{"id":7263,"date":"2019-01-07T10:06:00","date_gmt":"2019-01-07T10:06:00","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/?p=7263"},"modified":"2019-01-08T12:56:06","modified_gmt":"2019-01-08T12:56:06","slug":"the-unix-security-audit-and-intrusion-detection-tool","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/01\/07\/the-unix-security-audit-and-intrusion-detection-tool\/","title":{"rendered":"The Unix Security Audit and Intrusion Detection Tool"},"content":{"rendered":"

Tiger<\/strong>\u00a0is a free, open source collections of shell scripts for security audit and host intrusion detection, for Unix-like systems such as Linux. It\u2019s a security checker written entirely in shell language and employs various POSIX tools in the backend. It\u2019s major purpose is to check the system configuration and status.<\/p>\n

It\u2019s very extensible than the other security tools, and has a good configuration file. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them.<\/p>\n

In this article, we will show how to install and use Tiger security checker with basic examples in Linux.<\/p>\n

How to Install Tiger Security Tool in Linux<\/h3>\n

On\u00a0Debian<\/strong>\u00a0and its derivatives such\u00a0Ubuntu<\/strong>\u00a0and\u00a0Linux Mint<\/strong>, you can easily install\u00a0Tiger<\/strong>\u00a0security tool from the default repositories using package manger as shown.<\/p>\n

$ sudo apt install tiger \r\n<\/pre>\n
On other Linux distributions, you can\u00a0download the latest source<\/a>\u00a0(the current stable release is\u00a03.2.3<\/strong>, at the time of writing) and run it straight away from the terminal as as root or use the\u00a0sudo command<\/a>\u00a0to gain root privileges.<\/p>\n
$ wget  -c  http:\/\/download.savannah.gnu.org\/releases\/tiger\/tiger-3.2rc3.tar.gz\r\n$ tar -xzf tiger-3.2rc3.tar.gz\r\n$ cd tiger-3.2\/\r\n$ sudo .\/tiger\r\n<\/pre>\n
By default all checks are enabled, in the\u00a0tigerrc<\/strong>\u00a0file and you can edit it using a CLI editor of your liking to enable only the checks you are interested in:<\/p>\n
\"Run<\/a><\/p>\n
Run Tiger Security Audit Tool on Linux<\/p>\n<\/div>\n
When the security scan is complete, a security report will be generated in the log sub directory, you will see a message similar to this (where\u00a0tecmint<\/strong>\u00a0is the hostname):<\/p>\n
Security report is in `log\/\/security.report.tecmint.181229-11:12'.\r\n<\/pre>\n
You can view the contents of the security report file using\u00a0cat command<\/a>.<\/p>\n
$ sudo cat log\/security.report.tecmint.181229-11\\:12\r\n<\/pre>\n
\"View<\/a><\/p>\n
View Security Report<\/p>\n<\/div>\n
If you just want more information on a specific security message, run the\u00a0tigexp<\/strong>\u00a0(TIGer EXPlain<\/strong>) command and provide the\u00a0msgid<\/strong>\u00a0as an argument, where \u201cmsgid<\/strong>\u201d is the text inside the\u00a0[]<\/strong>\u00a0associated with each message.<\/p>\n
For example, to get more information about the following messages, where\u00a0[acc001w]<\/strong>\u00a0and\u00a0[path009w]<\/strong>\u00a0are the msgids:<\/p>\n
--WARN-- [acc015w] Login ID nobody has a duplicate home directory (\/nonexistent) with another user.  \r\n--WARN-- [path009w] \/etc\/profile does not export an initial setting for PATH.\r\n<\/pre>\n
Simply run these commands:<\/p>\n
$ sudo .\/tigexp acc015w\r\n$ sudo .\/tigexp path009w\r\n<\/pre>\n
\"View<\/a><\/p>\n
View Security Messages<\/p>\n<\/div>\n
If you want to insert the explanations (more information on a particular message generated by tiger) in the report, you can either run tiger with the\u00a0-E<\/code>\u00a0flag.<\/p>\n
$ sudo .\/tiger -E \r\n<\/pre>\n
Or if you have already run it, then use\u00a0tigexp<\/strong>\u00a0command with the\u00a0-F<\/strong>\u00a0flag to specify the report file, for example:<\/p>\n
$ sudo .\/tigexp -F log\/security.report.tecmint.181229-11\\:12\r\n<\/pre>\n
\"View<\/a><\/p>\n
View Security Report with Messages<\/p>\n<\/div>\n
To generate a separate explanation file from a report file, run the following command (where\u00a0-f<\/code>\u00a0is used to specify the report file):<\/p>\n
$ sudo .\/tigexp -f log\/security.report.tecmint.181229-11\\:12\r\n<\/pre>\n
As you can see, installing\u00a0tiger<\/strong>\u00a0is not necessary. However, if you want to install it on your system for purposes of convenience, run the following commands (use\u00a0.\/configure \u2013 -help<\/strong>\u00a0to check configure script options):<\/p>\n
$ .\/configure\r\n$ sudo make install\r\n<\/pre>\n
For more information, see the man pages under the\u00a0.\/man\/<\/strong>\u00a0sub-directory, and use the\u00a0cat command<\/a>\u00a0to view them. But if you have installed the package, run:<\/p>\n
$ man tiger \r\n$ man tigerexp\r\n<\/pre>\n
Tiger project homepage:\u00a0https:\/\/www.nongnu.org\/tiger\/<\/a><\/p>\n
Tiger<\/strong>\u00a0is a set of scripts that scan a Unix-like system looking for security problems \u2013 it\u2019s a security checker. In this article, we have shown how to install and use Tiger in Linux. Use the feedback form to ask questions or share your thoughts about this tool.<\/p>\n
Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Tiger\u00a0is a free, open source collections of shell scripts for security audit and host intrusion detection, for Unix-like systems such as Linux. It\u2019s a security checker written entirely in shell language and employs various POSIX tools in the backend. It\u2019s major purpose is to check the system configuration and status. It\u2019s very extensible than the … <\/p>\n
Continue reading “The Unix Security Audit and Intrusion Detection Tool”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7263","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/7263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=7263"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/7263\/revisions"}],"predecessor-version":[{"id":7601,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/7263\/revisions\/7601"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=7263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=7263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=7263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}