Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Tiger Security Tool Has Been Resurrected

Posted by timothy on from the aggie-tigers-changing-lightbulbs dept.

javifs writes "Do you remember TAMU's security tools? If so you might remember a tool that was developed when COPS, SATAN, and ISS were (back in 1994): Tiger. You might think it was dead, well it's not. Tiger has resurrected at Savannah and even has a new webpage and logo! (cool, isn't it?) Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge: an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways, however, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit samhain, tripwire...) and logcheckers (even more of these, check Counterpane's Log Analysis pages). Also, free software Linux/*BSD distributions have a miriad of security tools to do local security checks: Mandrake's msec, OpenBSD's /etc/security, SUSE's Seccheck... maybe Tiger could substitute them at some point in the future. Do you think Tiger has a place in the toolkit of the security professional? (I might be biased, though, after all I'm the upstream developer for Tiger now :-) ) In any case, have you downloaded and tested the latest release candidate for Tiger version 3.2?"

7 comments

  1. In a word... by Rick+the+Red · · Score: 1, Troll
    have you downloaded and tested the latest release candidate for Tiger version 3.2?
    No.
    --
    If all this should have a reason, we would be the last to know.
  2. With all the links provided... by mhesseltine · · Score: 1

    Look at all of the programs that already perform the same task as this program. What does Tiger do that all of the above listed programs don't do?

    In other words, what will make this become a "killer app" and not just another "also ran"?

    --
    Overrated / Underrated : Moderation :: Anonymous Coward : Posting
    1. Re:With all the links provided... by javifs · · Score: 2, Interesting
      > What does Tiger do that all of the above listed > programs don't do?

      Tiger it is not a logchecker, nor it focused in integrity analysis. It does "the other stuff", it checks the system configuration and status.

      Just read the manpage (and it's not fully up to date, i.e, it does not include the new checks). I bet you will be surprised. For example, it has a module that can determine which network servers you are running are using deleted files (because you patched the libraries through a package upgrade but the server was not restarted).

      As for system security checks that Tiger provides that others do not you can read this (short) comparison.

  3. Wow! by bellings · · Score: 2, Funny

    Holy Shit! They have a webpage and a logo? This project is going to fawking rawk, dude!

    --
    Slashdot is jumping the shark. I'm just driving the boat.
    1. Re:Wow! by Anonymous Coward · · Score: 0

      I think the poster was sleeping though Astroturfing 101.

  4. I like it just fine, glad to hear it's still alive by fluffhead · · Score: 2, Informative

    We have used it (old TAMU v. 2.2.3) in our IT Audit process here at TI for quite a while. We certainly don't rely on it exclusively, but it does catch most of the standard UNIX "gotchas" across various platforms (here mostly Sun, HP, and now Linux). It also has decent reporting and can be as verbose or terse as you like. It integrates nicely with Crack as well. Not too bad for a bunch of Aggies! *ducks*

    --

    #include "disclaim.h"
    "All the best people in life seem to like LINUX." - Steve Wozniak
  5. Re:I like it just fine, glad to hear it's still al by javifs · · Score: 2, Interesting

    The problem with the old TAMU version is that it was getting as out of date as SATAN was. It still is a good framework and has lots of room for improvement.

    Also, it's the only tool of that time that is completely free. SATAN, COPS and ISS are either outdated or no longer free and new replacements have appeared for some of them (Nessus).