Man Linux: Main Page and Category List

NAME

       tigercron - Cron utility for Tiger UNIX Security Checker

SYNOPSIS

       tigercron [controlfile] [-B basedir] [tigeroptions...]

DESCRIPTION

       Tigercron  is  used  to  run  periodically  checks  from the Tiger UNIX
       Security Checker. Tigercron reads  a  control  file  which  is  usually
       located  in  ’/etc/tiger/cronrc’ although it can also be specificied as
       the first argument when  calling  the  program.   The  format  of  this
       control  file  is the same as for the cron program, each line indicates
       when different checks from Tiger will be run.  The  user  can  indicate
       where  Tiger  is  installed through the -B basedir parameter, any other
       additional options provided in the command line will be  passed  on  to
       configure to configure Tiger based on them (as described in tiger (8)).

       Tigercron runs the specified checks and  compares  their  reports  with
       previous  stored  reports (under /var/log/tiger). It will then mail the
       user defined in ’/etc/tiger/tigerrc’ (Tiger_Mail_RCPT) the results.

       When a module is run, tigercron checks:

       ·   If Tiger_Cron_Template is set to Y in tigerrc. If it is, it  checks
           if there is a template stating which are the expected results.

       ·   If Tiger_Cron_CheckPrev is set to Y in tigerrc. If it is, it checks
           if there is a previous run of the module it can check against.

       A differential report is generated depending on the module reports  and
       previous  run and is sent through e-mail. These reports provide an easy
       way to detect intrusions even if no configuration of templates has been
       done. In the event of an intrusion a Tiger check might detect something
       specific (file changes, new processes, new users, etc.) and this  alert
       mechanism  provides a way to turn Tiger into a Host Intrusion Detection
       System (HIDS).

       The ability of it to  work  as  a  proper  HIDS  is  based  on  a  good
       customization  of  the  cronrc file. Modules that check events to which
       the host is most exposed to should be run  often  in  order  to  detect
       deviations from normal behaviour.

OPTIONS

       Tigercron  uses the same options as Tiger. A controlfile can be defined
       also to override the default.

FILES

       /etc/tiger/tigerrc
              Configuration file for the Tiger tool.

       /etc/tiger/cronrc
              Configuration file for the Tigercron tool.

       /var/log/tiger
              Location of the log messages generated by Tiger when run through
              cron

       /var/lib/tiger/work
              Working  directory  used  by  Tiger  scripts to create temporary
              files.

SEE ALSO

       tigexp(8),tiger(8),cron(8),crontab(5)

       The deficiencies of using tigercron as a HIDS are described in the file
       README.hostids  which is provided with the package. In Debian GNU/Linux
       you   will   find   this   (and   other   related)   documentation   at
       /usr/share/doc/tiger/

BUGS

       Currently  Tigercron has only one alert mechanism (mail) and signatures
       are not supported. Thus, alerts could be faked. Also, it  is  dependant
       on cron and will not work if cron is not working.

AUTHOR

       This manpage was written by Javier Fernandez-Sanguino.