This article may have confusing or ambiguous abbreviations .(November 2011) |
Developer(s) | Javier Fernández-Sanguino |
---|---|
Initial release | 1994 |
Stable release | 3.2.3 / March 3, 2010 |
Operating system | Unix, Linux, Solaris |
Available in | English |
Type | Security Audit, Intrusion Detection System |
License | GPL |
Website | http://www.nongnu.org/tiger/ |
Tiger is a security software for Unix-like computer operating systems. It can be used both as a security audit tool and a host-based intrusion detection system and supports multiple UNIX platforms. Tiger is free under the GPL license and unlike other tools, it needs only of POSIX tools, and is written entirely in shell language.
Tiger is based on a set of modular scripts that can be run either together or independently to check different aspects of a UNIX system including the review of:
Tiger was originally developed by Douglas Lee Schales, Dave K. Hess, Khalid Warraich, and Dave R. Safford in 1992 at Texas A&M University. [1] [2] The tool was originally developed to provide a check of UNIX systems on the A&M campus that had to be accessed from off campus and, consequently, required clearance through the network security measures set in place. It was developed after a coordinated attack in August 1992 to computers in the campus. The campus system administrators needed something that any user could use to test the system's security and run if they could figure out how to get it down to their machines. The tool was presented in the Fourth USENIX Security Symposium. It was written at the same time that other auditing tools such as COPS, SATAN and Internet Security Scanner were written. Eventually, after the 2.2.4 version, which was released in 1994, development of Tiger stalled. [3]
Three different forks evolved after Tiger: TARA (developed by Advanced Research Computing Tiger Analytical Research Assistant), one internally developed by the HP corporation by Bryan Gartner and the last one developed for the Debian GNU/Linux distribution by Javier Fernández-Sanguino (current upstream maintainer). All the forks aimed at making Tiger work in newer versions of different UNIX operating systems.
These forks were merged in May 2002 and in June 2002 the new source code, now labeled as the 3.0 release, was published in the download section of the newly created Savannah site. Following this merge, the following releases were published:
Tiger has some interesting features including a modular design that is easy to expand. It can be used as an audit tool and a host-based intrusion detection system tool as described in the program's manpage [4] and in the source code documentation (README.hostids).
Tiger complements Intrusion Detection System (IDS) (from network IDS Snort), to the kernel (Log-based Intrusion Detection System or LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), integrity checkers (many of these: AIDE, integrit, Samhain, Tripwire...) and logcheckers, providing a framework in which all of them can work together while checking the system configuration and status.
A Linux distribution is an operating system made from a software collection that includes the Linux kernel and often a package management system. They are often obtained from the website of each distribution, which are available for a wide variety of systems ranging from embedded devices and personal computers to servers and powerful supercomputers.
Plan 9 from Bell Labs is a distributed operating system which originated from the Computing Science Research Center (CSRC) at Bell Labs in the mid-1980s and built on UNIX concepts first developed there in the late 1960s. Since 2000, Plan 9 has been free and open-source. The final official release was in early 2015.
A Unix shell is a command-line interpreter or shell that provides a command line user interface for Unix-like operating systems. The shell is both an interactive command language and a scripting language, and is used by the operating system to control the execution of the system using shell scripts.
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
The system utility fsck
is a tool for checking the consistency of a file system in Unix and Unix-like operating systems, such as Linux, macOS, and FreeBSD. The equivalent programs on MS-DOS and Microsoft Windows are CHKDSK, SFC, and SCANDISK.
rc is the command line interpreter for Version 10 Unix and Plan 9 from Bell Labs operating systems. It resembles the Bourne shell, but its syntax is somewhat simpler. It was created by Tom Duff, who is better known for an unusual C programming language construct.
GoboLinux is a Linux distribution whose most prominent feature is a reorganization of the traditional Linux file system. Rather than following the Filesystem Hierarchy Standard like most Unix-like systems, each program in a GoboLinux system has its own subdirectory tree, where all of its files may be found. Thus, a program "Foo" has all of its specific files and libraries in /Programs/Foo
, under the corresponding version of this program at hand. For example, the commonly known GCC compiler suite version 8.1.0, would reside under the directory /Programs/GCC/8.1.0
.
tmpfs is a temporary file storage paradigm implemented in many Unix-like operating systems. It is intended to appear as a mounted file system, but data is stored in volatile memory instead of a persistent storage device. A similar construction is a RAM disk, which appears as a virtual disk drive and hosts a disk file system.
chroot
is an operation on Unix and Unix-like operating systems that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.
fstab is a system file commonly found in the directory /etc
on Unix and Unix-like computer systems. In Linux, it is part of the util-linux package. The fstab file typically lists all available disk partitions and other types of file systems and data sources that may not necessarily be disk-based, and indicates how they are to be initialized or otherwise integrated into the larger file system structure.
CFEngine is a configuration management system, written by Mark Burgess. Its primary function is to provide automated configuration and maintenance of large-scale computer systems, including the unified management of servers, desktops, consumer and industrial devices, embedded network devices, mobile smartphones, and tablet computers.
A LAMP is one of the most common software stacks for the web's most popular applications. Its generic software stack model has largely interchangeable components.
In Linux systems, initrd
is a scheme for loading a temporary root file system into memory, to be used as part of the Linux startup process. initrd
and initramfs
refer to two different methods of achieving this. Both are commonly used to make preparations before the real root file system can be mounted.
Argus – the Audit Record Generation and Utilization System is the first implementation of network flow monitoring, and is an ongoing open source network flow monitor project. Started by Carter Bullard in 1984 at Georgia Tech, and developed for cyber security at Carnegie Mellon University in the early 1990s, Argus has been an important contributor to Internet cyber security technology over its 30 years..
EncFS is a Free (LGPL) FUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.
Crack is a Unix password cracking program designed to allow system administrators to locate users who may have weak passwords vulnerable to a dictionary attack. Crack was the first standalone password cracker for Unix systems and the first to introduce programmable dictionary generation as well.
Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.
The Advanced Intrusion Detection Environment (AIDE) was initially developed as a free replacement for Tripwire licensed under the terms of the GNU General Public License (GPL).
systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manager" — an init system used to bootstrap user space and manage user processes. It also provides replacements for various daemons and utilities, including device management, login management, network connection management, and event logging. The name systemd adheres to the Unix convention of naming daemons by appending the letter d. It also plays on the term "System D", which refers to a person's ability to adapt quickly and improvise to solve problems.
OutGuess is a steganographic software. It has handlers for image files in the common Netpbm and JPEG formats, so it can, for example, specifically alter the frequency coefficients of JPEG files. It is written in C and published as Free Software under the terms of the old BSD license. It has been tested on a variety of Unix-like operating systems and is included in the standard software repositories of the popular Linux distributions Debian and Arch Linux and their derivatives.