[Eug-lug] Tiger security scanning scripts

Jason LaPier jlapier at uoregon.edu
Thu Jul 13 14:42:26 PDT 2006 

> -----Original Message-----
> From: euglug-bounces at euglug.org 
> [mailto:euglug-bounces at euglug.org] On Behalf Of Michael Miller
> Sent: Thursday, July 13, 2006 11:39 AM
> To: Eugene Unix and Gnu/Linux User Group
> Subject: Re: [Eug-lug] Tiger security scanning scripts
> 
> If memory services me correctly I don't link it is being 
> actively developed or updated.  If you are looking for 
> something that is being updated and or developed or a bit 
> more modern.  I would look at http://www.bastille-linux.org/ 
> .  It also depends on what you are looking to do as well.  
> Are you trying to harden the OS and or improve system 
> security and permissions?  Are you also looking at what 
> network services you are running and making sure unused 
> services are turned off?  Are you also auditing the network 
> services / daemons?

Ok - I was thinking about trying out bastille as well. It's my intention to
improve overall security on my boxes, in one shot, but also to have some
nightly scanning done as well. I'm hoping that I can find a solution that's
not super complex to set up and can basically let me sleep a little better
while not eating up a lot of time every day. I know, I know - security comes
first, but other things need attention as well, and budgets are tight...

Anyway, this actually started out as a mission for my box at home. I'm
pretty good about any boxes that have a direct connection to the Internet. I
only install services I need for a particular box, update regularly, only
create users that are necessary, try to make their passwords difficult and
add AllowGroups to my sshd_config. 

I've been hacked three times in the 8 years I've done this professionally.
The first time was RedHat 6.2, bind vuln. It was a good learning experience
for me. It was a long time ago. I got over it. The second time was about a
year ago, it was an ssh bot. Someone created a user for email, and gave no
password. Damage was minimal and I wanted to rebuild that box anyway. I
learned the value of sshd_config. 

Last week it was one of my two Ubuntu boxes at home for strike number three.
Last fall I was trying to get mythtv up and running on it. I created a user
called mythtv, with a password of mythtv, thinking it would be hooked up to
my TV and protected by the firewall on my local network. Earlier this year,
I scrapped mythtv and started using the box as an ad hoc server - since I
was using it for ssh, svn, Unreal Tournament, and httpd I stuck it in my
DMZ, forgetting that I had an old user sitting around with a crappy
password. It was an embarrassingly human mistake, and I was lucky to catch
the breach after only a couple days of me spamming the world (being that
it's my dev server and my UT server, well, I tend to check the ps list all
the time when I'm shuffling resources back and forth). 

I liked that tiger gave me a list of users and even warned me of a couple
possible "dormant" accounts - but user accounts/passwords are just on my
mind because ssh bots are so relentless these days. I script my apt-get
updates to run nightly and get emails notifying me when they work or don't
work so I don't feel so much like stressing over package vulnerabilities,
but I thought some general security auditing wouldn't hurt....

On a side note, it's a little scary how easy it is to install sshd on
something like Ubuntu, which let's you use pretty cheap passwords and is
geared towards Windows migrators. I love Ubuntu personally, but yikes. At
least it's not installed by default, and I think there's a warning when you
install it via apt-get (or the GUI package installer) ...


- Jason



> 
> On 7/13/06, larry price <laprice at gmail.com> wrote:
> > 
> http://www.linuxsecurity.com/docs/harden-doc/html/securing-debian-howt
> > o/ch9.en.html
> >
> > might help, it appears to have been written in russian and 
> translated 
> > to english
> >
> > On 7/13/06, Jason LaPier <jlapier at uoregon.edu> wrote:
> > > Has anyone used TIGER before? I installed it via apt-get 
> on a couple 
> > > debian boxes, and now I'm trying to interpret some of the 
> results of 
> > > my scans, and I'd like to get crackin on some of the 
> configuration 
> > > options, but I'd like to read up a little more on it and 
> was hoping 
> > > to find some kind of guide or online documentation. Searching for 
> > > "tiger" is, for fairly obvious reasons, a bit difficult. 
> Does anyone 
> > > know where these scripts come from or who makes them?
> > >
> > >
> > > Jason LaPier
> > > Network Manager
> > > TACS / WRRC / NPSO
> > > University of Oregon
> > >
> > > _______________________________________________
> > > EUGLUG mailing list
> > > euglug at euglug.org
> > > http://www.euglug.org/mailman/listinfo/euglug
> > >
> > _______________________________________________
> > EUGLUG mailing list
> > euglug at euglug.org
> > http://www.euglug.org/mailman/listinfo/euglug
> >
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>

More information about the EUGLUG mailing list