SIMPLE SOLUTIONS

TIGERCRON - reference manual online

Cron utility for Tiger UNIX Security Checker.

Chapter
19 September 2003
TIGERCRON(8)                          Administrator Commands                         TIGERCRON(8)

NAME tigercron - Cron utility for Tiger UNIX Security Checker
SYNOPSIS tigercron [controlfile] [-B basedir] [tigeroptions...]
DESCRIPTION Tigercron is used to run periodically checks from the Tiger UNIX Security Checker. Tiger‐ cron reads a control file which is usually located in '/etc/tiger/cronrc' although it can also be specificied as the first argument when calling the program. The format of this control file is the same as for the cron program, each line indicates when different checks from Tiger will be run. The user can indicate where Tiger is installed through the -B basedir parameter, any other additional options provided in the command line will be passed on to configure to configure Tiger based on them (as described in tiger (8)). Tigercron runs the specified checks and compares their reports with previous stored reports (under /var/log/tiger). It will then mail the user defined in '/etc/tiger/tigerrc' (Tiger_Mail_RCPT) the results. When a module is run, tigercron checks: · If Tiger_Cron_Template is set to Y in tigerrc. If it is, it checks if there is a tem‐ plate stating which are the expected results. · If Tiger_Cron_CheckPrev is set to Y in tigerrc. If it is, it checks if there is a pre‐ vious run of the module it can check against. A differential report is generated depending on the module reports and previous run and is sent through e-mail. These reports provide an easy way to detect intrusions even if no configuration of templates has been done. In the event of an intrusion a Tiger check might detect something specific (file changes, new processes, new users, etc.) and this alert mechanism provides a way to turn Tiger into a Host Intrusion Detection System (HIDS). The ability of it to work as a proper HIDS is based on a good customization of the cronrc file. Modules that check events to which the host is most exposed to should be run often in order to detect deviations from normal behaviour.
OPTIONS Tigercron uses the same options as Tiger. A controlfile can be defined also to override the default.
FILES /etc/tiger/tigerrc Configuration file for the Tiger tool. /etc/tiger/cronrc Configuration file for the Tigercron tool. /var/log/tiger Location of the log messages generated by Tiger when run through cron /var/lib/tiger/work Working directory used by Tiger scripts to create temporary files.
SEE ALSO tigexp(8),tiger(8),cron(8),crontab(5) The deficiencies of using tigercron as a HIDS are described in the file README.hostids which is provided with the package. In Debian GNU/Linux you will find this (and other related) documentation at /usr/share/doc/tiger/
BUGS Currently Tigercron has only one alert mechanism (mail) and signatures are not supported. Thus, alerts could be faked. Also, it is dependant on cron and will not work if cron is not working.
AUTHOR This manpage was written by Javier Fernandez-Sanguino.
Security 19 September 2003 TIGERCRON(8)
This manual Reference Other manuals
tigercron(8) referred by
refer to cron(8) | crontab(5) | tiger(8) | tigexp(8)