[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tiger-devel] New patches (almost) integrated, new release soon
|
From: |
Javier Fernández-Sanguino Peña |
|
Subject: |
[Tiger-devel] New patches (almost) integrated, new release soon |
|
Date: |
Tue, 19 Aug 2003 19:03:20 +0200 |
|
User-agent: |
Mutt/1.5.4i |
Hi there,
I'm back from vacation which means I have been able to do quite some of the
work I wanted for Tiger. I have been revising all the checks and the needed
enhancements and most of the changes and patches are as of now available in
Savannah's CVS server.
Unfortunately, it is now down so I cannot integrate all of the changes I've
made recently. In any case, I will be preparing a new 3.2.1 release soon
with quite some changes:
- A number of enhancements derived from merging with TARA's 3.0.3 release
which includes some new checks such as 'check_rootkit', syslog support for
'Tiger' (but just to send the full report to a syslog server) support for
new architectures (MacOSX) and signatures for older and new ones
- A full review of CERT's UNIX Security Checklist v2.0 indicating which of
the steps of the checklist are automated (checked for) by Tiger
- A new run_script function which provides Tiger (and tigercron) a way to
search for scripts in system directories which might override the generic
ones (under scripts). This was discussed in the list and is now
implemented.
- Some new checks. Such as 'aide_run' and 'integrit_run' as new
-alternative- integrity file checkers, the new HP-UX checks from Ryan ,and
quite a number of improvements in the old ones (including patches
contributed by different users/developers). Some of the new checks are
directly inspired by CERT's checklist.
- A number of bug fixes and improvements including some more documentation
and better explanation of some of the items which Tiger alerts about.
- A new tool to build the 'file_access_list' used by the check_perms:
mkflst
I will also open up a 'contrib' directory in the new list and include there
a number of patches I will not be able to implement in the next release. As
of this point I will be accepting code snippets (even if written in Perl)
to include in that 'user contributed' directory. Those code snippets will
be eventually converted into proper Tiger modules, but they might be useful
as preliminary checks for some people (or might encourage them to write
proper checks).
Regards
Javi
pgprLzvczg1Mc.pgp
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Tiger-devel] New patches (almost) integrated, new release soon,
Javier Fernández-Sanguino Peña <=