[Eug-lug] Tiger security scanning scripts

Michael Miller mike.mikemiller at gmail.com
Thu Jul 13 15:59:38 PDT 2006 

I have issues with Debian biased distros.  You may have hard of
cfengine before.  It's a nice piece of software that helps you keep
all of your systems in sync.  Configuration wise that is.  Check it
out www.cfengine.org . I used it at the last place I worked at before
moving to Eugene.  It has a really nice syntax for the configuration
files.  You can use it on what ever BSD, Linux or Unix distro.  I used
it on both RedHat Enterprise servers and HP-UX servers.

Mike Miller

On 7/13/06, Jason LaPier <jlapier at uoregon.edu> wrote:
>
> > -----Original Message-----
> > From: euglug-bounces at euglug.org
> > [mailto:euglug-bounces at euglug.org] On Behalf Of Michael Miller
> > Sent: Thursday, July 13, 2006 11:39 AM
> > To: Eugene Unix and Gnu/Linux User Group
> > Subject: Re: [Eug-lug] Tiger security scanning scripts
> >
> > If memory services me correctly I don't link it is being
> > actively developed or updated.  If you are looking for
> > something that is being updated and or developed or a bit
> > more modern.  I would look at http://www.bastille-linux.org/
> > .  It also depends on what you are looking to do as well.
> > Are you trying to harden the OS and or improve system
> > security and permissions?  Are you also looking at what
> > network services you are running and making sure unused
> > services are turned off?  Are you also auditing the network
> > services / daemons?
>
> Ok - I was thinking about trying out bastille as well. It's my intention to
> improve overall security on my boxes, in one shot, but also to have some
> nightly scanning done as well. I'm hoping that I can find a solution that's
> not super complex to set up and can basically let me sleep a little better
> while not eating up a lot of time every day. I know, I know - security comes
> first, but other things need attention as well, and budgets are tight...
>
> Anyway, this actually started out as a mission for my box at home. I'm
> pretty good about any boxes that have a direct connection to the Internet. I
> only install services I need for a particular box, update regularly, only
> create users that are necessary, try to make their passwords difficult and
> add AllowGroups to my sshd_config.
>
> I've been hacked three times in the 8 years I've done this professionally.
> The first time was RedHat 6.2, bind vuln. It was a good learning experience
> for me. It was a long time ago. I got over it. The second time was about a
> year ago, it was an ssh bot. Someone created a user for email, and gave no
> password. Damage was minimal and I wanted to rebuild that box anyway. I
> learned the value of sshd_config.
>
> Last week it was one of my two Ubuntu boxes at home for strike number three.
> Last fall I was trying to get mythtv up and running on it. I created a user
> called mythtv, with a password of mythtv, thinking it would be hooked up to
> my TV and protected by the firewall on my local network. Earlier this year,
> I scrapped mythtv and started using the box as an ad hoc server - since I
> was using it for ssh, svn, Unreal Tournament, and httpd I stuck it in my
> DMZ, forgetting that I had an old user sitting around with a crappy
> password. It was an embarrassingly human mistake, and I was lucky to catch
> the breach after only a couple days of me spamming the world (being that
> it's my dev server and my UT server, well, I tend to check the ps list all
> the time when I'm shuffling resources back and forth).
>
> I liked that tiger gave me a list of users and even warned me of a couple
> possible "dormant" accounts - but user accounts/passwords are just on my
> mind because ssh bots are so relentless these days. I script my apt-get
> updates to run nightly and get emails notifying me when they work or don't
> work so I don't feel so much like stressing over package vulnerabilities,
> but I thought some general security auditing wouldn't hurt....
>
> On a side note, it's a little scary how easy it is to install sshd on
> something like Ubuntu, which let's you use pretty cheap passwords and is
> geared towards Windows migrators. I love Ubuntu personally, but yikes. At
> least it's not installed by default, and I think there's a warning when you
> install it via apt-get (or the GUI package installer) ...
>
>
> - Jason
>
>
>
> >
> > On 7/13/06, larry price <laprice at gmail.com> wrote:
> > >
> > http://www.linuxsecurity.com/docs/harden-doc/html/securing-debian-howt
> > > o/ch9.en.html
> > >
> > > might help, it appears to have been written in russian and
> > translated
> > > to english
> > >
> > > On 7/13/06, Jason LaPier <jlapier at uoregon.edu> wrote:
> > > > Has anyone used TIGER before? I installed it via apt-get
> > on a couple
> > > > debian boxes, and now I'm trying to interpret some of the
> > results of
> > > > my scans, and I'd like to get crackin on some of the
> > configuration
> > > > options, but I'd like to read up a little more on it and
> > was hoping
> > > > to find some kind of guide or online documentation. Searching for
> > > > "tiger" is, for fairly obvious reasons, a bit difficult.
> > Does anyone
> > > > know where these scripts come from or who makes them?
> > > >
> > > >
> > > > Jason LaPier
> > > > Network Manager
> > > > TACS / WRRC / NPSO
> > > > University of Oregon
> > > >
> > > > _______________________________________________
> > > > EUGLUG mailing list
> > > > euglug at euglug.org
> > > > http://www.euglug.org/mailman/listinfo/euglug
> > > >
> > > _______________________________________________
> > > EUGLUG mailing list
> > > euglug at euglug.org
> > > http://www.euglug.org/mailman/listinfo/euglug
> > >
> > _______________________________________________
> > EUGLUG mailing list
> > euglug at euglug.org
> > http://www.euglug.org/mailman/listinfo/euglug
> >
>
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>

More information about the EUGLUG mailing list