Provided by: tiger_3.2.4~rc1-1_amd64 bug

NAME

       tigercron - Cron utility for Tiger UNIX Security Checker

SYNOPSIS

       tigercron [controlfile] [-B basedir] [tigeroptions...]

DESCRIPTION

       Tigercron  is  used  to  run  periodically  checks  from  the Tiger UNIX Security Checker.
       Tigercron reads a control file which is usually located in '/etc/tiger/cronrc' although it
       can  also  be  specificied  as the first argument when calling the program.  The format of
       this control file is the same as for the cron program, each line indicates when  different
       checks from Tiger will be run.  The user can indicate where Tiger is installed through the
       -B basedir parameter, any other additional options provided in the command  line  will  be
       passed on to configure to configure Tiger based on them (as described in tiger (8)).

       Tigercron  runs  the  specified  checks  and  compares  their reports with previous stored
       reports (under /var/log/tiger). It will then mail the user defined in '/etc/tiger/tigerrc'
       (Tiger_Mail_RCPT) the results.

       When a module is run, tigercron checks:

       •   If  Tiger_Cron_Template  is  set  to  Y  in tigerrc. If it is, it checks if there is a
           template stating which are the expected results.

       •   If Tiger_Cron_CheckPrev is set to Y in tigerrc. If it is, it  checks  if  there  is  a
           previous run of the module it can check against.

       A differential report is generated depending on the module reports and previous run and is
       sent through e-mail. These reports provide an easy way to detect  intrusions  even  if  no
       configuration of templates has been done. In the event of an intrusion a Tiger check might
       detect something specific (file changes, new processes, new users, etc.)  and  this  alert
       mechanism provides a way to turn Tiger into a Host Intrusion Detection System (HIDS).

       The  ability of it to work as a proper HIDS is based on a good customization of the cronrc
       file. Modules that check events to which the host is most exposed to should be  run  often
       in order to detect deviations from normal behaviour.

OPTIONS

       Tigercron  uses  the  same options as Tiger. A controlfile can be defined also to override
       the default.

FILES

       /etc/tiger/tigerrc
              Configuration file for the Tiger tool.

       /etc/tiger/cronrc
              Configuration file for the Tigercron tool.

       /var/log/tiger
              Location of the log messages generated by Tiger when run through cron

       /var/lib/tiger/work
              Working directory used by Tiger scripts to create temporary files.

SEE ALSO

       tigexp(8),tiger(8),cron(8),crontab(5)

       The deficiencies of using tigercron as a HIDS are described  in  the  file  README.hostids
       which  is  provided  with  the  package. In Debian GNU/Linux you will find this (and other
       related) documentation at /usr/share/doc/tiger/

BUGS

       Currently Tigercron has only one alert mechanism (mail) and signatures are not  supported.
       Thus,  alerts  could  be faked. Also, it is dependant on cron and will not work if cron is
       not working.

AUTHOR

       This manpage was written by Javier Fernandez-Sanguino.