aboutsummaryrefslogtreecommitdiff
path: root/system/tiger
diff options
context:
space:
mode:
authorpyllyukko <pyllyukko AT maimed dot org>2011-10-15 07:35:41 -0500
committerNiels Horn <niels.horn@slackbuilds.org>2011-10-22 10:17:07 -0200
commitb663f5c1fefcd902bdeaf686af376b68a889349c (patch)
tree74990fc778cee891fda75e39f4350647bbdd44b3 /system/tiger
parentad917533115e9d6c7d4b8e743c6a61a1933116ee (diff)
system/tiger: Added (Report system security vulnerabilities)
Signed-off-by: Erik Hanson <erik@slackbuilds.org>
Diffstat (limited to 'system/tiger')
-rw-r--r--system/tiger/README20
-rw-r--r--system/tiger/config/tiger.cron6
-rw-r--r--system/tiger/config/tiger.default6
-rw-r--r--system/tiger/config/tiger.ignore31
-rw-r--r--system/tiger/doinst.sh18
-rw-r--r--system/tiger/patches/tiger-3.2.3-build-fix.diff18
-rw-r--r--system/tiger/slack-desc19
-rw-r--r--system/tiger/tiger.SlackBuild143
-rw-r--r--system/tiger/tiger.info10
9 files changed, 271 insertions, 0 deletions
diff --git a/system/tiger/README b/system/tiger/README
new file mode 100644
index 0000000000000..85bd0c4df442a
--- /dev/null
+++ b/system/tiger/README
@@ -0,0 +1,20 @@
+TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
+C programs and data files which are used to perform a security audit
+of UNIX systems. It is designed to hopefully be easy to use, easy to
+understand and easy to enhance.
+
+'tiger' incorporates checks primarily oriented towards Linux integrity
+including: md5sums checks installed files, (and it can call AIDE or
+Intergrit aswell), analysis of local listening processes, and then some.
+
+Tiger uses 'chkrootkit' for rootkit scanning if it's present.
+
+This SlackBuild will also verify the package's PGP signature
+if the following conditions are met:
+
+ - You have GnuPG installed
+ - You have the appropriate public PGP key (0xDC814B09)
+ in your trustedkeys.gpg keyring
+ (available at http://savannah.nongnu.org/people/viewgpg.php?user_id=7475)
+ - You have downloaded the sig file from
+ http://download.savannah.gnu.org/releases/tiger/tiger-${VERSION}.tar.gz.sig
diff --git a/system/tiger/config/tiger.cron b/system/tiger/config/tiger.cron
new file mode 100644
index 0000000000000..33c55e6f7113c
--- /dev/null
+++ b/system/tiger/config/tiger.cron
@@ -0,0 +1,6 @@
+#
+# Regular cron jobs for the tiger package
+#
+# modified to work with Slackware and Dillon's Cron by pyllyukko
+#
+0 * * * * /bin/test -x /usr/sbin/tigercron && { DEFAULT=/etc/default/tiger ; [ -r "$DEFAULT" ] && . "$DEFAULT" || NICETIGER=10 ; /bin/nice -n$NICETIGER /usr/sbin/tigercron -q ; }
diff --git a/system/tiger/config/tiger.default b/system/tiger/config/tiger.default
new file mode 100644
index 0000000000000..58ec0e09e39d3
--- /dev/null
+++ b/system/tiger/config/tiger.default
@@ -0,0 +1,6 @@
+#
+# Default settings for /etc/cron.d/tiger
+#
+
+# Nice level to use for Tiger when running through cron
+NICETIGER=10
diff --git a/system/tiger/config/tiger.ignore b/system/tiger/config/tiger.ignore
new file mode 100644
index 0000000000000..1f7906789e083
--- /dev/null
+++ b/system/tiger/config/tiger.ignore
@@ -0,0 +1,31 @@
+Login ID nobody is disabled, but still has a valid shell \(/bin/sh\)
+Login ID mail's home directory \(/var/mail\) has group `mail' write access.
+Login ID \w+'s parent directory \(/home\) has group `staff' write access.
+Log file /var/log/wtmp permission should be 644
+Log file /var/log/btmp does not exist
+Log file /var/run/utmp permission should be 644
+Log file /var/log/loginlog does not exist
+Log file /var/log/messages permission should be 640
+The owner of /var/log/wtmp should be root (owned by utmp).
+/var/log/wtmp should not have group write.
+The owner of /var/run/utmp should be root (owned by utmp).
+/var/run/utmp should not have group write.
+/var/log/XFree86.0.log should not have world read.
+/etc/fstab should not have group read.
+/etc/fstab should not have world read.
+/etc/inetd.conf should not have group read.
+/etc/inetd.conf should not have world read.
+/etc/pam.d/sudo should not have world read.
+The directory /dev/ataraid resides in a device directory.
+The directory /dev/cciss resides in a device directory.
+The directory /dev/fd resides in a device directory.
+The directory /dev/input resides in a device directory.
+The directory /dev/pts resides in a device directory.
+The directory /dev/rd resides in a device directory.
+The directory /dev/usb resides in a device directory.
+The directory /dev/ida resides in a device directory.
+/dev/null has world permissions
+/dev/ptmx has world permissions
+/dev/gpmctl has world permissions
+/dev/gpmdata has world permissions
+File ".fetchmail-UIDL-cache" in the mail spool, owned by "fetchmail".
diff --git a/system/tiger/doinst.sh b/system/tiger/doinst.sh
new file mode 100644
index 0000000000000..f98853d683e3a
--- /dev/null
+++ b/system/tiger/doinst.sh
@@ -0,0 +1,18 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/tiger/cronrc.new
+config etc/tiger/tigerrc.new
+config etc/tiger/tiger.ignore.new
+config etc/cron.d/tiger.new
+config etc/default/tiger.new
diff --git a/system/tiger/patches/tiger-3.2.3-build-fix.diff b/system/tiger/patches/tiger-3.2.3-build-fix.diff
new file mode 100644
index 0000000000000..28b6985360696
--- /dev/null
+++ b/system/tiger/patches/tiger-3.2.3-build-fix.diff
@@ -0,0 +1,18 @@
+diff -ur tiger-3.2.3/util/genmsgidx tiger-3.2.3.new/util/genmsgidx
+--- tiger-3.2.3/util/genmsgidx 2008-11-27 23:34:21.000000000 +0100
++++ tiger-3.2.3.new/util/genmsgidx 2010-09-01 12:43:22.000000000 +0200
+@@ -96,10 +96,10 @@
+ haveallof variables BASEDIR || exit 1
+
+ # Clear idx file and detect error
+-> $BASEDIR/doc/explain.idx && {
+- echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting"
+- exit 1
+-}
++#> $BASEDIR/doc/explain.idx && {
++# echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting"
++# exit 1
++#}
+
+ $LS $BASEDIR/doc/*.txt |
+ while read infile
diff --git a/system/tiger/slack-desc b/system/tiger/slack-desc
new file mode 100644
index 0000000000000..e1c51f7e84366
--- /dev/null
+++ b/system/tiger/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+tiger: tiger (Report system security vulnerabilities)
+tiger:
+tiger: TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
+tiger: C programs and data files which are used to perform a security
+tiger: audit of UNIX systems. TIGER has one primary goal: report ways
+tiger: 'root' can be compromised.
+tiger:
+tiger: Originally developed by the A&M campus of the Texas University.
+tiger: Currently it is maintained by: Javier Fernandez-Sanguino
+tiger:
+tiger:
diff --git a/system/tiger/tiger.SlackBuild b/system/tiger/tiger.SlackBuild
new file mode 100644
index 0000000000000..a5db73dcbebbb
--- /dev/null
+++ b/system/tiger/tiger.SlackBuild
@@ -0,0 +1,143 @@
+#!/bin/sh
+
+# Slackware build script for Tiger
+
+# Written by Menno Duursma <druiloor@zonnet.nl>
+# currently maintained by pyllyukko <pyllyukko AT maimed dot org>
+
+# This program is free software. It comes without any warranty.
+# Granted WTFPL, Version 2, as published by Sam Hocevar. See
+# http://sam.zoy.org/wtfpl/COPYING for more details.
+
+PRGNAM=tiger
+VERSION=${VERSION:-3.2.3}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e # Exit on most errors
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+
+# The package can be verified with Javier Fernández-Sanguino's PGP key (0xDC814B09)
+# If we have GnuPG installed, we try to verify the signature.
+if [ -x "/usr/bin/gpg" -a -x "/usr/bin/gpgv" ]
+then
+ set +e
+ # This will check if we have the correct key in our keyring.
+ # For the trustedkeys.gpg, see "man 1 gpgv".
+ /usr/bin/gpg --keyring trustedkeys.gpg --no-default-keyring --list-keys 0xDC814B09 &>/dev/null
+ GPG_RET=${?}
+ # 2 means we don't have his key, 0 means we do.
+ set -e
+ # If we have the key and the signature file, we verify the package with GPG
+ if [ ${GPG_RET} -eq 0 -a \
+ -f "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig" ]
+ then
+ /usr/bin/gpgv "${CWD}/${PRGNAM}-${VERSION}.tar.gz.sig"
+ fi
+fi
+
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+# The build errs on this
+# see http://cvs.savannah.gnu.org/viewvc/tiger/tiger/util/genmsgidx?r1=1.6&r2=1.7
+patch --verbose -p1 < $CWD/patches/tiger-3.2.3-build-fix.diff
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS"
+export CFLAGS CXXFLAGS
+./configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --mandir=/usr/man \
+ --with-tigerhome=/usr/libexec/tiger \
+ --with-tigerbin=/usr/sbin \
+ --with-tigerconfig=/etc/tiger \
+ --with-tigerwork=/var/lib/tiger/work \
+ --with-tigerlog=/var/log/tiger
+
+make
+make -j1 install DESTDIR=$PKG
+
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+install -D -m 0644 $CWD/config/tiger.cron $PKG/etc/cron.d/tiger.new
+install -D -m 0640 $CWD/config/tiger.ignore $PKG/etc/tiger/tiger.ignore.new
+install -D -m 0640 $CWD/config/tiger.default $PKG/etc/default/tiger.new
+
+# From the .spec: 3.- This should be done by the Makefile, grumble...
+install -D -m 0644 version.h $PKG/usr/lib/tiger/version.h
+
+# Remove unnecesary stuff
+( cd $PKG
+ for system in AIX HPUX IRIX NeXT SunOS UNICOS UNICOSMK Tru64 MacOSX ; do
+ rm -rf ./usr/libexec/tiger/systems/$system
+ done
+ find . -type d -name CVS | xargs -iX rm -rf "X"
+)
+
+( cd $PKG/etc/tiger
+ mv -v cronrc cronrc.new
+ mv -v tigerrc tigerrc.new
+)
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a [A-Z][A-Z]* site-* tigerrc* \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a other/cert-usc20.txt contrib/fix_tiger_GROUPS.sh audit \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/html
+cp $PKG/usr/libexec/tiger/html/*.html $PKG/usr/doc/$PRGNAM-$VERSION/html
+
+# Delete the redundant stuff
+rm -rf $PKG/usr/libexec/tiger/html
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/tiger/tiger.info b/system/tiger/tiger.info
new file mode 100644
index 0000000000000..1606734ff7e49
--- /dev/null
+++ b/system/tiger/tiger.info
@@ -0,0 +1,10 @@
+PRGNAM="tiger"
+VERSION="3.2.3"
+HOMEPAGE="http://www.nongnu.org/tiger"
+DOWNLOAD="http://download.savannah.nongnu.org/releases/tiger/tiger-3.2.3.tar.gz http://download.savannah.gnu.org/releases/tiger/tiger-3.2.3.tar.gz.sig"
+MD5SUM="f41076f645da9de937819bf6d516e546 fee7fd065e57a3a763d3a99f7ebf7b02"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="pyllyukko"
+EMAIL="pyllyukko AT maimed dot org"
+APPROVED="Erik Hanson"