Vulnerability Analysissecurity-auditintrusion-detectionhardeninglinuxunix

Tiger

Tiger is a set of Bourne shell scripts and C programs for security auditing and intrusion detection on Linux and Unix systems. It generates audit reports to identify ways the system's security can be compromised and supports periodic checks for deviations.

Description

TIGER, or the 'tiger' scripts, performs security audits of operating system components to detect elements that need fixing for hardening. It can run all tools at once for a comprehensive report or be scheduled periodically via cron for intrusion detection, reporting deviations via email. The Linux version includes Debian-specific checks like md5sums of installed files, stray files, and listening processes.

Most tools are independent, but some rely on external tools like John the Ripper, Chkrootkit, or integrity checkers (Tripwire, Integrit, Aide). A separate package (tiger-otheros) provides scripts for non-Linux Unix systems, enabling centralized auditing over networks like NFS. Alternatives in Debian include lynis, ossec, checksecurity, lsat, or yasat.

Tiger supports generating signatures for system binaries and can check diskless client configurations. Reports can include explanations and be formatted in HTML.

How It Works

Tiger uses Bourne shell scripts and C programs to check system components against security baselines, generating MD5 hashes and permissions for binaries. It performs checks like file integrity (md5sums), package verification, listening processes, and configuration analysis. Periodic runs via tigercron compare against baselines, detecting unauthorized changes, with reports emailed. Some checks integrate external tools for tasks like password cracking or rootkit detection.

Installation

bash

sudo apt install tiger

Flags

-vShow the Tiger version.

-tRun in test mode.

-hShow usage (this help).

-qSuppress messages to be as quiet as possible, only security messages will be shown.

-B nameSpecify the directory where tiger is installed. If not specified, '/usr/lib/tiger' is used.

-l nameSpecify the name of the directory where Tiger will write the security report. This defaults to '/var/log/tiger'.

-w nameSpecify a directory to use for creating scratch files. This defaults to '/var/lib/tiger/work'.

-b nameSpecify the directory which contains (or will contain) the binaries generated from the C modules.

-c nameSpecify an alternate name for the tigerrc control file. The default is '/etc/tiger/tigerrc'.

-eThis option will cause explanations to be inserted into the security report following each message.

-EThis option indicates that a separate explanation report should be created.

-GGenerate the signatures (MD5 hashes and file permissions) for system binary files.

-HThis option will format the report into HTML creating local links to the problem descriptions.

-SThis option indicates that a surface level check of the configuration files of any diskless clients served by this machine should be checked.

-A archSpecify an alternate architecture for tiger

-O osSpecify an alternate operating system for tiger

-R releaseSpecify an alternate operating system release for tiger

Examples

Show usage help for tiger.

tiger -h

Show the Tiger version.

tiger -v

Run tiger in quiet mode, showing only security messages.

tiger -q

Run tiger with explanations inserted into the security report.

tiger -e

Generate signatures (MD5 hashes and file permissions) for system binary files.

tiger -G

Run tiger and format the report into HTML with links to problem descriptions.

tiger -H

Run tiger and specify a custom directory for the security report.

tiger -l /custom/path

Show usage help for tigercron.

tigercron -h

Updated 2026-04-16kali.org ↗