Tiger security tool 3.2.3 (Default branch)

09-10-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Tiger security tool 3.2.3 (Default branch)

TIGER is a set of Bourne shell scripts, Cprograms, and data files which are used to performa security audit of Unix systems. The securityaudit results are useful both for system analysis(security auditing) and for real-time, host-basedintrusion detection.License: GNU General Public License (GPL)Changes:
This version is mainly a bugfix release that incorporates all the fixes introduced in Debian since 3.2.2. It also updates Linux's gen_mounts to support many more filesystems, and provides a way for local administrators to define local and non-local filesystems. This makes it easier for local admins to define exotic filesystems, if in use, and avoid the warnings Tiger mails each time a script that runs through the filesystems (check_perms, check_known, and find_files) executes.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

secure_sid_scripts(5) File Formats Manual secure_sid_scripts(5) NAME
secure_sid_scripts - controls whether setuid and setgid bits on scripts are honored VALUES
Failsafe Default Allowed values Recommended values DESCRIPTION
This tunable controls whether and bits on executable scripts have any effect. Honoring on scripts make a system vulnerable to attack by malicious users. The default value for this variable is 1, indicating that bits are to be ignored by the execve(2) system call for higher security. The tunable can be set to 0 for a compatibility with older releases at the expense of security. Hewlett-Packard strongly recommends that you not change the value of this tunable unless there is an urgent need to do so. When a script with bits is executed, the kernel generates the following error message to both the terminal controlling and the system log. (To view the error message, use dmesg(1M) or inspect Who is Expected to Change This Tunable? Administrator. Restrictions on Changing Changes to this tunable take effect for new scripts started after the change. When Should the Value of This Tunable Be Changed? This tunable controls operational modes rather than data structure sizes and limits. The appropriate setting for a system depends on whether you consider security or compatibility to be most important. A value of is compatible with previous releases of HP-UX, but it is also less secure. A value of provides security against race condition attacks exploiting scripts. What Are the Side Effects of Changing the Value This tunable controls only executable scripts (not programs) with bit set. HP-UX does not ship with any such scripts. If the customer wishes to use scripts, third party applications such as or can be used. Alternatively, the shell script can be wrapped in a simple C pro- gram that runs the shell script with appropriate permissions: What Other Tunable Values Should Be Changed at the Same Time? None. WARNINGS
None. All HP-UX kernel tunable parameters are release specific. This parameter may be removed or have its meaning changed in future releases of HP-UX. Installation of optional kernel software, from HP or other vendors, may cause changes to tunable parameter values. After installation, some tunable parameters may no longer be at the default or recommended values. For information about the effects of installation on tun- able values, consult the documentation for the kernel software being installed. For information about optional kernel software that was factory installed on your system, see at FILES
AUTHOR
was developed by HP. SEE ALSO
chmod(1), execve(2), kctune(1M). Tunable Kernel Parameters secure_sid_scripts(5)

Software Releases - RSS News

Tiger security tool 3.2.3 (Default branch)

1 More Discussions You Might Find Interesting

1. Cybersecurity

TARA Tool (Tiger)

Discussion started by: shaq

LEARN ABOUT HPUX

secure_sid_scripts