Mike Kienenberger
Systems Analyst, ARSC
mkienenb@arsc.edu
ftp://ftp.arsc.edu/pub/software/sources/security/tiger
1998-10-09

Tiger is a system security scanning tool.

The original tiger distribution is located at
ftp://net.tamu.edu/pub/security/TAMU/tiger-2.2.3.tar.gz

These are our modifications to tiger-2.2.3, which we use on an automated and regular basis.  See the .../tiger-2.2.3/CHANGES.ARSC file for details.

This version of tiger has successfully run on
	IRIX 6.2, 6.3, and 6.4 (indy, indigo2, onyx, O2, onyx2)
	UNICOS/MK 2.0.3.26 (t3e)
	UNICOS 10.0.0.1 (j90)
	Nextstep 3.3 (sparc)

Tiger should successfully run on other platforms, but the
system-specific configuration files for other platforms will probably
need to be created or updated.

At this time, we do not have the resources to provide any further
support other than making this distribution available.  Please use
the tiger mailing list instead.

tiger-2.2.3.ARSC.DATE.tar.gz
	The ARSC tiger distribution
		
Other tools which might be of use to you:

post-processing.DATE.tar.gz
	A script that takes as input a tiger report and filters
		out expected and unimportant events.  Requires
		the swatch filtering tool (which requires perl).
		The swatch distribution is located at
		ftp://ftp.stanford.edu/general/security-tools/swatch
		
.../tiger-2.2.3/tiger.cron.arsc
	Slightly modified '.../tiger-2.2.3/tiger' script that can be called
		from cron to create a tiger report, then filter it through
		the post-processing tool.


Potential future work:
	- Report group-writable files
	- Report uid/gid mismatched files
	- Create updated signatures
	- md5 is broken on non-32-bit systems:
		redefine UINT2 as 2-char struct
		determine UINT4 platform-dependently

MD5 (post-processing.19981009.tar.gz) = c8e38cd9d08d1e8455dff248af204fbf
MD5 (tiger-2.2.3.ARSC.19981008.tar.gz) = 7fc3ab96a35698c4bccfd0edbebd1e23