bionic (8) tigercron.8.gz

Provided by: tiger_3.2.4~rc1-1_amd64 bug

NAME
       tigercron - Cron utility for Tiger UNIX Security Checker


SYNOPSIS
       tigercron [controlfile] [-B basedir] [tigeroptions...]


DESCRIPTION
       Tigercron  is  used  to  run  periodically checks from the Tiger UNIX Security Checker. Tigercron reads a
       control file which is usually located in '/etc/tiger/cronrc' although it can also be specificied  as  the
       first  argument  when  calling  the program.  The format of this control file is the same as for the cron
       program, each line indicates when different checks from Tiger will be run.  The user can  indicate  where
       Tiger is installed through the -B basedir parameter, any other additional options provided in the command
       line will be passed on to configure to configure Tiger based on them (as described in tiger (8)).

       Tigercron runs the specified checks and compares  their  reports  with  previous  stored  reports  (under
       /var/log/tiger).  It  will  then  mail  the  user  defined  in '/etc/tiger/tigerrc' (Tiger_Mail_RCPT) the
       results.

       When a module is run, tigercron checks:

       •   If Tiger_Cron_Template is set to Y in tigerrc. If it is, it checks if there  is  a  template  stating
           which are the expected results.

       •   If Tiger_Cron_CheckPrev is set to Y in tigerrc. If it is, it checks if there is a previous run of the
           module it can check against.

       A differential report is generated depending on the module reports and previous run and is  sent  through
       e-mail.  These reports provide an easy way to detect intrusions even if no configuration of templates has
       been done. In the event of an intrusion a Tiger check might detect something specific (file changes,  new
       processes,  new  users, etc.) and this alert mechanism provides a way to turn Tiger into a Host Intrusion
       Detection System (HIDS).

       The ability of it to work as a proper HIDS is based on a good customization of the cronrc  file.  Modules
       that  check events to which the host is most exposed to should be run often in order to detect deviations
       from normal behaviour.


OPTIONS
       Tigercron uses the same options as Tiger. A controlfile can be defined also to override the default.


FILES
       /etc/tiger/tigerrc
              Configuration file for the Tiger tool.

       /etc/tiger/cronrc
              Configuration file for the Tigercron tool.

       /var/log/tiger
              Location of the log messages generated by Tiger when run through cron

       /var/lib/tiger/work
              Working directory used by Tiger scripts to create temporary files.


SEE ALSO
       tigexp(8),tiger(8),cron(8),crontab(5)

       The deficiencies of using tigercron as a HIDS are described in the file README.hostids which is  provided
       with  the  package.  In  Debian  GNU/Linux  you  will  find  this  (and  other  related) documentation at
       /usr/share/doc/tiger/


BUGS
       Currently Tigercron has only one alert mechanism (mail) and signatures are not  supported.  Thus,  alerts
       could be faked. Also, it is dependant on cron and will not work if cron is not working.


AUTHOR
       This manpage was written by Javier Fernandez-Sanguino.