2010
tiger (1:3.2.3-4) unstable; urgency=low
* Updated Debian Policy to 3.9.0.
* Pull fixes from upstream SVN:
- Fixed the bashism problem with logical expression in
/systems/HPUX/check_trusted. (Closes: #581140).
- Added support to recognize fuse.ltspfs for ltspfs file system. Thanks to
Alexandre Cavalcante Alencar. (Closes: #587507).
* Added debian/tiger.menu file.
* Added debian/tiger.desktop file.
-- Francisco Manuel Garcia Claramonte <francisco@debian.org> Thu, 14 Jul 2010 21:07:17 +0200
tiger (1:3.2.3-3) unstable; urgency=low
* Pull fixes from upstream SVN:
- Fixed the problem in scripts/check_known checking /*/lost+found/* files
with spaces or newline files in their filename, thanks to Dave Rutherford
for the patch (Closes: #532826).
- Fixed the problem with delete() function in initdefs
script, and fixed the problem with temporary file in scripts/find_files
script. Thanks to Hannes von Haugwitz for the patch (Closes: #544701).
- Added support o detect simfs as local filesystem for OpenVZ systems,
thanks to Raimund Sacherer for the patch (Closes: #571944).
- Clarify use of Tiger_Running_Procs for check_runprocs in the
documentation (Closes: 544957)
- Fix syntax error in scripts/sub/check_nousrgrp
* debian/debian.ignore: Fix unescape patterns (dots and parenthesis)
and decrease processing time by combining and grouping similar rules.
Thanks to Moritz Naumann for the patch (Closes: #550512).
* debian/changelog: wrap long lines
* Lintian fixes to make the package lintian clean
- debian/rules: Adjust executable bit to all shell files instead of just to
one selection of them.
- Add debian/tiger.lintian-overrides to setup overrides for warnings
that are not relevant for the package.
- debian/rules: Add call to dh_lintian.
* Update Debian Advisories
* Debconf translations updated:
+ Czech translation, thanks to Miroslav Kure (Closes: #569694).
+ Portuguese translation, thanks to the "Portuguese Translation Team"
(Closes: #570456).
+ Russian translation, thanks to Yuri Kozlov (Closes: #570540).
+ Brazilian Portuguese translation, thanks to Adriano Rafael Gomes
(Closes: #570601).
+ Vietnamese translation, thanks to Clytie Siddall (Closes: #572777).
* Debconf translations included:
+ Added Slovak Debconf translation, thanks to helix84 (Closes: #570289).
+ Added Italian Debconf translation, thanks to Vincenzo Campanella
(Closes: #570747).
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 05 Apr 2010 19:57:47 +0200
tiger (1:3.2.3-2) unstable; urgency=low
[ Francisco Manuel Garcia Claramonte ]
* Thanks to Stefano Zacchiroli for the NMU 1:3.2.2-11.1
and close the bug #544113.
* Updated some Debconf translations:
+ French translation, thanks to Christian Perrier (Closes: #565321).
+ Swedish translation, thanks to Martin Bagge (Closes: #565497).
+ Japanese translation, thanks to "Hideki Yamane (Debian-JP)"
(Closes: #565615).
+ German translation, thanks to Erik Schanze (Closes: #568175).
+ Russian translation, thanks to Yuri Kozlov (Closes: #537918)
* Updated to Debian policy 3.8.4
* Fixed the Bashisms problem in the files:
+ systems/default/check_ndd. Fixed just the problem with the alternative
test command. (Closes: #530205)
+ systems/HPUX/check_passwdspec. (Closes: #530204)
* Fixed the problem finding users in scripts/sub/check_suid. (Closes: #438122)
[ Javier Fernandez-Sanguino ]
* Integrate all patches included in the 3.2.2-11 package release which were
missing in 3.2.3-1 and generated regression bugs (Closes: #566893, #567857,
#529041)
-- Francisco Manuel Garcia Claramonte <francisco@debian.org> Mon, 01 Feb 2010 00:09:33 +0100
2009
tiger (1:3.2.3-1) unstable; urgency=low
* New upstream release
* Updated to Debian Policy 3.8.3
* Updated debhelper dependency version to 7.
* Updated debhelper compatibility to 7.
* Added myself as Comaintainer,
Francisco Manuel Garcia Claramonte <francisco@debian.org>
* Removed the Diff depends (Closes: #544113, #544041).
Thanks to Santiago Vila and Karl Ferdinand Ebert for the patch.
* Changes to make the package lintian clean.
+ Updated dh_clean call to dh_prep in debian/rules.
+ Added ${misc:Depends} to Depends debian/control field of
tiger and tiger-otheros binary packages.
+ Adjusted executable permissions to some shell scripts.
* Removed unneeded commands to create symlinks in debian/rules.
* Removed the clear idx file code in util/genmsgidx to allow build the
Debian package.
* Updated template description to avoid make a question, according to Debian
Developer's Reference (6.5.4.2.1). Updated debian/po/* files.
Updated spanish translation.
* Added commands in debian/rules to remove unneeded Makefiles files in Debian
package.
-- Francisco Manuel Garcia Claramonte <francisco@debian.org> Thu, 03 Dec 2009 21:52:06 +0100
tiger (1:3.2.2-11) unstable; urgency=low
* Sort the system/Linux/2/inetd file since 'join' complains about it not
being sorted when used in check_inetd (Closes: #524783)
* Add symbolic links so users can create the issue and issue.net templates
they want to check against when running check_issue in /etc/tiger/
(Closes: #511970)
* scripts/find_files: Use patch provided by Khalid Shukri in order to
complain from danging symlinks properly so that they can be tiger.ignore'd
(Closes: 434333)
* debian/debian.ignore:
- Add an ignore message to remove the dangling symlinks that are
udev-related.
- Add an ignore message for /dev/log since world-writable permissions for
that file are standard in Debian (Closes: 417939)
* initdefs: Change error message when a file value definition is empty
* systems/Linux/2/check_umask: More extensive umask checks also covering
different analysis for each one of the available shells in order to provide
more meaningful information.
* systems/Linux/2/check_rcumask: Remove shell login umask definitions from
* the file (both bash and csh/tcsh) since these do not apply to the script
(i.e. are not init.d related) and add /etc/init.d/rc handling
(Closes: 443807)
* doc/misc.txt: Add new messages for new umask analysis covered in
check_umask
* doc/filesys.txt: Add a description of the new warning message introduced by
the above patch.
* doc/config.txt: Document that this happens also when the configuration
* system
was not able to define a valid file and set a value for the file definition.
* debian/rules: Adjust the permissions of /var/lib/tiger/work and
/var/log/tiger/ so that they are 0700. (Closes: #512078)
* debian/preinst: Adjust the permissions of /var/lib/tiger/work and
/var/log/tiger/ when upgrading so that they are set to 0700.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 21 May 2009 00:26:23 +0200
tiger (1:3.2.2-10) unstable; urgency=low
* Fix bug in scripts/check_perms
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 07 May 2009 23:55:22 +0200
tiger (1:3.2.2-9) unstable; urgency=low
* Use --debconf-ok when calling ucf (Closes: 517798, 521620, 539188)
* Update check_release to reflect latest Debian release (Closes: 523700)
* Fix systems/Linux/2/config so that it uses /etc/apache2 in Debian if it
exists and /etc/apache otherwise. (Closes: 523699)
* Change the wording of errors in tigerexp when the variable does not have a
value (Closes: 523699)
* Throw away errors from executing 'df -t nfs' in scripts/check_network
(Closes: 511803)
* Linux/2/gen_mounts: Added davfs, fuse and ext4 (Closes: 524722, 498468, 512567)
* Update list of Debian advisories
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 25 Apr 2009 14:01:26 +0200
2008
tiger (1:3.2.2-8) unstable; urgency=low
* Acknowledge NMU (Closes: #503282) * Fix Makefiles so that the explanation index file is generated and distributed properly (Closes: #507028) * system/Linux/2/gen_mounts: - Added ecryptfs, used by ecryptfs-utils (Closes: 506512) - Fix bashism (Closes: #505939, #505939) * Update Standards-Version to 3.8.0: - Added a Homepage field in debian/control * Use debhelper version 5 * Lintian fix: - Comment out DH_COMPAT definition in debian/rules - Fixed debian/watch file used by uscan by adding a version and a proper location for upstream updates
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 27 Nov 2008 23:47:16 +0100
tiger (1:3.2.2-7.1) unstable; urgency=medium
* Non-maintainer upload.
* Patched Makefile.in to make clean and distclean targets use
doc/Makefile.in when recursing the clean target. (Closes: #503282)
-- Jonny Lamb <jonny@debian.org> Fri, 24 Oct 2008 16:14:23 +0100
tiger (1:3.2.2-7) unstable; urgency=low
* Fix bashism in check_patches script (Closes: #502672)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 19 Oct 2008 12:45:38 +0200
tiger (1:3.2.2-6) unstable; urgency=medium
* Bring changes from CVS to gen_mounts, amongst other fixes:
- Adds definitions for the following filesystems: reiser4, securityfs,
fuse.gvfs-fuse-daemon, fuseblk, fuse.truecrypt, fuse.encfs, debugfs, afs,
configfs, gfs, gfs2, inotifyfs, hugetlb, subfs, futexfs and bind.
(Closes: #498203, #483727, #469685, #490344, #490822, #451879)
(LP: #155211)
- Make it possible to define system-specific local and non-local
filesystems through the use of the Tiger_FSScan_Local and
Tiger_FSScan_NonLocal variables in tigerrc.
- Make it possible to prevent the 'unknown filesystem' warnings through
the use of a new tigerrc variable: Tiger_FSScan_WarnUnknown
* Use prelink to calculate checksums if present (Closes: #445531, #349391)
* Use /var/lib/tiger/work instead of /var/run/tiger/work to be
FHS-compliant. It also avoids spamming people using a tmpfs /var/run
with warning messages every time it creates its directory. (Closes: #486591)
* Use tempfile in the config script to create the RC file if available, the
$$ construct is used in a safe directory (WORKDIR) but this way people
doing a cursory look at the code will not report (or try to fix, as in
Ubuntu) inexistant temp race conditions.
* Add code in Makefile.in and doc/Makefile.in (new file) to make it possible
to build and remove the HTML files generated from the text files so that
we do not distributed autogenerated content.
* Also change Makefile.in to make 'all' actually be useful so that the build
targets builds binaries (binaries were being built on install instead)
* Update list of Debian advisories to current date.
* Add a ignore for Debian to prevent Tiger from complaining about fetchmail
processes.
* Add additional samples for server processes to debian/server.ignore
* Remove double linefeed in debian/changelog
* Use UCF to handle configuration file changes to prevent prompting when
upgrading to tiger versions that change the tigerrc. (Closes: #341595)
* Remove stale left file created in /usr/lib/tiger/bin if it exists on purge
* Lintian fixes:
- Remove coreutils Depends as it is an Essential package
- Remove code in postinst related to an ancient bug and associate
debconf prompts.
- Make the following scripts executable: systems/Linux/1/check,
systems/Linux/1/gendlclients, systems/Linux/1/getdisks,
systems/Linux/2/update_advisories.sh
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 09 Sep 2008 00:28:35 +0200
tiger (1:3.2.2-5) unstable; urgency=low
* Acknowledge NMU, which was not acknowledged in the previous package
version.
- Fix bashism in 'tigercron' script (Closes: #468700)
- Bump Standards-Version to 3.7.3.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 31 Aug 2008 14:47:18 +0200
tiger (1:3.2.2-4) unstable; urgency=low
* Fix a temp race condition in the genmsgidx script if the system
has a tempfile function (Closes: 496415)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 26 Aug 2008 12:00:16 +0200
tiger (1:3.2.2-3.1) unstable; urgency=medium
* Non-maintainer upload. * Fix bashism in 'tigercron' script (Closes: #468700) * Bump Standards-Version to 3.7.3.
-- Chris Lamb <chris@chris-lamb.co.uk> Sat, 12 Apr 2008 04:35:43 +0100
tiger (1:3.2.2-3) unstable; urgency=low
* Fix encoding of changelog and copyright files (Closes: #454024)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 11 Feb 2008 22:28:40 +0100
2007
tiger (1:3.2.2-2) unstable; urgency=low
* Remove all configuration files on purge, including tiger.default if
it exists (which is not a conffile since 1:3.2.1-36 and might be
a leftover) (Closes: #455108)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 09 Dec 2007 15:36:44 +0100
tiger (1:3.2.2-1) unstable; urgency=low
* New upstream release
* Remove debian/ dir from upstream's tarball to prevent FTBFS
(Closes: #450479)
* Fix scripts:
- scripts/check_crontabs, scripts/check_apache, scripts/check_xinetd:
Change message calls so that they can be filtered (Closes: #411534)
- scripts/check_apache: Fix the way the configuration file is handled
to obtain the IP address and port (Closes: 436904)
- systems/Linux/2/gen_cron: Handles properly the case when the special
@daily,@reboot, etc. definitions are used instead of real times. Also
fix bug deailing with variables in crontab contents (Closes: 418440)
* Add 'fuse' to the list of valid filesystems (Closes: #449439)
* Add Dependency on bsdmainutils to get the COLUMN command (Closes: 448975)
* Add Portuguese translation, thanks LuA-sa LourenA§o (Closes: 440372)
* Modify update-advisories to skip directories with 'data' in the name
* Update the advisories list
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 08 Nov 2007 02:20:09 +0100
tiger (1:3.2.1-38) unstable; urgency=low
* systems/Linux/2/gen_mounts, vmblock is now recognised as a non-local FS.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 27 Jun 2007 00:46:54 +0200
tiger (1:3.2.1-37) unstable; urgency=low
* systems/Linux/2/check_rcumask: Fix syntax error (Closes: #430224)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 23 Jun 2007 15:52:58 +0200
tiger (1:3.2.1-36) unstable; urgency=low
* Fix the location of Tiger's default file (Closes: #426182) * Updated the Debian advisories listing (as of today, latest DSA is 1316) * Changed the maintainer's email address * system/Linux/2/check_lilo: run the boot loader check if on amd64 (Closes: #412669) * system/Linux/2/deb_checkmd5sums: Fix the script so that it understands properly the "new" md5sum format (Closes: #412822) * Add new suid files to the list of SUIDs at system/Linux/2/suid_list (Closes: #417330) * scripts/check_devices: Extend the list of EXPECTEDDIRS for Linux to cover udev-specific dirs (Closes: #417940, #420488) * systems/Linux/2/check_rcumask: Skip comment lines defining umask (Closes: 418531) * scripts/check_ftpusers: Skip this check if there is no FTP daemon installed (Closes: #420486) * scripts/check_printcap: Skip this test if CUPS is installed (Closes: #420487) * system/Linux/2/gen_mounts: Added fusectl to the local filesystems (Closes: #409386) * Debconf translations: - Included Dutch translation provided by Bart Cornelis (Closes: #414768) - Included Portuguese translation provided by LuÃsa Lourenço (Closes: #415534)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 22 Jun 2007 01:04:17 +0200
2006
tiger (1:3.2.1-35) unstable; urgency=low
* [scripts/check_rootkit]
Send stderr output of chkrootkit to /dev/null to avoid the 'warning, got
bogus unix line' messages that netstat might output (Closes: #223847)
* Update advisories
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 30 Nov 2006 21:42:23 +0100
tiger (1:3.2.1-34) unstable; urgency=low
* Linux/2/gen_mounts - Added selinuxfs to local FS (Closes: #397832) * scripts/check_accounts - Redirect find errors in home directories to /dev/null, prevents root being sent errors when using NFS mounted home directories with root_squash. Thanks to Matus Harvan for the patch (Closes: #386163) * Update Debian advisories lists.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 10 Nov 2006 16:01:21 +0100
tiger (1:3.2.1-33) unstable; urgency=low
* Fix typo in check_rootkit script, thanks to Michael Cihar (Closes: #385475)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 31 Aug 2006 23:04:43 +0200
tiger (1:3.2.1-32) unstable; urgency=low
* Modify config so that it will attempt to create a working directory if
it does not exist (Closes: #366919)
* [scripts/check_rootkit] Introduce Tiger_CHKROOTKIT_ARGS so that
admins can ajust the behaviour of CHKROOTKIT (defaults to '-q')
(Closes: #320341)
* Include output of chkrootkit when a file is INFECTED (Closes: #277533)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 30 Aug 2006 14:13:42 +0200
tiger (1:3.2.1-31) unstable; urgency=low
* systems/Linux/2/deb_checkmd5sums: Fix Ubuntu bug 50611 by excluding dev/
and lib/udev/devices/ from the md5sum test, thanks to Richard Laager
for the patch (Closes: #383400)
* systems/Linux/2/check_neverlogin: handle users prepended with domains
(DOMAIN\user) properly (Closes: #344890)
* Update advisories from Debian as of today.
* Simplify dependencies (just use coreutils) (Closes: #368713)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 17 Aug 2006 07:51:17 +0200
tiger (1:3.2.1-30) unstable; urgency=low
* Fix deb_nopackfiles to kip directories that are symbolic links, this
happens with /usr/X11R6/bin as the latest Xorg package versions just
symlink this to /usr/bin/ (Closes: #367931, #373790)
* Fix deprecated syntax with sort that made the cron job spout warnings.
Thanks to Cyril Chaboisseau and Adam James for providing a patch
(Closes: #369501)
* Fix check_listeningprocs to prevent it from botching when udp6 services
are up (Closes: #375165)
* Updated information of DSAs (should someday include information based
on the DTSA archive but I'd rather use OVAL...)
* Add some more TODOs
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 5 Jul 2006 02:30:25 +0200
tiger (1:3.2.1-29) unstable; urgency=low
* Fix check_accounts to properly review the contents of .forward files.
Thanks to Rainer Schopf for the fix (Closes: #329610)
* Added cifs to the non local filesystems in gen_mounts (Closes: #329813)
* Use TAIL in Linux scripts conforming to POSIX 1003.2-1992 (Closes: #339090)
* check_accounts: Add quotation marks to Tiger_Admin_Accounts to prevent
errors if empty (Closes: #342181)
* check_devices: Handle the special case of having " in filenames by
quoting the character (Closes: #355096)
* Nice Tigercron by default, users wishing to change the nice can adjust
it in /etc/default/tiger (Closes: #334186, #325257, #339655)
* Disable signature checks in the default tigerrc since those provided are
not updated, debsums is prefered in Debian (Closes: #327486)
* Update the list of advisories in debian_advisories
* Debconf translations:
- Added Vietnamese translation provided by Clytie Siddall (Closes: #322301)
- Added Swedish translation provided by Daniel Nylander (Closes: #343731)
* Use debhelper compatibility version 4 (it was about time!)
* Lintian fix: eliminate duplicate Recommends/Depends on binutils
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 20 Apr 2006 23:05:48 +0200
2005
tiger (1:3.2.1-28) unstable; urgency=low
* Added a dependency on "| debconf-2.0" as requested by Joey Hess
* Use Debhelper compatibility version 4
* Updated to latest CVS code:
- gen_passwd_sets: Create a src file if using LDAP (Closes: #319815)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 4 Aug 2005 19:16:22 +0200
tiger (1:3.2.1-27) unstable; urgency=low
* Updated to latest CVS code, with some new fixes and patches including:
- check_accounts: Check for null $uids before using them in comparisons
(Closes: #312080)
- check_runprocs: Use comm instead of fname (Closes: #308486)
- Linux/gen_mounts: Changed extraction from mount command
so it can cope with whitespaces in mount locations, added sanity
check and fix a bug that mangled $fs (Closes: #315435)
- Makefile.in: install files needed to run tiger -G (Closes: #319468)
* German translation update of debconf templates provided by Erik Schanze
(Closes: #311857)
* Updated to latest batch of Debian advisories
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 22 Jul 2005 16:50:33 +0200
tiger (1:3.2.1-26) unstable; urgency=low
* Updated to latest CVS code, with some new fixes and patches including:
- check_listeningprocs (generic and Linux versions): Proper check for
processes in loopback (Closes: #307695)
- Linux/check_passwdspec: Better fix for pwd=! (Closes #308141)
- Linux/deb_checkmd5sums: Prevent issues with /usr/bin/[ by adjusting
GREP calls (Closes #305484)
- Linux/gen_mounts: Added auto, udev when using on /dev,
capifs and nfsd. (Closes: #305670 #307802 #307887 #308585)
Note to self: Bug mount manpages since none of these are listed
there...
- Linux/gen_passwd: Add LDAP password support with patch provided by Micha
Kersloot (Closes: #307505)
- Documentation improvements (README.Sources and TODO)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 14 May 2005 12:52:09 +0200
tiger (1:3.2.1-25) unstable; urgency=low
* Updated to latest CVS code:
- Add afs as a non-local filesystem, and auto as a local filesystem
(Closes: #305670)
- Improve manpage wording
* Provide a default value for Tiger_Running_Procs instead of leaving
it empty
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 21 Apr 2005 20:09:45 +0200
tiger (1:3.2.1-24) unstable; urgency=medium
* Updated to CVS code:
- Fixed Linux/2/gen_mounts code which broke with the patches
implemented before the previous upload.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 18 Apr 2005 18:23:30 +0200
tiger (1:3.2.1-23) unstable; urgency=low
* Updated to CVS code, this changes:
- gen_mounts now considers valid and non-local many more filesystems
(as described in mount(5)) including devfs (Closes: #304956, #304555,
#304557)
- check_listeningprocs will now check against both fname and comm and
strips the arguments of the command (this is an improvement over the
fix done in #288086)
- check_network_config properly checks ICMP redirects and the message
generation is fixed now it also now checks for local iptables rules
(Closes: #304957)
- several typo fixes in doc/linux.txt
* Updated DSA listing
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 16 Apr 2005 22:19:50 +0200
tiger (1:3.2.1-22) unstable; urgency=low
* Added some more valid but non-local filesystems ('none', 'binfmt_misc',
'autofs') to gen_mounts (Closes: #302646)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 2 Apr 2005 13:07:07 +0200
tiger (1:3.2.1-21) unstable; urgency=low
* Added the sysfs as a valid (local, but not reviewed) filesystem
(Closes: #302612)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 2 Apr 2005 01:52:34 +0200
tiger (1:3.2.1-20) unstable; urgency=low
* Upgraded to latest CVS sources:
- Depend on binutils (Closes: #301451)
- (check_rootdir) Do not warn on the inode if the root filesystem is not
ext2|3 (Closes: #298305)
- (check_runprocs) Use comm instead of fname so that the names of the
processes are not truncated (Closes: #288086)
- (check_lilo) Only run if running on the x86 architecture (Closes: #288737)
- (check_single) Only run if running on the x86 architecture (Closes: #288737)
- (check_passwdspec) Fixed password aging check. Separate all checks
so that they prevent bugs if pwd="!" (Closes: #297889)
- (deb_checkmd5sums) Do not warn if the md5 file is not present in the
list file (Closes: #299935)
- (deb_nopackfiles) Remove uneeded {} (Closes: #297889)
- Also fixes a number of documentation typos fixed by Nicolas Francois
* Updated advisories
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 31 Mar 2005 17:14:50 +0200
2004
tiger (1:3.2.1-19) unstable; urgency=low
* tigercron
- Fixed invalid From: header based on Robert Loomans' patch. This bug
was introduced by the previous release. (Closes: #287780)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 30 Dec 2004 09:00:19 +0100
tiger (1:3.2.1-18) unstable; urgency=low
* systems/Linux/2/check_lilo:
- Fixed grub.conf naming (Closes: #286641)
* scripts/check_passwd:
- Delete temporary passwd files only on exit (Closes: #284899)
* debian/server.ignore:
- Added a sample ignore line for users accessing a remote server
with X11Forwarding set to 'on' (Closes: #284220)
* scripts/check_passwdformat:
- Maximum user and group length set to 32 (Closes: #283446)
(probably needs to be moved to systems/Linux/2/ since it's
Debian-specific)
* tigercron, tigerrc:
- Added Tiger_Mail_FROM feature (Closes: #243517)
* Disabling signature checks since they cannot be relied on (use
Tripwire, Aide, Samhain, Integrit, bsign or any other intecrity checker
instead), moreover deb_checkmd5sums already does it for Debian...
(Closes: #274625)
* Added Czech debconf translation provided by Miroslav Kure (Closes: #287301)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 27 Dec 2004 19:18:53 +0100
tiger (1:3.2.1-17) unstable; urgency=low
* Quoted homedir uses in check_rhosts and check_netrc (Closes: #282211)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 21 Nov 2004 11:56:57 +0100
tiger (1:3.2.1-16) unstable; urgency=low
* Updated advisories
* Fixed gen_group_sets to work properly in NIS environments for Linux
and Tru64 (Closes: #281608)
* Fixed eval in check_accounts so that find is _only_ executed for users
which are not part of Tiger_Admin_Accounts, this prevents Tiger from
going and using remote filesystems (i.e. /var/autofs/ because in
Debian 'operator' has /var as his home dir). It also should speed
up this check a lot. This shows why Tiger_Admin_Accounts is a bad
idea and Tiger_Accounts_Trust should be used instead (or add a
Tiger_Accounts_Admin) (Closes: #280653, #280654)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 17 Nov 2004 15:15:21 +0100
tiger (1:3.2.1-15) unstable; urgency=low
* Lintian fixes:
- Updated Standards-Version
- Removed cvs conflict copy files
- Changelog is now UTF-8
* Use C locales to avoid scripts/check_system from breaking up (Close: #270108)
* deb_checkmd5sums's regexep now excludes usr/share/doc/ (Closes: #264111)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 13 Sep 2004 11:12:08 +0200
tiger (1:3.2.1-14) unstable; urgency=low
[ as suggested by Tilman Koschnick ]
* Allow delete() to remove files from LOGDIR so that reports generated
by tiger -e are removed proplerly (Closes: #262523)
* Symlink /usr/lib/tiger/tigexp to /sbin/tigexp so that tiger -e works
(Closes: #262518)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 1 Aug 2004 18:19:18 +0200
tiger (1:3.2.1-13) unstable; urgency=low
* Updated to CVS changes which fix a problem in the gen_passwd_sets
script which would make duplicates appear in the passwd files.
Thus generating a lot of false positives (in the check_passwd script)
Also removes some other duplicates in the check_passwdformat script
and updates the Debian advisories listing.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 27 Jun 2004 21:25:27 +0200
tiger (1:3.2.1-12) unstable; urgency=low
* Updated to latest CVS code fixing:
- [check_known] Do not call LS directly with all files but use a for loop
(Closes: #246600)
- [deb_nopackfiles] Made the dirlist variable so that directories which
do not exist are not checked for (Closes: #254574)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 27 Jun 2004 13:58:24 +0200
tiger (1:3.2.1-11) unstable; urgency=low
* Updated to latest CVS code which fixes:
- [check_accounts] Try to avoid eval problems if user/shells/directories
contain non-empty (but invalid) characters (such as space)
(Similar changes in some other scripts to avoid breakage in similar
situations)
(Closes: #246987)
- [check_passwd] Define Tiger_Passwd_Hashes if not defined
(Closes: #246885)
- [deb_checkmd5sums] Fixed patch provided by Chung-chieh Shan
(Closes: #234811)
* Remove check_finddeleted from the default configuration since it
is prone to a lot of false positives, also, it depends on LSOF
(which is only recommended). I will reenable this sometime in
the future and (maybe) provide a Debian-specific script to just
monitor for daemons that are using outdated libraries
(Closes: #249331)
* Send filesystem scans error output to /dev/null (need to fix this
in scripts/find_files by not following symbolic links that point
nowhere, this is an interim fix)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 20 May 2004 09:31:23 +0200
tiger (1:3.2.1-10) unstable; urgency=low
* Removed evals from tigerrc and make proper sourcing in
Tiger_PATH_OK_Group_Write (Closes: #236419)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 6 Mar 2004 11:00:55 +0100
tiger (1:3.2.1-9) unstable; urgency=medium
* Added Danish debconf translation (Closes: #235066) * Fixed errors in check_finddeleted (Closes: #235951) * Added some more common servers to the server.ignore example * Fix error in deb_checkmd5sums with patch from Chung-chieh Shan which avoids failure on packages whose names contain "." (Closes: #234811) * Minor change in check_passwd to detect if no shell is defined for a given user (as suggested by raoul bhatia)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 3 Mar 2004 13:13:05 +0100
tiger (1:3.2.1-8) unstable; urgency=low
* check_rcumask: Proper warning if no umask settings are defined
(Closes: #234661)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 25 Feb 2004 20:39:16 +0100
tiger (1:3.2.1-7) unstable; urgency=low
* Updated from CVS which includes a number of improvements including
the following (relevant to Debian bugs):
- Added more information on check_finddeleted regarding
how to use it and remove spurious errors. This script
will not give false positives any longer on some special
characterr) files like /dev/console or /dev/null and has
reduced its output to something more managable (there is
only one message per deleted file now)
(Closes: #232704,#231148, #225112)
- Fixed password definitions adding the 'g-Z' 'A-Z' and
'.' sets (Closes: #227596)
- Many scripts now controls YPCAT errors to printing errors in
hosts that are not properly configured.
(i.e. nsswitch.conf is defined to use NIS but there's no NIS
host) Errors are redirected to /dev/null when YPCAT is not
required as many systems do not include it, specially in Debian.
(Closes: #225910)
- Check_crontab will only warn if neither cron.allow
or cron.deny exist (Debian bug #226362)
* Default cronrc no longer runs check_finddeleted as often since it's
prone to false positives (even if it can be customised through the
ignore mechanism, see /usr/share/doc/tiger/examples/server.ignore)
* Added French template translation provided by Christian Perrier
(Closes: #226883, #224700)
* Fully translated the spanish template.
* Updated to include latest Debian advisories.
* debian/rules now uses mandir (/usr/share/man/) in configure call.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 24 Feb 2004 21:21:19 +0100
2003
tiger (1:3.2.1-6) unstable; urgency=low
* The cron.d taks will only run if tigercron is executable, this avoids
cron.d from running tiger if it has been removed but not purged
(thanks to Thomas Lange for noticing this mistake)
* Included patch from Nicholas François which makes Tiger not warn
on manpage files purged through localepurge (Closes: #219728)
* Added To: line in tigercron (Closes: #218363)
* Added Japanese translation contributed by Hideki Yamane (Closes: #224185)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 20 Dec 2003 13:49:38 +0100
tiger (1:3.2.1-5) unstable; urgency=low
* Updated from CVS to fix reported bugs:
* fixed typo in check_lilo (Closes: #221470)
* This update also provides a number of fixes/enhancements which
will be available in the next release:
* check_crontabs adds more information in messages
* check_inetd does not report the services as not protected if
TCP wrappers are undefined
* per interface promiscuous detection with 'ip' for more accurate
results in check_known
* check_passwd message fix
* shadow password check is no longer in check_passwdformat (move to
account checks)
* check_rootdir checks ownership
* check_services will not misreport for services not defined
* check_ssh needs to run through bash
* check_xinetd fixes syntax error
* YP -> YPCAT in all operating systems
* Proper definitions for AIX
* HPUX fixes
* Tiger now runs check_xinetd or check_inetd depending on which
configuration file is available.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 6 Dec 2003 22:10:02 +0100
tiger (1:3.2.1-4) unstable; urgency=low
* Updated from CVS sources to fix reported bugs
* Updated check_root so mesg check is not done when running
in cron (Closes: #218056, #220924)
* Updated check_lilo now locates grub file properly (Closes: #218771)
* Updated check_passwd fixes syntax error (Closes: #219086)
* deb_checkmd5sums detect local diversions and avoid problems with
duplicate conffiles (Closes: #219727, #220325)
* check_release fixed typeset bashism (Closes: #219764)
* deb_checkmd5sums now uses -F to avoid warning on /usr/bin/[
(Closes: #220946)
* config add sendmail_cf location
* Updated advisories list.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 16 Nov 2003 13:10:08 +0100
tiger (1:3.2.1-3) unstable; urgency=low
* Updated from CVS sources to latest Tiger changes including:
- Check_rootkit no longer complains if chkrootkit is not installed
(Closes: #215885)
- Fixes check_network_config return values (Closes: #215891)
- Fixes inittab's false positives (Closes: #215872)
- Fixes bashisms ini scripts (Closes: #215896)
- Fixes initdefs delete() in order for check_chkrootkit removal to work
properly (Closes: #215882)
* Debian/rules now sets SHELL=/bin/bash (Closes: #198856)
* Updated to latest advisories
* Now depends also on coreutils (X | corerutils) (Closes: #215487)
* Added device baseline to debian.ignore (Closes: #194956)
* Removed check_sendmail from check.tbl so that it does not get run by
check_system (Closes: #2158739)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 19 Oct 2003 23:56:50 +0200
tiger (1:3.2.1-2) unstable; urgency=low
* The "Happy Birthday! (to me)" Release, now uploaded to unstable.
* New upstream version, which includes is fully integrated with
TARA 3.0.3 and provides quite a number of bugfixes, checks and new
documentation.
* Changes relevant to reported Debian bugs include:
- Adds support for diversions and conffiles in deb_checkmd5sums
(Closes: #211329, #162589)
- Provides documentation for check_logfiles (Closes: #195192)
- Adds support for HP-UX in several scripts (Closes: #195200, #197220)
- Changes gen_passwd_sets under Linux to identify des or md5
(Closes: #197221)
- Removes debug messages from check_rootdir (Closes: #197219)
- Added tigercron.8 manpage (Closes: #148291)
- OS-specific scripts are run before generic ones, since the Linux
version of check_listeningprocs is different than the generic one
it will be prefered and run (Closes: #200778)
- Deb_nopackfiles no longer uses long arguments in the grep call
and has been speed-optimized (Closes: #201577)
- Deb_nopackfiles also now sends FIND errors to void since they
are not used and might confuse users who do not have X
installed (Closes: #207904)
- check_path now uses -L to follow symlinks (Closes: #161993)
- Adds new password check for empty passwords (Closes: #197228)
- Fixed typo in accounts.txt spotted by Philipp Weis (Closes: #211793)
- check_passwdformat provides an improved message and allows daemon
in uid 1 (Closes: #211328)
- also, check_passwdformat now will not warn on lenght issues for
locked users. (Closes: #211327)
* Added -XMacOSX to exclude the new OS provided upstream.
* Modified debian/rules to move the MacOSX and Tru64 directories to
tiger-otheros
* Added patch for new po-debconf format (Closes: #186800)
* (but changed it so that the 'root' user is not translatable)
* Updated to latest Debian advisories.
* Forced to start using epochs due to how I messed the experimental
packages (3.2.1rcX > 3.2.1!)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 10 Oct 2003 19:19:36 +0200
tiger (3.2.1-1) experimental; urgency=low
* New upstream version, which includes is fully integrated with
TARA 3.0.3 and provides quite a number of bugfixes, checks and new
documentation.
* Changes relevant to reported Debian bugs include:
- Adds support for diversions and conffiles in deb_checkmd5sums
(Closes: #211329, #162589)
- Provides documentation for check_logfiles (Closes: #195192)
- Adds support for HP-UX in several scripts (Closes: #195200, #197220)
- Changes gen_passwd_sets under Linux to identify des or md5
(Closes: #197221)
- Removes debug messages from check_rootdir (Closes: #197219)
- Added tigercron.8 manpage (Closes: #148291)
- OS-specific scripts are run before generic ones, since the Linux
version of check_listeningprocs is different than the generic one
it will be prefered and run (Closes: #200778)
- Deb_nopackfiles no longer uses long arguments in the grep call
and has been speed-optimized (Closes: #201577)
- Deb_nopackfiles also now sends FIND errors to void since they
are not used and might confuse users who do not have X
installed (Closes: #207904)
- check_path now uses -L to follow symlinks (Closes: #161993)
- Adds new password check for empty passwords (Closes: #197228)
* Added -XMacOSX to exclude the new OS provided upstream.
* Added patch for new po-debconf format (Closes: #186800)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 19 Sep 2003 02:33:00 +0200
tiger (3.2-4) unstable; urgency=low
* Updated to latest debian advisories
* Modified postinst so it does not break when a user enters an e-mail
address which includes a @ by using sed instead of Perl (Closes: #194955)
* Included a check to only ask the debconf tiger/mess question if
there is any cruft from previous versions.
* Fixed check_logfiles including some of the things provided by Ryan
Bradetich and some other fixes to make it output less false positives
on Debian GNU/Linux (Closes: #195199)
* Fixed regular expression in Linux's config to support some older versions
of fileutils (Closes: #197218)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 20 Jun 2003 21:16:02 +0200
tiger (3.2-3) unstable; urgency=low
* Modified util/difflogs to sort files in order to not report
spurious differentes.
* Fixed tigercron (again), since the previous fix was not done
ok.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 12 May 2003 22:52:15 +0200
tiger (3.2-2) unstable; urgency=low
* Fix tigercron which was broken upstream (when the echo
was removed). This broke the IDS functionality since
tigercron never checked for changes!
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 11 May 2003 21:26:04 +0200
tiger (3.2-1) unstable; urgency=low
* New upstream version
- False positives in services fixed (Closes: #132278)
- Check_exports produces proper output (Closes: #162453)
- Checks have been separated, now each check file prints it's
comment (Closes: #165766)
- Using the new ignore mechanism (better than the differential
mechanism) this package now provides a baseline for Debian GNU/Linux,
hopefully this will make Matt test again this package :-)
(Closes: #164308, #172375)
- The new ignore mechanism can now be used to avoid false positives,
please customize as needed and read the notes on the
check_listeningprocs script (Closes: #136991)
- Tigexp now gets modified by the Makefile (Closes: #189864)
* Fixed dh_make boilerplate
* Changed debian/rules to 'mv' the systems to tiger-otheros
* Added tiger.ignore to conffiles
* Modified Makefile so that it installs scripts with proper (fixed)
permissions
* Updated Debian advisories (with update-advisories)
* Fixed syntax error in check_issue (thanks to lintian!)
* Added logo to the docs (!)
* Fixed error in IRIX script
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 10 May 2003 00:47:51 +0200
tiger (3.2rc3-3) experimental; urgency=low
* Added -q option to be used when running tigercron
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 26 Apr 2003 13:41:35 +0200
tiger (3.2rc3-2) experimental; urgency=low
* Fixed cron to tigercon in the cron.d file
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 23 Apr 2003 22:02:07 +0200
tiger (3.2rc3-1) experimental; urgency=low
* New release candidate.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 23 Apr 2003 13:30:32 +0200
tiger (3.2rc2-1) experimental; urgency=low
* Experimental version, fixes bugs but might introduce new ones.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 21 Apr 2003 17:57:40 +0200
tiger (3.2rc1-1) experimental; urgency=low
* New upstream version
- False positives in services fixed (Closes: #132278)
- Check_exports produces proper output (Closes: #162453)
- Checks have been separated, now each check file prints it's
comment (Closes: #165766)
- Using the new ignore mechanism (better than the differential
mechanism) this package now provides a baseline for Debian GNU/Linux,
hopefully this will make Matt test again this package :-)
(Closes: #164308, #172375)
- The new ignore mechanism can now be used to avoid false positives,
please customize as needed and read the notes on the
check_listeningprocs script (Closes: #136991)
- Tigexp now gets modified by the Makefile (Closes: #189864)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 16 Apr 2003 00:29:45 +0200
2002
tiger (3.1-5) unstable; urgency=low
* Included some of the changes that will be in the next Tiger release * Config now sets the locale to POSIX (just in case it breaks some tests) * Check_listeningprocs now works with multiple program names (Closes: #164898) * Recovered the fixes from 3.0-2 which has made an old bug surface (Closes: #164307, #166176, #166744) * Updated to latest advisories * Removed debugging output from systems/Linux/2/check_neverlogin
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 28 Oct 2002 17:51:03 +0100
tiger (3.1-4) unstable; urgency=medium
* Fixed LOGDIR in tigercron.in which was making templates not work. * Remove all the /var/log/tiger* files.. sorry for the mess :( * Added a new configuration note in order to ask the user for the removal of the previous files instead of removing them without asking.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 14 Oct 2002 15:30:03 +0200
tiger (3.1-3) unstable; urgency=low
* Removed DSA update in the package build (Closes: #164216) * Updated to latest DSAs
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 11 Oct 2002 09:09:43 +0200
tiger (3.1-2) unstable; urgency=low
* Added Build-Depends on autoconf since it's the only new thing for building that has been included upstream. (Closes: #163969)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 10 Oct 2002 12:48:25 +0200
tiger (3.1-1) unstable; urgency=low
* New upstream release which includes some fixes for Debian bugs such as the "don't regenerate index" (Closes: #162590) * Made debian/rules update automatically the advisories file (which is now named debian_advisories so the previous chmod -x is not needed) * Automatically remove CVS dirs from the package (Closes: #154343) * Fixed bashisms in check_rcumask (Closes: #159444) * Changed check_passwd to not send false positives in Debian, it should be fixed, however to support PAM too (Closes: #162593) * Updated DSAs are now available
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 25 Jul 2002 19:37:41 +0200
tiger (3.0-3) unstable; urgency=low
* Updated to latest advisories.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 7 Aug 2002 10:33:47 +0200
tiger (3.0-2) unstable; urgency=low
* Changed Linux' config file so that it sets LSGROUPS to nothing Due to a change in fileutils-4.1.1 which changed the standard behavior from "showing groups (but really doing nothing)" to "not showing the owner" ! (Closes: #155588) * Modified config to set the environment properly (this was the first workaround I tried for the previous bug, didn't fix it but it seems better to leave the locale's environment, just in case...)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 6 Aug 2002 17:06:01 +0200
tiger (3.0-1) unstable; urgency=low
* New upstream release (based on savannah sources)
* Fix in order for deb_checkmd5sums to work with all sources (it was
limited due to a stupid bug)
* Included latest DSA advisories
* The new package provides a very short diff since changes regarding
Debian are added to the upstream sources too.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 18 Jun 2002 13:28:18 +0200
tiger (2.2.4p2-5) unstable; urgency=low
* Added a GPL header to all the important scripts/files used by the
program (this means /, /scripts and /systems/{default,Linux}.
This was a requirement for adding tiger as a new project to the
savannah site.
(probably next upstream version and Debian diff file will be
reduced since I intend to make the current Debian codebase
upstream's 2.2.4p3)
* Added a new check scripts/check_runprocs (not currently configured to
run since it needs sysadmin to configure tigerrc properly to determine
which processes should be checked for)
* Added some more information to the README.Debian file and rewrote
some paragraphs.
* Written some notes on how to use Tiger as a host IDS.
* Chmod'ed many scripts in order to avoid lintian warnings.
* Changed tiger so it first reads tigerrc in the local directory
(useful for testing the package without installing or to use the tar.gz
in other environments)
* Fixed the scripts/check_anon in order to test if ftphome/etc/passwd
exists before grep'ing it.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 11 Jun 2002 23:02:12 +0200
tiger (2.2.4p2-4) unstable; urgency=low
* Incorporated TARA changes including:
- Changed acc006 from FAIL to WARN (scripts/check_accounts).
- Added -H option for HTML output.
- Fixed scripts/check_cron for problems in entries.
- Fixed scripts/check_exports to avoid false positives.
- Fixed scripts/check_path due to problems with parse_csh.
- Change scripts/check_perm to not warn when owner is bin and
changed calls of echo to message().
- Made some of the changes provided by ARC in scripts/check_inetd
(save for the SORT and JOIN changes which do not seem to work)
- Changed scripts/sub/check_devs to work with IRIX 6.5
- Changed GROUPS to GROUPSS as ARC team does since it (might)
be a readonly variable in some shells (see bash(1)). Even though
it is not used in any script.
* Created a new package to provide all the scripts for other operating
systems (Warning: you still need to compile the C programs: getpermit,
md5, realpath, snefru and testsuid in those platforms for tiger to work
fully).
* Added Tiger_Check_SYSTEM to the distributed tigerrc
* Added some Linux specific checks (gdm, xdm) in scripts/check_root
* Created (new) systems/Linux/2/check_inittab script (for ctraltdel issue
from Bastille).
* Created (new) systems/Linux/2/check_rcumask script to check umask settings
for the RC boot scripts.
* Created (new) scripts/check_ftpusers script to check for administrative
users that are allowed access in the FTP server.
* Created (new) scripts/check_tcpd script to check for changes in the
way inetd services are being protected through the use of tcp_wrappers.
This script has been written based on check_inetd.
* Modified scripts/check_sendmail to check for sendmail.cf's banner
* Note. This new scripts have not been added to the cron entry. They will
only be run when running the 'tiger' script.
* Written some README files: howto write modules (README.writemodules),.
how much time does it take for scripts to run (README.time), and
information on making signatures (README.signatures)
* Changed tigexp to work if issued -F with no second argument
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 26 May 2002 01:58:53 +0200
tiger (2.2.4p2-3) unstable; urgency=low
* Fixed typo in spanish template description.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 14 May 2002 13:49:33 +0200
tiger (2.2.4p2-2) unstable; urgency=low
* Fixed filesystem permissions (execution bit) for Linux specific
scripts
* Changed scripts/check_anon to avoid error when checking for
$ftphome/etc/passwd.
* Updated security advisories.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 10 May 2002 09:55:41 +0200
tiger (2.2.4p2-1) unstable; urgency=low
* This is the "I finally merged with Bryan Gartner's tarball" release
* Cosmetic upgrade in version number due to too many changes in the
sytem specific checks (AIX, Solaris et al.) derivated from tara sources.
(thus this release might be labeled "new upstream", avoid 2.2.4p1 since
it is used in TAMU's distribution)
* Updated to latest debian DSAs.
* Next release will have a new package to provide all the scripts for
other Operating systems so that a central Debian server can be used
with network filesystems as a single point of script distribution.
* Included tara's new check and scripts checks: devices, issue,
lilo, logfiles, network, patches, release, root, rootdir, single and
tripwire_run (this last one is deactivated in Debian since
the package, if installed, will do the checks)
* Included the following systems without changes: AIX-4, IRIX-{4,5,6},
Linux-1, Next-3, UNICOS, UNICOSMK
* Instead of cp'ing all the SunOS files I ln -s all directories that
were equal in order to reduce space in the source package (and diff)
* Included the two new utils to convert into HTML
* Changed realpath.c, snefru.c as described in CHANGES.ARSC
* Merged patches from ASCR in files: check_accounts, check_cron, check_group,
check_inetd, check_passwd, check_sendmail, systems/Linux/2/gen_mounts,
tiger.
* Updated scripts (not changed in Debian): check_path
* Fixed Linux's gen_cron to include CRONSPOOL and fixed
systems/Linux/2/config to properly configure it (was set to /usr
instead of /var) since it was not used this was not detected until now.
* Updated the tiger configuration file (tigerrc)
* Updated the manpage tiger.8
* Moved check_listening from Linux-specific to all the generic location
(since it will work in any UNIX system with NETSAT).
Changed tigerrc accordingly adding Tiger_Check_LISTENING variable
and renaming the previous variables for this check.
* De-activated RedHat's specific (and written in Perl) check_network
script. TODO: rewrite it in shell script and remove RedHat-specific
stuff.
* Moved the Linux specific checks provided by Paul Telford to
systems/Linux/2/ since they are not appropiate to other systems
(for consistency)
* Fixed check_release as provided by Paul Telford (some typos and not
correctly programmed)
* Applied some of the changes described in the Changes.ARSC. It seems these
were not included in the TARA distribution (for some reason).
REMINDER: ask for these to the ARSC team.
* Fixed check_sendmail's pattern matching (wrong reports on dates) and made
it properly Y2k.
* Fixed (again) the postinst... let's see if I get it right this time...
* Moved the FQDN check from 'tiger' to 'config' (since it is used by both
tiger and tigercron)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 30 Apr 2002 16:16:31 +0200
tiger (2.2.4-22) unstable; urgency=low
* This is the "Yes, I was on vacation fixing bugs release (I)"
* Applied patch Marcel that fixes some long-standing issues, did not change
BASEDIR to basedir since it should work that way but did change typo
which made diff's against previous run not to work (Closes: #139221)
* Fixed Linux/2/gen_export_sets tpo (Closes: #139667)
* Modified Linux/2/config so that findcmd() looks first for binaries generated
by Tiger, including realpath (Closes: #139669)
* Modified deb_checkmd5sum to "understand" locale.nopurge configuration.
Currently experimental, but seems to work fine. Admins that fixed this
through templates will, however, have to remake them (Closes: #123891)
* Since realpath's Linux does not work as tiger's realpath -d, removed it
from the Recommends: (use tiger's instead)
* Added -u option in gen_listeningprocs (UDP sockets are not shown if using
netstat, this was an unreported bug)
* Added warning to the tigerrc regarding user's Tiger_ListeningProc (will
not work if using NETSTAT and not LSOF)
* Added the Tiger_Check_EVERYLISTENING option which will report if a
service is listening on all interfaces, default is Y, if set to 'N'
only processes run by users different from Tiger_ListeningProcs will be
reported. Changed gen_listeningprocs for this to work (Closes: #138855)
* Changed the name of gen_listeningprocs to check_listeningprocs (more
proper and consistent)
* Provided some more documentation in the tiger.8 manpage detailing which
modules are available
* Check_listeningprocs has been modified to allow it to not warn on
processes when using the Tiger_Listening_ValidProc variable in
/etc/tigerrc this allows admins to remove processes which can dynamically
change TCP/IP port (Closes: #134085)
* Changed Tiger_Listening_Proc to Tiger_Listening_ValidUser (more precise).
WARNING: Postinst will not change this from the config file!
* The changes introduced in check_listeningprocs as well as the
check-against-template behavior configuration will (hopefully) reduce greatly
false positives if properly configured (Closes: #126635)
* Set Tiger_Check_CRACK to 'N' by default and removed cron job since this
feature does not work. Added 'john' Recommends: since the Debian package
does provide that feature by itself.
* Added check_sendmail to SCRIPTS in the Makefile (it was not being
installed, unreported bug)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 27 Mar 2002 14:31:14 +0100
tiger (2.2.4-21) unstable; urgency=low
* Changed deb_nopackfile so it also checks the diversions file (Closes: #129343) * Fixed deb_md5sums to work with files with namespaces by using quotes properly (Closes: #129339) * Updated Debian Advisories (cvs, xsane...)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 4 Mar 2002 21:15:25 +0100
tiger (2.2.4-20) unstable; urgency=low
* Fixed check_known's grep which did not work on Solaris boxes... * Fixed systems/SunOS/ so that it can find the CUT command too * Changed scripts/check_known to use HEAD instead of TAIL in the mail spool checks (Closes: #135202) * Changed scripts/check_anon to check if the ftp user is in the system's passwords (Closes: #135205) * Added proper dependecies (based on systems/Linux/2/config) (Closes: #128796) * Added an Tiger_Output_FQDN option so that it uses hostname -f as the system name for reports (Closes: #129526) * Added version.h to the package in order for tiger to determine the current Tiger version. * Fixed debconf note (Closes: #136298) * Added an alternative (and better) template location: /etc/tiger/templates * Updated Debian DSA's
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 1 Mar 2002 09:50:19 +0100
tiger (2.2.4-19) unstable; urgency=medium
* Fixed gen_listeningprocs typo and added SORT to reduce output
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 9 Jan 2002 19:20:19 +0100
2001
tiger (2.2.4-18) unstable; urgency=low
* Fixed the deb_nopackfiles so it uses -x -F and will not be confused by strange file names (i.e. [) this also avoids filenames being interpreted as regular expressions (Closes: #126569) * Fixed deb_md5sums so it does not follow symlinks (sometimes they get followed to unexistant files) * Modified check_accounts so that it does not give warnings for accounts of uid < 999 (system accounts in Debian GNU/Linux) by introducing a new tigerrc variable (Tiger_Accounts_Trust) * Added tiger-2.2.3p1-patch from TAMU * Added some more info to the debian/copyright file * Added the fix_tiger_GROUPS.sh script to a "contrib" area * Added -p option to netstat and reduced output with grep -v STREAM :) * Improved gen_listeningprocs so only uniq processes are shown listening to the same socket, also, UDP sockets are now listed too with lsof and netstat * Fixed check_inetd so it does not do a 'set' when an empty line is found * Modified difflogs intensively since it was not working properly, added a new feature and varialbes in tigerrc so that cron jobs can be compared against "template" (policy-compliant?) runs. This can reduce false positives even if they cannot be reduced in a given module. * Added configurable Tiger_Listening_Procs for gen_listeningprocs to customize for local security policy (Closes: #126635) * Added debconf note (borrowed from snort) to configure mails receiver (Closes: #122256) * Added debconf note to warn the user to adapt to security policy * Fixed lintian errors. * Update DSAs
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 26 Dec 2001 13:48:13 +0100
tiger (2.2.4-17) unstable; urgency=high
* Fixed typo in systems/Linux/2/gen_passwds_setgs (aggggh!! introduced when nisplus was commented out)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 26 Dec 2001 10:18:53 +0100
tiger (2.2.4-16) unstable; urgency=medium
* Added -rf to prerm script when purging.
* Commented nisplus from the gen_passwd_sets since there is no NISCAT in
Linux
* Fixed scripts/check_known so it works properly in NIS environments.
now uses the passwd_set properly instead of passwd_source
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 21 Dec 2001 09:57:28 +0100
tiger (2.2.4-15) unstable; urgency=low
* Changed gen_passwd_sets for Linux so it now recognises NIS/NISPLUS and does not depend on shadow passwords being installed (Closes: #113132, #125792) * /etc/cron.d/tiger now listed in conffiles (Closes: #124142)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 20 Dec 2001 10:33:16 +0100
tiger (2.2.4-14) unstable; urgency=high
* Updated the services file and modified the check_inetd scripts so now it only warns if several services share port numbers (the check was originally made to only handle one service per port) (Closes: #123730)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 13 Dec 2001 10:36:37 +0100
tiger (2.2.4-13) unstable; urgency=low
* Fixed tigercron shell problem which made it not work properly (Closes: #123116) * Setup tigerrrc so that Tiger_DPKG_Optimize defaults to 'Y'
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 10 Dec 2001 11:34:06 +0100
tiger (2.2.4-12) unstable; urgency=high
* Fixed cronrc so CPU consuming tasks are run once a day (Closes: #122378) * Fixed check_passwd so that uids and usernames are looked for correctly (Closes: #122391) * Updated services file (Closes: #122338) * Fixed file control list (Closes: #122337) * Updated Debian Security Advisories * Provided new (untested) method to bypass DPKG in some tests through the $Tiger_DPKG_Optimize variable in tigerrc (default N) (Closes: #122678) * Changed deb_nopackfiles and deb_checkadvisories to work in optimize and non-optimize method (using grep, cut, et al in the /var/lib/dpkg area) * Fixed Debian specific scripts (==) * Fixed Linux's gen_export_sets (nobody yelled yet, but it did not work in the previous release) * Fixed deb_checkadvisories so it correctly located the list of packages (Note: takes too much time currently to finish)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 7 Dec 2001 10:12:36 +0100
tiger (2.2.4-11) unstable; urgency=medium
* Changed file_access_list for Linux so /etc/aliases can be world readable (Closes: #112159) * Fixed getuserhome command so it does not return directories beginning with ~. This fixes tiger from incorrectly guessing the ftp directory (Closes: #121800, #114008) * Fixed /var/run/utmp file permissions to follow Debian standards (Closes: #121501, #112217) * Fixed config.tbl since Debian-specific scripts were not being run. * Fixed gen_passwd_sets so it now understands MD5 passwds (Closes: #112170, #117342) * Fixed disk device checks in check_perm so that it does not complain for /dev/hd* which belong to group 'disk' (Closes: #112218) * Changed the postrm script so all files are removed on purge (Closes: #116267) * Changed MAILER from mail to sendmail so we can send 'Subject' and 'From' (Closes: #120679, #121681) * Fixed tigercron so mails get sent properly with a From line, since the information is now sent to the mailer and not to the Tiger log no mails should be sent out if they do not include useful information (tiger takes care of diffing out reports) (Closes: #114334, #113588) * Added Recommends on mail transport agent since it's used for cron reporting. * Fixed gen_export_sets for Linux so it properly warns when using Linux's /etc/exports * Added a tag in tigerrc to disable reporting when nothing important happens (Closes: #113588) * Changed check_passwd so it now says how many times uids or usernames appear repeated (Closes: #117117)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 2 Dec 2001 16:21:16 +0100
tiger (2.2.4-10) unstable; urgency=low
* Updated the Debian Security Advisories checked for. * Removed non-Linux systems (Closes: #111038) * SCRH line of findcmd is now fixed (Closes: #112216) * Fixed services file for Linux (Closes: #115031, #114033)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 2 Dec 2001 16:21:16 +0100
tiger (2.2.4-9) unstable; urgency=low
* Added From: header to the tiger cron output
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 26 Sep 2001 01:11:06 +0200
tiger (2.2.4-8) unstable; urgency=low
* Fixed tigercron so that it includes the hostname in the mail subject (Closes: #113462)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 25 Sep 2001 15:19:30 +0200
tiger (2.2.4-7) unstable; urgency=low
* Fixed script/check_rhosts so it does not warn about comments * Added some new issues in Debian systems which tiger does not check properly * Really fixed SRCH line (Closes: #112870) * Added some more info regarding false positives in Debian in the README.Debian file
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 23 Sep 2001 00:55:42 +0200
tiger (2.2.4-6) unstable; urgency=low
* Fixed Linux/2/config not being able to find SNEFRU, by adding
/usr/lib/tiger/bin to the SRCH line (Closes: #112870)
* Fixed Linux/2/config not finding CUT since it was not exported (Closes: #112871)
* Updated data from Debian Advisories from the WML sources
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 20 Sep 2001 10:46:58 +0200
tiger (2.2.4-5) unstable; urgency=low
* Fixed debian/control file (Closes: #112532)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 17 Sep 2001 18:09:35 +0200
tiger (2.2.4-4) unstable; urgency=low
* Added subjet to tiger's cron report (Closes: #112222, #112161) * Fixed mail check in order to compare against uid and not username (hopefully it will work with Debian and other Unices but I'm not sure ls -n is available there) (Closes: #112162) * Binaries now get compiled at build time * Removed ./c from Makefile * Subsituted corrupted .c files on c/ (md5.c and snefru.c) (Closes: #112216) * Modified scripts/check_know so it checks on uids and not on names (Closes: #112162)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 14 Sep 2001 20:34:30 +0200
tiger (2.2.4-3) unstable; urgency=high
* Fixed cron entry (Closes: #111795)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 10 Sep 2001 18:27:21 +0200
tiger (2.2.4-2) unstable; urgency=low
* Removed tigerrc(8) reference in manpage (Closes: #110528) * Installed tigexp in sbin (Closes: #110535) * Updated the services file for Linux with a new script that updates it from the system /etc/services. Should close some of the false positives regarding #110531
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 29 Aug 2001 16:03:29 +0200
tiger (2.2.4-1) unstable; urgency=low
* Initial Release. * Changed GROUPS variable to GROUPC since it seems to conflict with bash * Modified Makefile so it installs correctly * Provided a new check for open sockets and Debian specific checks for md5sums of installed files and package associatons of installed files.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 23 Aug 2001 15:07:16 +0200