The Tiger Security Tool Has Been Resurrected

javifs writes "Do you remember TAMU's security tools? If so you might remember a tool that was developed when COPS, SATAN, and ISS were (back in 1994): Tiger. You might think it was dead, well it's not. Tiger has resurrected at Savannah and even has a new webpage and logo! (cool, isn't it?) Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge: an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways, however, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit samhain, tripwire...) and logcheckers (even more of these, check Counterpane's Log Analysis pages). Also, free software Linux/*BSD distributions have a miriad of security tools to do local security checks: Mandrake's msec, OpenBSD's /etc/security, SUSE's Seccheck... maybe Tiger could substitute them at some point in the future. Do you think Tiger has a place in the toolkit of the security professional? (I might be biased, though, after all I'm the upstream developer for Tiger now :-) ) In any case, have you downloaded and tested the latest release candidate for Tiger version 3.2?"

I like it just fine, glad to hear it's still alive

[fluffhead]

We have used it (old TAMU v. 2.2.3) in our IT Audit process here at TI for quite a while. We certainly don't rely on it exclusively, but it does catch most of the standard UNIX "gotchas" across various platforms (here mostly Sun, HP, and now Linux). It also has decent reporting and can be as verbose or terse as you like. It integrates nicely with Crack as well. Not too bad for a bunch of Aggies! *ducks*