On 9/5/05, Stephen J. Smoogen <smooge@xxxxxxxxx> wrote: > Well.. it didnt work for me :). Mostly Bastille seemed to be a set of > items to tighten a system down.. not check if something has been > tightened down. As someone who is writing a bunch of stuff similar to > tiger.. they are very different beasts. > I have to amend this statement.. I couldnt get bastille -a to work on my box earlier but found that it was due to a bad box (smoke and ashes today). For some reason, I think the choice of Bastille and Tiger are probably personal issues of what works best for someone (like KDE/Gnome) Both should be available at some point... and used to check the others work. > On 9/5/05, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx> wrote: > > why not just use bastille (which already works on fedora): > > http://www.bastille-linux.org/ ? > > > > > > > > Aurelien Bompard wrote: > > > Hi *, > > > > > > I've packaged Tiger for Fedora Extras, and it is available for review in bug > > > 165311. > > > > > > Tiger is a set of bash scripts to run automatic security audits and > > > intrusion detection on Unix systems. > > > The project was abandoned since mid-90's, and has been resurrected by one of > > > the main Debian security developers (Javier Fernández-Sanguino), and further > > > improved. > > > It proved very useful many times on the Debian servers I manage, and I'm > > > pretty sure it could be as useful on Fedora. > > > > > > Since Tiger is very system-specific, it needs customization to integrate it > > > into Fedora. Right now, I've only ported Javier's fixes and adaptations for > > > Debian (which is a quite large patch, I've splitted and cleaned it). > > > I'd like to make sure it works as this, and I'll add more Fedora-specific > > > checks afterwards (such as "yum check-update", "rpm -V", and maybe even > > > SELinux checks, there's much to do) > > > > > > I'm looking for people to help fine-tune the default configuration. So here > > > are the best ways you can help review Tiger if you want to: > > > - Check for packaging errors, as usual > > > - Install it, tweak /etc/tiger/tigerrc a little, run "tiger" and tell me if > > > you have error messages. > > > - Tell me what false-positive alerts you get in the previous command so I > > > can add them to /etc/tiger/tiger.ignore > > > - Look into /etc/tiger/tiger.ignore and tell me if you think I've ignored > > > something valid > > > - Please review my one-liner patch for a C program not compiling with gcc4, > > > as I really don't know C... > > > - Tell me where Tiger could be better integrated into Fedora > > > > > > When you run "tiger", all checks enabled in /etc/tiger/tigerrc are run. But > > > there is also an automatic testing system, where the scripts are run at > > > different times according to /etc/tiger/cronrc. If you can, please run each > > > script in this crontab and tell me which false-positive you get. > > > > > > One of Tiger's best features is to report only what's changed since the last > > > run (configurable in /etc/tiger/tigerrc), but it does not mean we should > > > not get rid of false-positives in the first place. > > > > > > Of course, if you don't feel like checking all this, just do what you're > > > interested in (packaging, coding errors, further integration, ...). Any bit > > > will help. > > > > > > Thanks > > > > > > Aurélien > > > > -- > > fedora-devel-list mailing list > > fedora-devel-list@xxxxxxxxxx > > http://www.redhat.com/mailman/listinfo/fedora-devel-list > > > > > -- > Stephen J Smoogen. > CSIRT/Linux System Administrator > -- Stephen J Smoogen. CSIRT/Linux System Administrator -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
