Re: tiger output - how to interpret, how to resolve?
Craig Dickson <crdic@yahoo.com> writes:
> > I have installed tiger and am now in the process of going through its
> > warnings. Some of them I do not understand even though I looked at the
> > tigexp output.
> >
> > --WARN-- [kis008w] File "xxx" in the mail spool, owned by `0'.
> >
> > But this mail file belongs to xxx as is shown for instance by ls -l:
> > -rw-r--r-- 1 xxx mail 4201731 Oct 24 06:02 xxx
> >
> > From where does tiger get the idea that the file xxx does not belong
> > to xxx? What should I do about this message? If it is some false
> > positive of tiger, how would I stop it?
>
> Look in /etc/passwd and see what the UID of user xxx is. If it's zero,
> and xxx is not root, then that could be a problem. On a Unix-like system,
> UID 0 is root; anyone with UID 0, no matter what their name is, is root.
On my system only "root" has UID 0, xxx has a different one. Any other
suggestion?
> > 2.) # Performing check of anonymous FTP...
> > --WARN-- [ftp006w] Anonymous FTP enabled, but directory does not exist.
> >
> > I don't have any ftp server installed or even running, trying to
> > connect to my box results in:
> >
> > ftp: connect: Connection refused
> >
> > So from where does tiger get the idea that Anonymous FTP is enabled?
>
> I saw that too. I don't know. My guess is that tiger is stupid.
>
> I installed tiger a few months ago when the harden-* packages appeared.
> It started generating all sorts of complaints. Some of them made sense,
> so I resolved those issues. But there was a core group of complaints that
> made no sense and would not go away. Some of them, such as this anon-ftp
> thing, were so silly that I completely lost confidence in tiger as a
> useful tool for my system. So I got rid of tiger.
Did you replace tiger with another security auditing tool? If so, I
would be interested in hearing about this other tool and your
experiences with it.
Thanks a lot.
Andreas Gösele
Reply to: