Tiger – UNIX Security Checker


  • " tripwire_run"

    tags: tripwire

    • behaviour of Tiger and how it can be used to setup a host-based  intrusion detection system

    • 10.1.2.4 Automatically checking for security issues with debsecan

        

       The debsecan program evaluates the security status of by reporting both missing security updates and security vulnerabilities.

    • There are other, simpler tools that can be used to detect network attacks. portsentry

    • You can test any of these tools with the Debian package idswakeup, a shell script which generates false alarms, and includes many common attack signatures. 

    • Debian since the Woody branch. tiger provides checks of common issues related to security break-ins, like password strength, file system problems, communicating processes, and other ways root might be compromised. This package includes new Debian-specific security checks including: MD5sums checks of installed files, locations of files not belonging to packages, and analysis of local listening processes. The default installation sets up tiger to run each day, generating a report that is sent to the superuser about possible compromises of the system.

    • Loadable kernel modules are files containing dynamically loadable kernel components used to expand the functionality of the kernel. The main benefit of using modules is the ability to add additional devices, like an Ethernet or sound card, without patching the kernel source and recompiling the entire kernel. However, crackers are now using LKMs for root-kits (knark and adore), opening up back doors in GNU/Linux systems.

    • One such strategy is getting there first, that is, loading an LKM designed to protect the system from other malicious LKMs.

    • Debian’s TIGER incorporates new checks primarily oriented towards Debian distribution including: md5sums checks of installed files, location of files not belonging to packages, check of security advisories and analysis of local listening processes.

    • Using tiger for security audit and intrusion detection!

    • The Unix security audit and intrusion detection tool

    • Free software Linux/*BSD distributions have a myriad of security tools to do local security checks: Debian’s checksecurity,

Posted from Diigo. The rest of my favorite links are here.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s