'tiger' is a set of scripts that scan a Un*x system looking for security problems, in the same fashion as Dan Farmer's COPS. 'tiger' was originally developed to provide a check of UNIX systems on the A&M campus that want to be accessed from off campus (clearance through the packet filter). As such, we needed something that *anyone* could run if they could figure out how to get it down to their machine. If you just want to run it, without regards to time considerations, then just 'cd' into the tiger directory and run './tiger' as 'root'. Time to run depends on amount of disk space (non-NFS) that is available. Output is stored in security.log.'hostname'.MMDD-hhmm. Note that if the binaries have to be created (see man page), the bin directory (-b switch) *must* be writable. The program will try to work around the inability to create the executables, but some checks will not be performed if it does not have them. If you want, all of the check_* scripts in the top level directory can be run directly without going through the 'tiger' driver. See the file COPYING for legal stuff. ------------------------------------------------------------------------ New Stuff 06/17/93 --------- First off, there are some man pages in the 'man' directory. They are definitely lacking. If I ever stop adding stuff to the package, maybe I will be able to write better documentation. ******** Explain facility. All messages (should) have a message ID associated with them in square brackets []. The script 'tigexp' can be used to get an explanation of the message. Some (many?) of the explanations are lacking. You can also insert the explanations into the output of 'tiger' by using the '-e' flag. If anyone has suggestions or improved explanations, don't hesitate to send them to me. ******** Crack 4.1 interface. 'tiger' will now run Alec Muffett's password cracker 'Crack'. See the 'tigerrc' file and 'site-sample' file for information on enabling it (it is disabled by default). ******** Systems: SunOS 4.1.1 sun3, 4.1.1 sun4, 4.1.2, 4.1.3, 5.1, 5.2 sun4 NeXT 3.0 There, but untested (and I do mean untested). You can try them, but they have *never* been used, so I have no idea what to expect. Some parts are missing (i.e., no signature files). AIX 3.x (if this one works... any idea why so many setuid's on AIX 3?) HPUX (probably anything up to 9.x) IRIX 4.x UNICOS 6.x 7.x (if those pesky users didn't use the machine so much...) ******** More checks. A few of the additions since the last release are: check_aliases: Check mail aliases for problems. check_cron: Check 'cron' entries for problems. check_group: Cross reference 'group' files for problems. check_passwd: Cross reference 'passwd' files for problems. check_path: Check 'root' (and optionally all users) PATH for problems. In addition all previous scripts have been beefed up with many more checks. File Permission databases have been improved (though they still need more work). Scripts which check the path to executables and files now check the pathname thoroughly, even in the face of symbolic links. The file system scans now report device files, world writable directories, symbolic links to system files, in addition to setuid executables. Also the setuid checks now attempt to determine if a setuid program is an old version of a binary for which a security patch was released (i.e., it was moved out of the way, but never deleted or chmod'd, and hence may still be a security problem). For servers of diskless or dataless clients, some "quick" checks of the clients can be performed on the server (see man/tiger.man). Not everything can be checked. Plus, support is not complete. It is possible to install 'tiger' now so that you don't have to feed it all the names of the directories on each invocation. Just run 'Install'... it will prompt for names. 'tigercron' provides a simple-cron facility with report differencing capability and mailing of reports. This is just started and needs more work to be really useful. See the 'cronrc' file for a sample input to it. Checks for the availability of a utility commands have been moved nearer to where they are actually needed (as opposed to having them at the top of each script). This enables more checks to be performed when only a few commands are missing. All cleanup of scratch files goes through the 'delete' routine which won't delete a file that isn't in the scratch work directory. This is to prevent programmer errors from zapping the wrong file [what? programmer errors? Never... :)] Some more C code added. Handling of obtaining a compilation of the source improved. For casual use, nothing need be done. The C code will be compiled and installed in the Bindir (TIGERHOME/bin by default). For regular use, or use in a large group of systems, sharing the tiger directories, the binaries can be compiled and stored in the respective system directories. The scripts will use the binary directly from that directory. The Solaris 2.x (SunOS 5) directory provides precompiled binaries (no C compiler by default). Finally, if you try to run this on a system with an old or broken Bourne shell, or one without functions, have a peek at util/setsh. This will change all the '#!' headers to some other shell (i.e. ksh or bash). Note that 'tiger' has never been run under either of these, but it might be worth a shot. ------------------------------------------------------------------------ And finally, any suggestions, bug fixes, etc, etc, etc... send 'em in! Operators are standing by... In regards to the work on the other systems (AIX, IRIX, HPUX) if anyone can advise me on security patches, I'd appreciate it. I have no dealings with these, so I'm not sure how the companies work. All I need are the SNEFRU signatures (hint, hint, hint)... Doug. Doug.Schales@sc.tamu.edu