include the new checks). I bet you will be surprised. For example, it has a module that can determine which network servers you are running are using deleted files (because you patched the libraries through a package upg

  • Wow! (Score:3, Funny)

    by bellings ( 137948 ) on Tuesday April 22, 2003 @10:41PM (#5786926)
    Holy Shit! They have a webpage and a logo? This project is going to fawking rawk, dude!
  • We have used it (old TAMU v. 2.2.3) in our IT Audit process here at TI for quite a while. We certainly don't rely on it exclusively, but it does catch most of the standard UNIX "gotchas" across various platforms (here mostly Sun, HP, and now Linux). It also has decent reporting and can be as verbose or terse as you like. It integrates nicely with Crack as well. Not too bad for a bunch of Aggies! *ducks*
    • The problem with the old TAMU version is that it was getting as out of date as SATAN was. It still is a good framework and has lots of room for improvement.

      Also, it's the only tool of that time that is completely free [debian.org]. SATAN, COPS and ISS are either outdated or no longer free and new replacements have appeared for some of them (Nessus [nessus.org]).

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...