Tiger (security software) explained

Tiger Security Tool
Developer:Javier Fernández-Sanguino
Released:1994
Latest Release Version:3.2.3
Operating System:Unix, Linux, Solaris
Language:English
Genre:Security Audit, Intrusion Detection System
License:GPL
Website:http://www.nongnu.org/tiger/

Tiger is a security software for Unix-like computer operating systems. It can be used both as a security audit tool and a host-based intrusion detection system and supports multiple UNIX platforms. Tiger is free under the GPL license and unlike other tools, it needs only of POSIX tools, and is written entirely in shell language.

Tiger is based on a set of modular scripts that can be run either together or independently to check different aspects of a UNIX system including the review of:

History

Tiger was originally developed by Douglas Lee Schales, Dave K. Hess, Khalid Warraich, and Dave R. Safford in 1992 at Texas A&M University.[1] [2] The tool was originally developed to provide a check of UNIX systems on the A&M campus that had to be accessed from off campus and, consequently, required clearance through the network security measures set in place. It was developed after a coordinated attack in August 1992 to computers in the campus. The campus system administrators needed something that any user could use to test the system's security and run if they could figure out how to get it down to their machines. The tool was presented in the Fourth USENIX Security Symposium. It was written at the same time that other auditing tools such as COPS, SATAN and Internet Security Scanner were written. Eventually, after the 2.2.4 version, which was released in 1994, development of Tiger stalled.[3]

Three different forks evolved after Tiger: TARA (developed by Advanced Research Computing Tiger Analytical Research Assistant), one internally developed by the HP corporation by Bryan Gartner and the last one developed for the Debian GNU/Linux distribution by Javier Fernández-Sanguino (current upstream maintainer). All the forks aimed at making Tiger work in newer versions of different UNIX operating systems.

These forks were merged in May 2002 and in June 2002 the new source code, now labeled as the 3.0 release, was published in the download section of the newly created Savannah site. Following this merge, the following releases were published:

Overview

Tiger has some interesting features including a modular design that is easy to expand. It can be used as an audit tool and a host-based intrusion detection system tool as described in the program's manpage[4] and in the source code documentation (README.hostids).

Tiger complements Intrusion Detection System (IDS) (from network IDS Snort), to the kernel (Log-based Intrusion Detection System or LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), integrity checkers (many of these: AIDE, integrit, Samhain, Tripwire...) and logcheckers, providing a framework in which all of them can work together while checking the system configuration and status.

Notes and References

  1. Book: Linux System Security . registration. Mann . Scott. Mitchell. Ellen L.. 2000 . Prentice Hall PTR . Upper Saddle River, NJ . 0-13-015807-0 . 341.
  2. The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment. Safford . David R. . Lee Schales. Douglas . Hess. David K. . 1993. Proceedings of the Fourth USENIX Security Symposium.
  3. http://www.net.tamu.edu/network/tools/tiger.html
  4. Web site: Fernandez-Sanguino. Javier. Tiger program manpage. 14 January 2018.