--- tiger-3.2.2.orig/config.in +++ tiger-3.2.2/config.in @@ -133,8 +133,14 @@ # TODO: WORKDIR should be removed on exit if it is located in a temporary # directory if [ ! -d "$WORKDIR" ] ; then + case "$WORKDIR" in + /var/run/* | /tmp* | /var/tmp/* ) + mkdir -p "$WORKDIR" + ;; + *) echo "Configured working directory $WORKDIR does not exist" >&2 exit 1 + esac fi @@ -222,10 +228,11 @@ # [ -n "$RCFILE" -a -f $RCFILE ] && { + tmpf=$(tempfile) $GREP -v '^#' $RCFILE | - $SED -e 's/^\(.*\)=/export \1; \1=/' > $WORKDIR/rcfile.$$ - . $WORKDIR/rcfile.$$ - $RM -f $WORKDIR/rcfile.$$ + $SED -e 's/^\(.*\)=/export \1; \1=/' > $tmpf + . $tmpf + $RM -f $tmpf } HOSTNAME=`$GETHOSTNAME` --- tiger-3.2.2.orig/debian/README.Debian +++ tiger-3.2.2/debian/README.Debian @@ -0,0 +1,164 @@ +Tiger for Debian +---------------------- + +PLEASE NOTE: + +Some of the checks do not apply completely to Debian systems +or Debian's defaults are somewhat different. This might lead to +somethings being reported as a security issue when they really +aren't (known in the security field as 'false positives') +In some cases this might be Tiger's problem (of it being an old UNIX +auditing program) or it might be Debian's. If you feel a security report +is not appropriate to your system discuss it in the +debian-security@lists.debian.org mailing list. + +If you really think it's a BUG of Tiger, then send a bug-report +for the package (using either the 'bug' or 'reportbug' programs). +Please make sure you look at current (open) bugs at +http://bugs.debian.org/tiger + +Also, Debian might not ship the most up-to-date system signatures +for other OS (_not_ Debian GNU/Linux), please retrieve them from +http://www.net.tamu.edu/ftp/security/TAMU/tiger-sigs/ + +Changes in behavior: +-------------------- + +First of all make sure to read, understand and customize +/etc/tiger/tigerrc and /etc/tiger/cronrc to adapt to your local security +policy, as the warning on installation says "You cannot expect to tiger to work +fully to your needs without adapting it". Bugs regarding false positives +which can be fixed by the proper configuration and/or use of templates (see below) +will be set to "wishlist", even if the bug submitter thinks they are +"serious". + +All and all, Debian's Tiger works quite fine out-of-the box, even if there's +still room for improvement. + +Using Templates +............... + +Tiger in Debian can compare against "templates" when running through +a cron job. That is, you can take a given log from a previous run +(at /var/log/tiger) rename it with a ".template" instead of a ".[number]" +and place it under /etc/tiger/templates. + +Tiger checks will compare against it. That way Tiger will only report issues +when they changed from the template (if configured in /etc/tiger/tigerrc). +NOTE: Previous to 2.2.4-20 templates could be placed in /var/log/tiger, +this behaviour is preserved but templates at /etc/tiger/ are used +first if available. + +Another (less secure) method is to have Tiger only report changes from previous +runs, please note that in this setup problems will only be reported *once* +in cron jobs, regardless of importance. This is the default behavior, that +is, this will (should, at least from version 2.2.4-22 and above) work +just after installation. + +KNOWN ISSUES +------------- +(these are *not* BUGS) + +- shells on Debian default users. PENDING discussion on debian-security, in +any case it should check if the services are enabled (i.e. the user is useful +here). Maybe Debian policy could ask for ids in /etc/passwd disabled +with /dev/null as shell and enable them when services are installed? (CHANGE +script/check_accounts) + + +- Debian specific checks take quite some time to finish, I have changed the +Cron job to do this only once in a day, and you can optimize the check by +changing the $Tiger_DPKG_Optimize variable in /etc/tiger. In any case +finding packages in Debian takes quite some time... (due to the *very* +large package list) + +Known BUGS in Debian systems: +---------------------------- +(please check bugs.debian.org/tiger also) + +- Debian's /etc/services definition leads to false positives due +to ports being repeated in there. In order to remove them see +the "Using templates" above. This cannot be completely fixed without +extensive revision of the check_services file ("the a3fs vs ircd bug"). + +- signature files are replaced with installed md5sums in /var/lib/ +Tiger could be distributed with predefined signatures (BTW, signatures +should depend on distribution and not on kernel, oh well...) + +- Tiger does not seem to look for CRACK before doing password testing +(this package should Depend: on some password cracker, but note that +the 'john' package already can do password testing run by cron). The +test is disabled from cronrc but it will still give some erros when +the full report is run (using 'tiger') + +- incorrect reports for /etc/cron.hourly (does not exist) + +- should not check /proc dir when checking for tests (this is a virtual dir) + +TODO +---- + +- Possible new checks: + . check all files and see if they are of the same user/group as their root dir + . look for files with no uid in /etc/passwd and gid in /etc/group + +- The Debian security group could update signature files for binaries which + are in the Debian stable release and have been found vulnerable (packages + in stable-updates) so that Tiger can (if not online) check a Debian system + and tell the administrator he *must* upgrade them from security.debian.org + For an example look at information on doc/signatures. Tigexp is very useful + here and could be very informative. + +- (Nice feature) Provide internationalisation support. + +- Compare against checks introduces in TITAN an re-code those that are + appropriate for Tiger (almost all) + (NOTE: I have added some checks, however TITAN seems to not that much + good work - Linux version - after all) + + +TESTING +------- + + . Check for files not in /usr/local and /home + not owned by any package (easy with dpkg -S) (Note: Currently looks only + in binary paths /bin /usr/bin... not in all the filesystem) + . Check for md5sums of files installed by packages by looking into + /var/lib/dpkg/info/*md5sums. The check currently does not include + /usr/share/doc. Should it check /usr/share/locale, and /etc or should they + be removed too? + BTW, I coded it after knowing about debsums which seems to run a bit faster. + (maybe debsums code should be included here or used if it exists) + . users in Debian are assigned to a group and are umask 022 by default + (should not warn due to some files in home having group read if no other + user is in the group). CHANGED script/check_accounts + +DONE +---- + + . Check for non-running processes (a simple software watchdog) + . Check for open TCP/IP sockets and warn when user running the socket is + not root, otherwise inform on open sockets. Works with lsof and netstat + (since its not Debian specific it has been renamed to deb_) + . Check of security advisories taken from the WWW webml sources. The + package version is checked against the one in the advisory. Some checks are + very redundant since users should not have packages older than the released + ones, oh well... + . Understand Linux NFS exports file + + +Known FIXED BUGS: +---------------- +- md5.c is corrupted by default the Tiger binaries will not be recompiled +each time (BTW, IMHO this is not a good idea anyway). Fetched original sources +and replaced them. + +- rhosts # accepted (FIXED scripts/check_rhosts) + +- Tiger now understands and will not give false warnings when "localepurge" has +been installed and a lot of files removed (FIXED scripts/Linux/2/deb_checkmd5sums) + +-- Javier Fernandez-Sanguino Pea +Last updated: Wed, 12 Jun 2002 00:08:59 +0200 + + --- tiger-3.2.2.orig/debian/TODO.Debian +++ tiger-3.2.2/debian/TODO.Debian @@ -0,0 +1,40 @@ + +TODO stuff for Debian's tiger: + +- Make the cron configuration selectable by the user (make it possible to + switch it on/off through Debconf), see #349391 + +- Make the tigercron script print information on when checks where started / + stopped, see #338664 + +- Make Source package=tara and upgrade to 2.4. + ISSUE: tara package did not include properly the Debian directories + and stuff, diff might get garbled (new files were placed in the / directory, + how were the sources patched?) + +- Get access to the ARSC patch (send an email to developers) since the + CHANGES.ARSC details patches that have not (yet) been included in the + package. I could derive some from the description but only a few. + +- Write a manpage for tigerrc + +- Make a transition from templates at /var/log/tiger to /etc/tiger/templates + +- Provide templates for known false positives in tiger + +- Consider providing scripts in new packages + for the different OS (AIX, HP-UX...) so that a Debian system can be used + for host-scanning different OS + ISSUE: provide the compiled C programs for those target platforms + +- Add new scripts based on TITAN's which is, unfortunately, + non-free (even if it is so for a good cause). + +- Add a checklist based on scripts to be used for host hardening. + +- Translate some checks into Bastille plugins + +DONE (previous TODO) + +- Checkout all the changes made by the Tara team, including improved + scripts and fixes for some platforms --- tiger-3.2.2.orig/debian/changelog +++ tiger-3.2.2/debian/changelog @@ -0,0 +1,1239 @@ +tiger (1:3.2.2-1ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/dirs, debian/postrm, debian/rules: + + Use /var/lib/tiger/work instead of /var/run/tiger/work as the default + work directory. + + Clean directories correctly when purging. + - debian/config.in: + + Auto-create the work directory if it's in /var/run, /tmp, + or /var/tmp. + + Use temporary file instead of hardcoded rcfile for temporary work. + - debian/control: + + Set Maintainer fields. + * Sync debian/po/pt.po with Debians as they are the same. + + -- Kenneth Drake Wed, 21 Nov 2007 19:14:44 +0000 + +tiger (1:3.2.2-1) unstable; urgency=low + + * New upstream release + * Remove debian/ dir from upstream's tarball to prevent FTBFS + (Closes: #450479) + * Fix scripts: + - scripts/check_crontabs, scripts/check_apache, scripts/check_xinetd: + Change message calls so that they can be filtered (Closes: #411534) + - scripts/check_apache: Fix the way the configuration file is handled + to obtain the IP address and port (Closes: 436904) + - systems/Linux/2/gen_cron: Handles properly the case when the special + @daily,@reboot, etc. definitions are used instead of real times. Also + fix bug deailing with variables in crontab contents (Closes: 418440) + * Add 'fuse' to the list of valid filesystems (Closes: #449439) + * Add Dependency on bsdmainutils to get the COLUMN command (Closes: 448975) + * Add Portuguese translation, thanks LuA-sa LourenAo (Closes: 440372) + * Modify update-advisories to skip directories with 'data' in the name + * Update the advisories list + + -- Javier Fernandez-Sanguino Pen~a Thu, 08 Nov 2007 02:20:09 +0100 + +tiger (1:3.2.1-38) unstable; urgency=low + + * systems/Linux/2/gen_mounts, vmblock is now recognised as a non-local FS. + + -- Javier Fernandez-Sanguino Pen~a Wed, 27 Jun 2007 00:46:54 +0200 + +tiger (1:3.2.1-37ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable, remaining changes: + - Move the default work directory to /var/lib/tiger/work. + - Auto-create the work directory if it's in /var/run, /tmp, or /var/tmp. + - Clean directories correctly when purging. + - Update maintainer in field debian/control. + + -- Michele Angrisano Sun, 01 Jul 2007 19:32:18 +0200 + +tiger (1:3.2.1-37) unstable; urgency=low + + * systems/Linux/2/check_rcumask: Fix syntax error (Closes: #430224) + + -- Javier Fernandez-Sanguino Pen~a Sat, 23 Jun 2007 15:52:58 +0200 + +tiger (1:3.2.1-36ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - Auto-create the work directory if it's in /var/run, /tmp, or /var/tmp + - Move the default work directory to /var/lib/tiger/work. + - Clean directories correctly when purging. + - Modify Maintainer value to match Debian-Maintainer-Field Spec + + -- Andrea Veri Fri, 22 Jun 2007 11:33:20 +0200 + +tiger (1:3.2.1-36) unstable; urgency=low + + * Fix the location of Tiger's default file (Closes: #426182) + * Updated the Debian advisories listing (as of today, latest DSA is 1316) + * Changed the maintainer's email address + * system/Linux/2/check_lilo: run the boot loader check if on amd64 (Closes: #412669) + * system/Linux/2/deb_checkmd5sums: Fix the script so that it understands + properly the "new" md5sum format (Closes: #412822) + * Add new suid files to the list of SUIDs at system/Linux/2/suid_list + (Closes: #417330) + * scripts/check_devices: Extend the list of EXPECTEDDIRS for Linux to cover + udev-specific dirs (Closes: #417940, #420488) + * systems/Linux/2/check_rcumask: Skip comment lines defining umask + (Closes: 418531) + * scripts/check_ftpusers: Skip this check if there is no FTP daemon + installed (Closes: #420486) + * scripts/check_printcap: Skip this test if CUPS is installed + (Closes: #420487) + * system/Linux/2/gen_mounts: Added fusectl to the local filesystems + (Closes: #409386) + * Debconf translations: + - Included Dutch translation provided by Bart Cornelis (Closes: #414768) + - Included Portuguese translation provided by Luísa Lourenço (Closes: #415534) + + -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jun 2007 01:04:17 +0200 + +tiger (1:3.2.1-35ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - Auto-create the work directory if it's in /var/run, /tmp, or /var/tmp + - Move the default work directory to /var/lib/tiger/work. + - See launchpad bug #44329 + - Clean directories correctly when purging. + + + -- Stephan Hermann Thu, 21 Dec 2006 17:10:03 +0100 + +tiger (1:3.2.1-35) unstable; urgency=low + + * [scripts/check_rootkit] + Send stderr output of chkrootkit to /dev/null to avoid the 'warning, got + bogus unix line' messages that netstat might output (Closes: #223847) + * Update advisories + + -- Javier Fernandez-Sanguino Pen~a Thu, 30 Nov 2006 21:42:23 +0100 + +tiger (1:3.2.1-34) unstable; urgency=low + + * Linux/2/gen_mounts - Added selinuxfs to local FS (Closes: #397832) + * scripts/check_accounts - Redirect find errors in home directories + to /dev/null, prevents root being sent errors when using NFS mounted + home directories with root_squash. Thanks to Matus Harvan for the + patch (Closes: #386163) + * Update Debian advisories lists. + + -- Javier Fernandez-Sanguino Pen~a Fri, 10 Nov 2006 16:01:21 +0100 + +tiger (1:3.2.1-33) unstable; urgency=low + + * Fix typo in check_rootkit script, thanks to Michael Cihar (Closes: #385475) + + -- Javier Fernandez-Sanguino Pen~a Thu, 31 Aug 2006 23:04:43 +0200 + +tiger (1:3.2.1-32) unstable; urgency=low + + * Modify config so that it will attempt to create a working directory if + it does not exist (Closes: #366919) + * [scripts/check_rootkit] Introduce Tiger_CHKROOTKIT_ARGS so that + admins can ajust the behaviour of CHKROOTKIT (defaults to '-q') + (Closes: #320341) + * Include output of chkrootkit when a file is INFECTED (Closes: #277533) + + -- Javier Fernandez-Sanguino Pen~a Wed, 30 Aug 2006 14:13:42 +0200 + +tiger (1:3.2.1-31ubuntu1) edgy; urgency=low + + * Auto-create the work directory if it's in /var/run, /tmp, or /var/tmp + * Move the default work directory to /var/lib/tiger/work. + - See launchpad bug #44329 + * Clean directories correctly when purging. + + -- Matthias Urlichs Wed, 30 Aug 2006 09:27:31 +0200 + +tiger (1:3.2.1-31) unstable; urgency=low + + * systems/Linux/2/deb_checkmd5sums: Fix Ubuntu bug 50611 by excluding dev/ + and lib/udev/devices/ from the md5sum test, thanks to Richard Laager + for the patch (Closes: #383400) + * systems/Linux/2/check_neverlogin: handle users prepended with domains + (DOMAIN\user) properly (Closes: #344890) + * Update advisories from Debian as of today. + * Simplify dependencies (just use coreutils) (Closes: #368713) + + -- Javier Fernandez-Sanguino Pen~a Thu, 17 Aug 2006 07:51:17 +0200 + +tiger (1:3.2.1-30) unstable; urgency=low + + * Fix deb_nopackfiles to kip directories that are symbolic links, this + happens with /usr/X11R6/bin as the latest Xorg package versions just + symlink this to /usr/bin/ (Closes: #367931, #373790) + * Fix deprecated syntax with sort that made the cron job spout warnings. + Thanks to Cyril Chaboisseau and Adam James for providing a patch + (Closes: #369501) + * Fix check_listeningprocs to prevent it from botching when udp6 services + are up (Closes: #375165) + * Updated information of DSAs (should someday include information based + on the DTSA archive but I'd rather use OVAL...) + * Add some more TODOs + + -- Javier Fernandez-Sanguino Pen~a Wed, 5 Jul 2006 02:30:25 +0200 + +tiger (1:3.2.1-29) unstable; urgency=low + + * Fix check_accounts to properly review the contents of .forward files. + Thanks to Rainer Schopf for the fix (Closes: #329610) + * Added cifs to the non local filesystems in gen_mounts (Closes: #329813) + * Use TAIL in Linux scripts conforming to POSIX 1003.2-1992 (Closes: #339090) + * check_accounts: Add quotation marks to Tiger_Admin_Accounts to prevent + errors if empty (Closes: #342181) + * check_devices: Handle the special case of having " in filenames by + quoting the character (Closes: #355096) + * Nice Tigercron by default, users wishing to change the nice can adjust + it in /etc/default/tiger (Closes: #334186, #325257, #339655) + * Disable signature checks in the default tigerrc since those provided are + not updated, debsums is prefered in Debian (Closes: #327486) + * Update the list of advisories in debian_advisories + * Debconf translations: + - Added Vietnamese translation provided by Clytie Siddall (Closes: #322301) + - Added Swedish translation provided by Daniel Nylander (Closes: #343731) + * Use debhelper compatibility version 4 (it was about time!) + * Lintian fix: eliminate duplicate Recommends/Depends on binutils + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Apr 2006 23:05:48 +0200 + +tiger (1:3.2.1-28) unstable; urgency=low + + * Added a dependency on "| debconf-2.0" as requested by Joey Hess + * Use Debhelper compatibility version 4 + * Updated to latest CVS code: + - gen_passwd_sets: Create a src file if using LDAP (Closes: #319815) + + -- Javier Fernandez-Sanguino Pen~a Thu, 4 Aug 2005 19:16:22 +0200 + +tiger (1:3.2.1-27) unstable; urgency=low + + * Updated to latest CVS code, with some new fixes and patches including: + - check_accounts: Check for null $uids before using them in comparisons + (Closes: #312080) + - check_runprocs: Use comm instead of fname (Closes: #308486) + - Linux/gen_mounts: Changed extraction from mount command + so it can cope with whitespaces in mount locations, added sanity + check and fix a bug that mangled $fs (Closes: #315435) + - Makefile.in: install files needed to run tiger -G (Closes: #319468) + * German translation update of debconf templates provided by Erik Schanze + (Closes: #311857) + * Updated to latest batch of Debian advisories + + -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jul 2005 16:50:33 +0200 + +tiger (1:3.2.1-26) unstable; urgency=low + + * Updated to latest CVS code, with some new fixes and patches including: + - check_listeningprocs (generic and Linux versions): Proper check for + processes in loopback (Closes: #307695) + - Linux/check_passwdspec: Better fix for pwd=! (Closes #308141) + - Linux/deb_checkmd5sums: Prevent issues with /usr/bin/[ by adjusting + GREP calls (Closes #305484) + - Linux/gen_mounts: Added auto, udev when using on /dev, + capifs and nfsd. (Closes: #305670 #307802 #307887 #308585) + Note to self: Bug mount manpages since none of these are listed + there... + - Linux/gen_passwd: Add LDAP password support with patch provided by Micha + Kersloot (Closes: #307505) + - Documentation improvements (README.Sources and TODO) + + -- Javier Fernandez-Sanguino Pen~a Sat, 14 May 2005 12:52:09 +0200 + +tiger (1:3.2.1-25) unstable; urgency=low + + * Updated to latest CVS code: + - Add afs as a non-local filesystem, and auto as a local filesystem + (Closes: #305670) + - Improve manpage wording + * Provide a default value for Tiger_Running_Procs instead of leaving + it empty + + -- Javier Fernandez-Sanguino Pen~a Thu, 21 Apr 2005 20:09:45 +0200 + +tiger (1:3.2.1-24) unstable; urgency=medium + + * Updated to CVS code: + - Fixed Linux/2/gen_mounts code which broke with the patches + implemented before the previous upload. + + -- Javier Fernandez-Sanguino Pen~a Mon, 18 Apr 2005 18:23:30 +0200 + +tiger (1:3.2.1-23) unstable; urgency=low + + * Updated to CVS code, this changes: + - gen_mounts now considers valid and non-local many more filesystems + (as described in mount(5)) including devfs (Closes: #304956, #304555, + #304557) + - check_listeningprocs will now check against both fname and comm and + strips the arguments of the command (this is an improvement over the + fix done in #288086) + - check_network_config properly checks ICMP redirects and the message + generation is fixed now it also now checks for local iptables rules + (Closes: #304957) + - several typo fixes in doc/linux.txt + * Updated DSA listing + + -- Javier Fernandez-Sanguino Pen~a Sat, 16 Apr 2005 22:19:50 +0200 + +tiger (1:3.2.1-22) unstable; urgency=low + + * Added some more valid but non-local filesystems ('none', 'binfmt_misc', + 'autofs') to gen_mounts (Closes: #302646) + + -- Javier Fernandez-Sanguino Pen~a Sat, 2 Apr 2005 13:07:07 +0200 + +tiger (1:3.2.1-21) unstable; urgency=low + + * Added the sysfs as a valid (local, but not reviewed) filesystem + (Closes: #302612) + + -- Javier Fernandez-Sanguino Pen~a Sat, 2 Apr 2005 01:52:34 +0200 + +tiger (1:3.2.1-20) unstable; urgency=low + + * Upgraded to latest CVS sources: + - Depend on binutils (Closes: #301451) + - (check_rootdir) Do not warn on the inode if the root filesystem is not + ext2|3 (Closes: #298305) + - (check_runprocs) Use comm instead of fname so that the names of the + processes are not truncated (Closes: #288086) + - (check_lilo) Only run if running on the x86 architecture (Closes: #288737) + - (check_single) Only run if running on the x86 architecture (Closes: #288737) + - (check_passwdspec) Fixed password aging check. Separate all checks + so that they prevent bugs if pwd="!" (Closes: #297889) + - (deb_checkmd5sums) Do not warn if the md5 file is not present in the + list file (Closes: #299935) + - (deb_nopackfiles) Remove uneeded {} (Closes: #297889) + - Also fixes a number of documentation typos fixed by Nicolas Francois + * Updated advisories + + -- Javier Fernandez-Sanguino Pen~a Thu, 31 Mar 2005 17:14:50 +0200 + +tiger (1:3.2.1-19) unstable; urgency=low + + * tigercron + - Fixed invalid From: header based on Robert Loomans' patch. This bug + was introduced by the previous release. (Closes: #287780) + + -- Javier Fernandez-Sanguino Pen~a Thu, 30 Dec 2004 09:00:19 +0100 + +tiger (1:3.2.1-18) unstable; urgency=low + + * systems/Linux/2/check_lilo: + - Fixed grub.conf naming (Closes: #286641) + * scripts/check_passwd: + - Delete temporary passwd files only on exit (Closes: #284899) + * debian/server.ignore: + - Added a sample ignore line for users accessing a remote server + with X11Forwarding set to 'on' (Closes: #284220) + * scripts/check_passwdformat: + - Maximum user and group length set to 32 (Closes: #283446) + (probably needs to be moved to systems/Linux/2/ since it's + Debian-specific) + * tigercron, tigerrc: + - Added Tiger_Mail_FROM feature (Closes: #243517) + * Disabling signature checks since they cannot be relied on (use + Tripwire, Aide, Samhain, Integrit, bsign or any other intecrity checker + instead), moreover deb_checkmd5sums already does it for Debian... + (Closes: #274625) + * Added Czech debconf translation provided by Miroslav Kure (Closes: #287301) + + -- Javier Fernandez-Sanguino Pen~a Mon, 27 Dec 2004 19:18:53 +0100 + +tiger (1:3.2.1-17) unstable; urgency=low + + * Quoted homedir uses in check_rhosts and check_netrc (Closes: #282211) + + -- Javier Fernandez-Sanguino Pen~a Sun, 21 Nov 2004 11:56:57 +0100 + +tiger (1:3.2.1-16) unstable; urgency=low + + * Updated advisories + * Fixed gen_group_sets to work properly in NIS environments for Linux + and Tru64 (Closes: #281608) + * Fixed eval in check_accounts so that find is _only_ executed for users + which are not part of Tiger_Admin_Accounts, this prevents Tiger from + going and using remote filesystems (i.e. /var/autofs/ because in + Debian 'operator' has /var as his home dir). It also should speed + up this check a lot. This shows why Tiger_Admin_Accounts is a bad + idea and Tiger_Accounts_Trust should be used instead (or add a + Tiger_Accounts_Admin) (Closes: #280653, #280654) + + -- Javier Fernandez-Sanguino Pen~a Wed, 17 Nov 2004 15:15:21 +0100 + +tiger (1:3.2.1-15) unstable; urgency=low + + * Lintian fixes: + - Updated Standards-Version + - Removed cvs conflict copy files + - Changelog is now UTF-8 + * Use C locales to avoid scripts/check_system from breaking up (Close: #270108) + * deb_checkmd5sums's regexep now excludes usr/share/doc/ (Closes: #264111) + + -- Javier Fernandez-Sanguino Pen~a Mon, 13 Sep 2004 11:12:08 +0200 + +tiger (1:3.2.1-14) unstable; urgency=low + + [ as suggested by Tilman Koschnick ] + * Allow delete() to remove files from LOGDIR so that reports generated + by tiger -e are removed proplerly (Closes: #262523) + * Symlink /usr/lib/tiger/tigexp to /sbin/tigexp so that tiger -e works + (Closes: #262518) + + -- Javier Fernandez-Sanguino Pen~a Sun, 1 Aug 2004 18:19:18 +0200 + +tiger (1:3.2.1-13) unstable; urgency=low + + * Updated to CVS changes which fix a problem in the gen_passwd_sets + script which would make duplicates appear in the passwd files. + Thus generating a lot of false positives (in the check_passwd script) + Also removes some other duplicates in the check_passwdformat script + and updates the Debian advisories listing. + + -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jun 2004 21:25:27 +0200 + +tiger (1:3.2.1-12) unstable; urgency=low + + * Updated to latest CVS code fixing: + - [check_known] Do not call LS directly with all files but use a for loop + (Closes: #246600) + - [deb_nopackfiles] Made the dirlist variable so that directories which + do not exist are not checked for (Closes: #254574) + + -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jun 2004 13:58:24 +0200 + +tiger (1:3.2.1-11) unstable; urgency=low + + * Updated to latest CVS code which fixes: + - [check_accounts] Try to avoid eval problems if user/shells/directories + contain non-empty (but invalid) characters (such as space) + (Similar changes in some other scripts to avoid breakage in similar + situations) + (Closes: #246987) + - [check_passwd] Define Tiger_Passwd_Hashes if not defined + (Closes: #246885) + - [deb_checkmd5sums] Fixed patch provided by Chung-chieh Shan + (Closes: #234811) + + * Remove check_finddeleted from the default configuration since it + is prone to a lot of false positives, also, it depends on LSOF + (which is only recommended). I will reenable this sometime in + the future and (maybe) provide a Debian-specific script to just + monitor for daemons that are using outdated libraries + (Closes: #249331) + * Send filesystem scans error output to /dev/null (need to fix this + in scripts/find_files by not following symbolic links that point + nowhere, this is an interim fix) + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 May 2004 09:31:23 +0200 + +tiger (1:3.2.1-10) unstable; urgency=low + + * Removed evals from tigerrc and make proper sourcing in + Tiger_PATH_OK_Group_Write (Closes: #236419) + + -- Javier Fernandez-Sanguino Pen~a Sat, 6 Mar 2004 11:00:55 +0100 + +tiger (1:3.2.1-9) unstable; urgency=medium + + * Added Danish debconf translation (Closes: #235066) + * Fixed errors in check_finddeleted (Closes: #235951) + * Added some more common servers to the server.ignore example + * Fix error in deb_checkmd5sums with patch from Chung-chieh Shan + which avoids failure on packages whose names contain "." (Closes: #234811) + * Minor change in check_passwd to detect if no shell is defined for + a given user (as suggested by raoul bhatia) + + -- Javier Fernandez-Sanguino Pen~a Wed, 3 Mar 2004 13:13:05 +0100 + +tiger (1:3.2.1-8) unstable; urgency=low + + * check_rcumask: Proper warning if no umask settings are defined + (Closes: #234661) + + -- Javier Fernandez-Sanguino Pen~a Wed, 25 Feb 2004 20:39:16 +0100 + +tiger (1:3.2.1-7) unstable; urgency=low + + * Updated from CVS which includes a number of improvements including + the following (relevant to Debian bugs): + - Added more information on check_finddeleted regarding + how to use it and remove spurious errors. This script + will not give false positives any longer on some special + characterr) files like /dev/console or /dev/null and has + reduced its output to something more managable (there is + only one message per deleted file now) + (Closes: #232704,#231148, #225112) + - Fixed password definitions adding the 'g-Z' 'A-Z' and + '.' sets (Closes: #227596) + - Many scripts now controls YPCAT errors to printing errors in + hosts that are not properly configured. + (i.e. nsswitch.conf is defined to use NIS but there's no NIS + host) Errors are redirected to /dev/null when YPCAT is not + required as many systems do not include it, specially in Debian. + (Closes: #225910) + - Check_crontab will only warn if neither cron.allow + or cron.deny exist (Debian bug #226362) + * Default cronrc no longer runs check_finddeleted as often since it's + prone to false positives (even if it can be customised through the + ignore mechanism, see /usr/share/doc/tiger/examples/server.ignore) + * Added French template translation provided by Christian Perrier + (Closes: #226883, #224700) + * Fully translated the spanish template. + * Updated to include latest Debian advisories. + * debian/rules now uses mandir (/usr/share/man/) in configure call. + + -- Javier Fernandez-Sanguino Pen~a Tue, 24 Feb 2004 21:21:19 +0100 + +tiger (1:3.2.1-6) unstable; urgency=low + + * The cron.d taks will only run if tigercron is executable, this avoids + cron.d from running tiger if it has been removed but not purged + (thanks to Thomas Lange for noticing this mistake) + * Included patch from Nicholas François which makes Tiger not warn + on manpage files purged through localepurge (Closes: #219728) + * Added To: line in tigercron (Closes: #218363) + * Added Japanese translation contributed by Hideki Yamane (Closes: #224185) + + -- Javier Fernandez-Sanguino Pen~a Sat, 20 Dec 2003 13:49:38 +0100 + +tiger (1:3.2.1-5) unstable; urgency=low + + * Updated from CVS to fix reported bugs: + * fixed typo in check_lilo (Closes: #221470) + * This update also provides a number of fixes/enhancements which + will be available in the next release: + * check_crontabs adds more information in messages + * check_inetd does not report the services as not protected if + TCP wrappers are undefined + * per interface promiscuous detection with 'ip' for more accurate + results in check_known + * check_passwd message fix + * shadow password check is no longer in check_passwdformat (move to + account checks) + * check_rootdir checks ownership + * check_services will not misreport for services not defined + * check_ssh needs to run through bash + * check_xinetd fixes syntax error + * YP -> YPCAT in all operating systems + * Proper definitions for AIX + * HPUX fixes + * Tiger now runs check_xinetd or check_inetd depending on which + configuration file is available. + + -- Javier Fernandez-Sanguino Pen~a Sat, 6 Dec 2003 22:10:02 +0100 + +tiger (1:3.2.1-4) unstable; urgency=low + + * Updated from CVS sources to fix reported bugs + * Updated check_root so mesg check is not done when running + in cron (Closes: #218056, #220924) + * Updated check_lilo now locates grub file properly (Closes: #218771) + * Updated check_passwd fixes syntax error (Closes: #219086) + * deb_checkmd5sums detect local diversions and avoid problems with + duplicate conffiles (Closes: #219727, #220325) + * check_release fixed typeset bashism (Closes: #219764) + * deb_checkmd5sums now uses -F to avoid warning on /usr/bin/[ + (Closes: #220946) + * config add sendmail_cf location + * Updated advisories list. + + -- Javier Fernandez-Sanguino Pen~a Sun, 16 Nov 2003 13:10:08 +0100 + +tiger (1:3.2.1-3) unstable; urgency=low + + * Updated from CVS sources to latest Tiger changes including: + - Check_rootkit no longer complains if chkrootkit is not installed + (Closes: #215885) + - Fixes check_network_config return values (Closes: #215891) + - Fixes inittab's false positives (Closes: #215872) + - Fixes bashisms ini scripts (Closes: #215896) + - Fixes initdefs delete() in order for check_chkrootkit removal to work + properly (Closes: #215882) + * Debian/rules now sets SHELL=/bin/bash (Closes: #198856) + * Updated to latest advisories + * Now depends also on coreutils (X | corerutils) (Closes: #215487) + * Added device baseline to debian.ignore (Closes: #194956) + * Removed check_sendmail from check.tbl so that it does not get run by + check_system (Closes: #2158739) + + -- Javier Fernandez-Sanguino Pen~a Sun, 19 Oct 2003 23:56:50 +0200 + +tiger (1:3.2.1-2) unstable; urgency=low + + * The "Happy Birthday! (to me)" Release, now uploaded to unstable. + * New upstream version, which includes is fully integrated with + TARA 3.0.3 and provides quite a number of bugfixes, checks and new + documentation. + * Changes relevant to reported Debian bugs include: + - Adds support for diversions and conffiles in deb_checkmd5sums + (Closes: #211329, #162589) + - Provides documentation for check_logfiles (Closes: #195192) + - Adds support for HP-UX in several scripts (Closes: #195200, #197220) + - Changes gen_passwd_sets under Linux to identify des or md5 + (Closes: #197221) + - Removes debug messages from check_rootdir (Closes: #197219) + - Added tigercron.8 manpage (Closes: #148291) + - OS-specific scripts are run before generic ones, since the Linux + version of check_listeningprocs is different than the generic one + it will be prefered and run (Closes: #200778) + - Deb_nopackfiles no longer uses long arguments in the grep call + and has been speed-optimized (Closes: #201577) + - Deb_nopackfiles also now sends FIND errors to void since they + are not used and might confuse users who do not have X + installed (Closes: #207904) + - check_path now uses -L to follow symlinks (Closes: #161993) + - Adds new password check for empty passwords (Closes: #197228) + - Fixed typo in accounts.txt spotted by Philipp Weis (Closes: #211793) + - check_passwdformat provides an improved message and allows daemon + in uid 1 (Closes: #211328) + - also, check_passwdformat now will not warn on lenght issues for + locked users. (Closes: #211327) + * Added -XMacOSX to exclude the new OS provided upstream. + * Modified debian/rules to move the MacOSX and Tru64 directories to + tiger-otheros + * Added patch for new po-debconf format (Closes: #186800) + * (but changed it so that the 'root' user is not translatable) + * Updated to latest Debian advisories. + * Forced to start using epochs due to how I messed the experimental + packages (3.2.1rcX > 3.2.1!) + + -- Javier Fernandez-Sanguino Pen~a Fri, 10 Oct 2003 19:19:36 +0200 + +tiger (3.2.1-1) experimental; urgency=low + + * New upstream version, which includes is fully integrated with + TARA 3.0.3 and provides quite a number of bugfixes, checks and new + documentation. + * Changes relevant to reported Debian bugs include: + - Adds support for diversions and conffiles in deb_checkmd5sums + (Closes: #211329, #162589) + - Provides documentation for check_logfiles (Closes: #195192) + - Adds support for HP-UX in several scripts (Closes: #195200, #197220) + - Changes gen_passwd_sets under Linux to identify des or md5 + (Closes: #197221) + - Removes debug messages from check_rootdir (Closes: #197219) + - Added tigercron.8 manpage (Closes: #148291) + - OS-specific scripts are run before generic ones, since the Linux + version of check_listeningprocs is different than the generic one + it will be prefered and run (Closes: #200778) + - Deb_nopackfiles no longer uses long arguments in the grep call + and has been speed-optimized (Closes: #201577) + - Deb_nopackfiles also now sends FIND errors to void since they + are not used and might confuse users who do not have X + installed (Closes: #207904) + - check_path now uses -L to follow symlinks (Closes: #161993) + - Adds new password check for empty passwords (Closes: #197228) + * Added -XMacOSX to exclude the new OS provided upstream. + * Added patch for new po-debconf format (Closes: #186800) + + -- Javier Fernandez-Sanguino Pen~a Fri, 19 Sep 2003 02:33:00 +0200 + +tiger (3.2-4) unstable; urgency=low + + * Updated to latest debian advisories + * Modified postinst so it does not break when a user enters an e-mail + address which includes a @ by using sed instead of Perl (Closes: #194955) + * Included a check to only ask the debconf tiger/mess question if + there is any cruft from previous versions. + * Fixed check_logfiles including some of the things provided by Ryan + Bradetich and some other fixes to make it output less false positives + on Debian GNU/Linux (Closes: #195199) + * Fixed regular expression in Linux's config to support some older versions + of fileutils (Closes: #197218) + + -- Javier Fernandez-Sanguino Pen~a Fri, 20 Jun 2003 21:16:02 +0200 + +tiger (3.2-3) unstable; urgency=low + + * Modified util/difflogs to sort files in order to not report + spurious differentes. + * Fixed tigercron (again), since the previous fix was not done + ok. + + -- Javier Fernandez-Sanguino Pen~a Mon, 12 May 2003 22:52:15 +0200 + +tiger (3.2-2) unstable; urgency=low + + * Fix tigercron which was broken upstream (when the echo + was removed). This broke the IDS functionality since + tigercron never checked for changes! + + -- Javier Fernandez-Sanguino Pen~a Sun, 11 May 2003 21:26:04 +0200 + +tiger (3.2-1) unstable; urgency=low + + * New upstream version + - False positives in services fixed (Closes: #132278) + - Check_exports produces proper output (Closes: #162453) + - Checks have been separated, now each check file prints it's + comment (Closes: #165766) + - Using the new ignore mechanism (better than the differential + mechanism) this package now provides a baseline for Debian GNU/Linux, + hopefully this will make Matt test again this package :-) + (Closes: #164308, #172375) + - The new ignore mechanism can now be used to avoid false positives, + please customize as needed and read the notes on the + check_listeningprocs script (Closes: #136991) + - Tigexp now gets modified by the Makefile (Closes: #189864) + * Fixed dh_make boilerplate + * Changed debian/rules to 'mv' the systems to tiger-otheros + * Added tiger.ignore to conffiles + * Modified Makefile so that it installs scripts with proper (fixed) + permissions + * Updated Debian advisories (with update-advisories) + * Fixed syntax error in check_issue (thanks to lintian!) + * Added logo to the docs (!) + * Fixed error in IRIX script + + -- Javier Fernandez-Sanguino Pen~a Sat, 10 May 2003 00:47:51 +0200 + +tiger (3.2rc3-3) experimental; urgency=low + + * Added -q option to be used when running tigercron + + -- Javier Fernandez-Sanguino Pen~a Sat, 26 Apr 2003 13:41:35 +0200 + +tiger (3.2rc3-2) experimental; urgency=low + + * Fixed cron to tigercon in the cron.d file + + -- Javier Fernandez-Sanguino Pen~a Wed, 23 Apr 2003 22:02:07 +0200 + +tiger (3.2rc3-1) experimental; urgency=low + + * New release candidate. + + -- Javier Fernandez-Sanguino Pen~a Wed, 23 Apr 2003 13:30:32 +0200 + +tiger (3.2rc2-1) experimental; urgency=low + + * Experimental version, fixes bugs but might introduce new ones. + + -- Javier Fernandez-Sanguino Pen~a Mon, 21 Apr 2003 17:57:40 +0200 + +tiger (3.2rc1-1) experimental; urgency=low + * New upstream version + - False positives in services fixed (Closes: #132278) + - Check_exports produces proper output (Closes: #162453) + - Checks have been separated, now each check file prints it's + comment (Closes: #165766) + - Using the new ignore mechanism (better than the differential + mechanism) this package now provides a baseline for Debian GNU/Linux, + hopefully this will make Matt test again this package :-) + (Closes: #164308, #172375) + - The new ignore mechanism can now be used to avoid false positives, + please customize as needed and read the notes on the + check_listeningprocs script (Closes: #136991) + - Tigexp now gets modified by the Makefile (Closes: #189864) + + -- Javier Fernandez-Sanguino Pen~a Wed, 16 Apr 2003 00:29:45 +0200 + +tiger (3.1-5) unstable; urgency=low + + * Included some of the changes that will be in the next Tiger release + * Config now sets the locale to POSIX (just in case it breaks some tests) + * Check_listeningprocs now works with multiple program names (Closes: #164898) + * Recovered the fixes from 3.0-2 which has made an old bug surface + (Closes: #164307, #166176, #166744) + * Updated to latest advisories + * Removed debugging output from systems/Linux/2/check_neverlogin + + -- Javier Fernandez-Sanguino Pen~a Mon, 28 Oct 2002 17:51:03 +0100 + +tiger (3.1-4) unstable; urgency=medium + + * Fixed LOGDIR in tigercron.in which was making templates not work. + * Remove all the /var/log/tiger* files.. sorry for the mess :( + * Added a new configuration note in order to ask the user for the + removal of the previous files instead of removing them without asking. + + -- Javier Fernandez-Sanguino Pen~a Mon, 14 Oct 2002 15:30:03 +0200 + +tiger (3.1-3) unstable; urgency=low + + * Removed DSA update in the package build (Closes: #164216) + * Updated to latest DSAs + + -- Javier Fernandez-Sanguino Pen~a Fri, 11 Oct 2002 09:09:43 +0200 + +tiger (3.1-2) unstable; urgency=low + + * Added Build-Depends on autoconf since it's the only new thing + for building that has been included upstream. (Closes: #163969) + + -- Javier Fernandez-Sanguino Pen~a Thu, 10 Oct 2002 12:48:25 +0200 + +tiger (3.1-1) unstable; urgency=low + + * New upstream release which includes some fixes for Debian bugs + such as the "don't regenerate index" (Closes: #162590) + * Made debian/rules update automatically the advisories file (which + is now named debian_advisories so the previous chmod -x is not needed) + * Automatically remove CVS dirs from the package (Closes: #154343) + * Fixed bashisms in check_rcumask (Closes: #159444) + * Changed check_passwd to not send false positives in Debian, it should + be fixed, however to support PAM too (Closes: #162593) + * Updated DSAs are now available + + -- Javier Fernandez-Sanguino Pen~a Thu, 25 Jul 2002 19:37:41 +0200 + +tiger (3.0-3) unstable; urgency=low + + * Updated to latest advisories. + + -- Javier Fernandez-Sanguino Pen~a Wed, 7 Aug 2002 10:33:47 +0200 + +tiger (3.0-2) unstable; urgency=low + + * Changed Linux' config file so that it sets LSGROUPS to nothing + Due to a change in fileutils-4.1.1 which changed the standard + behavior from "showing groups (but really doing nothing)" to + "not showing the owner" ! (Closes: #155588) + * Modified config to set the environment properly (this was the + first workaround I tried for the previous bug, didn't fix it but + it seems better to leave the locale's environment, just in case...) + + -- Javier Fernandez-Sanguino Pen~a Tue, 6 Aug 2002 17:06:01 +0200 + +tiger (3.0-1) unstable; urgency=low + + * New upstream release (based on savannah sources) + * Fix in order for deb_checkmd5sums to work with all sources (it was + limited due to a stupid bug) + * Included latest DSA advisories + * The new package provides a *very* short diff since changes regarding + Debian are added to the upstream sources too. + + -- Javier Fernandez-Sanguino Pen~a Tue, 18 Jun 2002 13:28:18 +0200 + +tiger (2.2.4p2-5) unstable; urgency=low + + * Added a GPL header to all the important scripts/files used by the + program (this means /, /scripts and /systems/{default,Linux}. + This was a requirement for adding tiger as a new project to the + savannah site. + (probably next upstream version and Debian diff file will be + reduced since I intend to make the current Debian codebase + upstream's 2.2.4p3) + * Added a new check scripts/check_runprocs (not currently configured to + run since it needs sysadmin to configure tigerrc properly to determine + which processes should be checked for) + * Added some more information to the README.Debian file and rewrote + some paragraphs. + * Written some notes on how to use Tiger as a host IDS. + * Chmod'ed many scripts in order to avoid lintian warnings. + * Changed tiger so it first reads tigerrc in the local directory + (useful for testing the package without installing or to use the tar.gz + in other environments) + * Fixed the scripts/check_anon in order to test if ftphome/etc/passwd + exists before grep'ing it. + + -- Javier Fernandez-Sanguino Pen~a Tue, 11 Jun 2002 23:02:12 +0200 + +tiger (2.2.4p2-4) unstable; urgency=low + + * Incorporated TARA changes including: + - Changed acc006 from FAIL to WARN (scripts/check_accounts). + - Added -H option for HTML output. + - Fixed scripts/check_cron for problems in entries. + - Fixed scripts/check_exports to avoid false positives. + - Fixed scripts/check_path due to problems with parse_csh. + - Change scripts/check_perm to not warn when owner is bin and + changed calls of echo to message(). + - Made some of the changes provided by ARC in scripts/check_inetd + (save for the SORT and JOIN changes which do not seem to work) + - Changed scripts/sub/check_devs to work with IRIX 6.5 + - Changed GROUPS to GROUPSS as ARC team does since it (might) + be a readonly variable in some shells (see bash(1)). Even though + it is not used in any script. + + * Created a new package to provide all the scripts for other operating + systems (Warning: you still need to compile the C programs: getpermit, + md5, realpath, snefru and testsuid in those platforms for tiger to work + fully). + * Added Tiger_Check_SYSTEM to the distributed tigerrc + * Added some Linux specific checks (gdm, xdm) in scripts/check_root + * Created (new) systems/Linux/2/check_inittab script (for ctraltdel issue + from Bastille). + * Created (new) systems/Linux/2/check_rcumask script to check umask settings + for the RC boot scripts. + * Created (new) scripts/check_ftpusers script to check for administrative + users that are allowed access in the FTP server. + * Created (new) scripts/check_tcpd script to check for changes in the + way inetd services are being protected through the use of tcp_wrappers. + This script has been written based on check_inetd. + * Modified scripts/check_sendmail to check for sendmail.cf's banner + * Note. This new scripts have not been added to the cron entry. They will + only be run when running the 'tiger' script. + + * Written some README files: howto write modules (README.writemodules),. + how much time does it take for scripts to run (README.time), and + information on making signatures (README.signatures) + + * Changed tigexp to work if issued -F with no second argument + + -- Javier Fernandez-Sanguino Pen~a Sun, 26 May 2002 01:58:53 +0200 + +tiger (2.2.4p2-3) unstable; urgency=low + + * Fixed typo in spanish template description. + + -- Javier Fernandez-Sanguino Pen~a Tue, 14 May 2002 13:49:33 +0200 + +tiger (2.2.4p2-2) unstable; urgency=low + + * Fixed filesystem permissions (execution bit) for Linux specific + scripts + * Changed scripts/check_anon to avoid error when checking for + $ftphome/etc/passwd. + * Updated security advisories. + + -- Javier Fernandez-Sanguino Pen~a Fri, 10 May 2002 09:55:41 +0200 + +tiger (2.2.4p2-1) unstable; urgency=low + + * This is the "I finally merged with Bryan Gartner's tarball" release + * Cosmetic upgrade in version number due to too many changes in the + sytem specific checks (AIX, Solaris et al.) derivated from tara sources. + (thus this release might be labeled "new upstream", avoid 2.2.4p1 since + it is used in TAMU's distribution) + * Updated to latest debian DSAs. + * Next release will have a new package to provide all the scripts for + other Operating systems so that a central Debian server can be used + with network filesystems as a single point of script distribution. + * Included tara's new check and scripts checks: devices, issue, + lilo, logfiles, network, patches, release, root, rootdir, single and + tripwire_run (this last one is deactivated in Debian since + the package, if installed, will do the checks) + * Included the following systems without changes: AIX-4, IRIX-{4,5,6}, + Linux-1, Next-3, UNICOS, UNICOSMK + * Instead of cp'ing all the SunOS files I ln -s all directories that + were equal in order to reduce space in the source package (and diff) + * Included the two new utils to convert into HTML + * Changed realpath.c, snefru.c as described in CHANGES.ARSC + * Merged patches from ASCR in files: check_accounts, check_cron, check_group, + check_inetd, check_passwd, check_sendmail, systems/Linux/2/gen_mounts, + tiger. + * Updated scripts (not changed in Debian): check_path + * Fixed Linux's gen_cron to include CRONSPOOL and fixed + systems/Linux/2/config to properly configure it (was set to /usr + instead of /var) since it was not used this was not detected until now. + * Updated the tiger configuration file (tigerrc) + * Updated the manpage tiger.8 + * Moved check_listening from Linux-specific to all the generic location + (since it will work in any UNIX system with NETSAT). + Changed tigerrc accordingly adding Tiger_Check_LISTENING variable + and renaming the previous variables for this check. + * De-activated RedHat's specific (and written in Perl) check_network + script. TODO: rewrite it in shell script and remove RedHat-specific + stuff. + * Moved the Linux specific checks provided by Paul Telford to + systems/Linux/2/ since they are not appropiate to other systems + (for consistency) + * Fixed check_release as provided by Paul Telford (some typos and not + correctly programmed) + * Applied some of the changes described in the Changes.ARSC. It seems these + were not included in the TARA distribution (for some reason). + REMINDER: ask for these to the ARSC team. + * Fixed check_sendmail's pattern matching (wrong reports on dates) and made + it properly Y2k. + * Fixed (again) the postinst... let's see if I get it right this time... + * Moved the FQDN check from 'tiger' to 'config' (since it is used by both + tiger and tigercron) + + -- Javier Fernandez-Sanguino Pen~a Tue, 30 Apr 2002 16:16:31 +0200 + +tiger (2.2.4-22) unstable; urgency=low + + * This is the "Yes, I was on vacation fixing bugs release (I)" + * Applied patch Marcel that fixes some long-standing issues, did not change + BASEDIR to basedir since it should work that way but *did* change typo + which made diff's against previous run not to work (Closes: #139221) + * Fixed Linux/2/gen_export_sets tpo (Closes: #139667) + * Modified Linux/2/config so that findcmd() looks first for binaries generated + by Tiger, including realpath (Closes: #139669) + * Modified deb_checkmd5sum to "understand" locale.nopurge configuration. + Currently experimental, but seems to work fine. Admins that fixed this + through templates will, however, have to remake them (Closes: #123891) + * Since realpath's Linux does not work as tiger's realpath -d, removed it + from the Recommends: (use tiger's instead) + * Added -u option in gen_listeningprocs (UDP sockets are not shown if using + netstat, this was an unreported bug) + * Added warning to the tigerrc regarding user's Tiger_ListeningProc (will + not work if using NETSTAT and not LSOF) + * Added the Tiger_Check_EVERYLISTENING option which will report if a + service is listening on *all* interfaces, default is Y, if set to 'N' + only processes run by users different from Tiger_ListeningProcs will be + reported. Changed gen_listeningprocs for this to work (Closes: #138855) + * Changed the name of gen_listeningprocs to check_listeningprocs (more + proper and consistent) + * Provided some more documentation in the tiger.8 manpage detailing which + modules are available + * Check_listeningprocs has been modified to allow it to not warn on + processes when using the Tiger_Listening_ValidProc variable in + /etc/tigerrc this allows admins to remove processes which can dynamically + change TCP/IP port (Closes: #134085) + * Changed Tiger_Listening_Proc to Tiger_Listening_ValidUser (more precise). + WARNING: Postinst will not change this from the config file! + * The changes introduced in check_listeningprocs as well as the + check-against-template behavior configuration will (hopefully) reduce greatly + false positives if properly configured (Closes: #126635) + * Set Tiger_Check_CRACK to 'N' by default and removed cron job since this + feature does not work. Added 'john' Recommends: since the Debian package + does provide that feature by itself. + * Added check_sendmail to SCRIPTS in the Makefile (it was not being + installed, unreported bug) + + -- Javier Fernandez-Sanguino Pen~a Wed, 27 Mar 2002 14:31:14 +0100 + +tiger (2.2.4-21) unstable; urgency=low + + * Changed deb_nopackfile so it also checks the diversions file + (Closes: #129343) + * Fixed deb_md5sums to work with files with namespaces by using + quotes properly (Closes: #129339) + * Updated Debian Advisories (cvs, xsane...) + + -- Javier Fernandez-Sanguino Pen~a Mon, 4 Mar 2002 21:15:25 +0100 + +tiger (2.2.4-20) unstable; urgency=low + + * Fixed check_known's grep which did not work on Solaris boxes... + * Fixed systems/SunOS/ so that it can find the CUT command too + * Changed scripts/check_known to use HEAD instead of TAIL in the + mail spool checks (Closes: #135202) + * Changed scripts/check_anon to check if the ftp user is in the + system's passwords (Closes: #135205) + * Added proper dependecies (based on systems/Linux/2/config) + (Closes: #128796) + * Added an Tiger_Output_FQDN option so that it uses hostname -f + as the system name for reports (Closes: #129526) + * Added version.h to the package in order for tiger to determine + the current Tiger version. + * Fixed debconf note (Closes: #136298) + * Added an alternative (and better) template location: /etc/tiger/templates + * Updated Debian DSA's + + -- Javier Fernandez-Sanguino Pen~a Fri, 1 Mar 2002 09:50:19 +0100 + +tiger (2.2.4-19) unstable; urgency=medium + + * Fixed gen_listeningprocs typo and added SORT to reduce output + + -- Javier Fernandez-Sanguino Pen~a Wed, 9 Jan 2002 19:20:19 +0100 + +tiger (2.2.4-18) unstable; urgency=low + + * Fixed the deb_nopackfiles so it uses -x -F and will not be confused by + strange file names (i.e. [) this also avoids filenames being interpreted + as regular expressions (Closes: #126569) + * Fixed deb_md5sums so it does not follow symlinks (sometimes they get + followed to unexistant files) + * Modified check_accounts so that it does not give warnings for accounts + of uid < 999 (system accounts in Debian GNU/Linux) by introducing a new + tigerrc variable (Tiger_Accounts_Trust) + * Added tiger-2.2.3p1-patch from TAMU + * Added some more info to the debian/copyright file + * Added the fix_tiger_GROUPS.sh script to a "contrib" area + * Added -p option to netstat and reduced output with grep -v STREAM :) + * Improved gen_listeningprocs so only uniq processes are shown listening + to the same socket, also, UDP sockets are now listed too with lsof and + netstat + * Fixed check_inetd so it does not do a 'set' when an empty line is found + * Modified difflogs intensively since it was not working properly, added + a new feature and varialbes in tigerrc so that cron jobs can be compared + against "template" (policy-compliant?) runs. This can reduce false positives + even if they cannot be reduced in a given module. + * Added configurable Tiger_Listening_Procs for gen_listeningprocs to + customize for local security policy (Closes: #126635) + * Added debconf note (borrowed from snort) to configure mails receiver + (Closes: #122256) + * Added debconf note to warn the user to adapt to security policy + * Fixed lintian errors. + * Update DSAs + + -- Javier Fernandez-Sanguino Pen~a Wed, 26 Dec 2001 13:48:13 +0100 + +tiger (2.2.4-17) unstable; urgency=high + + * Fixed typo in systems/Linux/2/gen_passwds_setgs (aggggh!! introduced + when nisplus was commented out) + + -- Javier Fernandez-Sanguino Pen~a Wed, 26 Dec 2001 10:18:53 +0100 + +tiger (2.2.4-16) unstable; urgency=medium + + * Added -rf to prerm script when purging. + * Commented nisplus from the gen_passwd_sets since there is no NISCAT in + Linux + * Fixed scripts/check_known so it works properly in NIS environments. + now uses the passwd_set properly instead of passwd_source + + -- Javier Fernandez-Sanguino Pen~a Fri, 21 Dec 2001 09:57:28 +0100 + +tiger (2.2.4-15) unstable; urgency=low + + * Changed gen_passwd_sets for Linux so it now recognises NIS/NISPLUS and + does not depend on shadow passwords being installed (Closes: #113132, + #125792) + * /etc/cron.d/tiger now listed in conffiles (Closes: #124142) + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Dec 2001 10:33:16 +0100 + +tiger (2.2.4-14) unstable; urgency=high + + * Updated the services file and modified the check_inetd scripts so now it + only warns if several services share port numbers (the check was + originally made to only handle one service per port) (Closes: #123730) + + -- Javier Fernandez-Sanguino Pen~a Thu, 13 Dec 2001 10:36:37 +0100 + +tiger (2.2.4-13) unstable; urgency=low + + * Fixed tigercron shell problem which made it not work properly + (Closes: #123116) + * Setup tigerrrc so that Tiger_DPKG_Optimize defaults to 'Y' + + -- Javier Fernandez-Sanguino Pen~a Mon, 10 Dec 2001 11:34:06 +0100 + +tiger (2.2.4-12) unstable; urgency=high + + * Fixed cronrc so CPU consuming tasks are run once a day + (Closes: #122378) + * Fixed check_passwd so that uids and usernames are looked for correctly + (Closes: #122391) + * Updated services file (Closes: #122338) + * Fixed file control list (Closes: #122337) + * Updated Debian Security Advisories + * Provided new (untested) method to bypass DPKG in some tests through + the $Tiger_DPKG_Optimize variable in tigerrc (default N) (Closes: #122678) + * Changed deb_nopackfiles and deb_checkadvisories to work in optimize and + non-optimize method (using grep, cut, et al in the /var/lib/dpkg area) + * Fixed Debian specific scripts (==) + * Fixed Linux's gen_export_sets (nobody yelled yet, but it did not work + in the previous release) + * Fixed deb_checkadvisories so it correctly located the list of packages + (Note: takes too much time currently to finish) + + -- Javier Fernandez-Sanguino Pen~a Fri, 7 Dec 2001 10:12:36 +0100 + +tiger (2.2.4-11) unstable; urgency=medium + + * Changed file_access_list for Linux so /etc/aliases can be world readable (Closes: #112159) + * Fixed getuserhome command so it does not return directories beginning + with ~. This fixes tiger from incorrectly guessing the ftp directory + (Closes: #121800, #114008) + * Fixed /var/run/utmp file permissions to follow Debian standards (Closes: #121501, #112217) + * Fixed config.tbl since Debian-specific scripts were not being run. + * Fixed gen_passwd_sets so it now understands MD5 passwds (Closes: #112170, #117342) + * Fixed disk device checks in check_perm so that it does not complain + for /dev/hd* which belong to group 'disk' (Closes: #112218) + * Changed the postrm script so all files are removed on purge (Closes: #116267) + * Changed MAILER from mail to sendmail so we can send 'Subject' and 'From' + (Closes: #120679, #121681) + * Fixed tigercron so mails get sent properly with a From line, since the + information is now sent to the mailer and not to the Tiger log no + mails should be sent out if they do not include useful information + (tiger takes care of diffing out reports) (Closes: #114334, #113588) + * Added Recommends on mail transport agent since it's used for cron reporting. + * Fixed gen_export_sets for Linux so it properly warns when using + Linux's /etc/exports + * Added a tag in tigerrc to disable reporting when nothing important + happens (Closes: #113588) + * Changed check_passwd so it now says how many times uids or usernames + appear repeated (Closes: #117117) + + -- Javier Fernandez-Sanguino Pen~a Sun, 2 Dec 2001 16:21:16 +0100 + +tiger (2.2.4-10) unstable; urgency=low + + * Updated the Debian Security Advisories checked for. + * Removed non-Linux systems (Closes: #111038) + * SCRH line of findcmd is now fixed (Closes: #112216) + * Fixed services file for Linux (Closes: #115031, #114033) + + -- Javier Fernandez-Sanguino Pen~a Sun, 2 Dec 2001 16:21:16 +0100 + +tiger (2.2.4-9) unstable; urgency=low + + * Added From: header to the tiger cron output + + -- Javier Fernandez-Sanguino Pen~a Wed, 26 Sep 2001 01:11:06 +0200 + +tiger (2.2.4-8) unstable; urgency=low + + * Fixed tigercron so that it includes the hostname in the mail subject (Closes: #113462) + + -- Javier Fernandez-Sanguino Pen~a Tue, 25 Sep 2001 15:19:30 +0200 + +tiger (2.2.4-7) unstable; urgency=low + + * Fixed script/check_rhosts so it does not warn about comments + * Added some new issues in Debian systems which tiger does not + check properly + * Really fixed SRCH line (Closes: #112870) + * Added some more info regarding false positives in Debian in the README.Debian file + + -- Javier Fernandez-Sanguino Pen~a Sun, 23 Sep 2001 00:55:42 +0200 + +tiger (2.2.4-6) unstable; urgency=low + + * Fixed Linux/2/config not being able to find SNEFRU, by adding + /usr/lib/tiger/bin to the SRCH line (Closes: #112870) + * Fixed Linux/2/config not finding CUT since it was not exported (Closes: #112871) + * Updated data from Debian Advisories from the WML sources + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Sep 2001 10:46:58 +0200 + +tiger (2.2.4-5) unstable; urgency=low + + * Fixed debian/control file (Closes: #112532) + + -- Javier Fernandez-Sanguino Pen~a Mon, 17 Sep 2001 18:09:35 +0200 + +tiger (2.2.4-4) unstable; urgency=low + + * Added subjet to tiger's cron report (Closes: #112222, #112161) + * Fixed mail check in order to compare against uid and not username + (hopefully it will work with Debian and other Unices but I'm not sure + ls -n is available there) (Closes: #112162) + * Binaries now get compiled at build time + * Removed ./c from Makefile + * Subsituted corrupted .c files on c/ (md5.c and snefru.c) (Closes: #112216) + * Modified scripts/check_know so it checks on uids and not on names (Closes: #112162) + + -- Javier Fernandez-Sanguino Pen~a Fri, 14 Sep 2001 20:34:30 +0200 + +tiger (2.2.4-3) unstable; urgency=high + + * Fixed cron entry (Closes: #111795) + + -- Javier Fernandez-Sanguino Pen~a Mon, 10 Sep 2001 18:27:21 +0200 + +tiger (2.2.4-2) unstable; urgency=low + + * Removed tigerrc(8) reference in manpage (Closes: #110528) + * Installed tigexp in sbin (Closes: #110535) + * Updated the services file for Linux with a new script that updates it + from the system /etc/services. Should close some of the false positives + regarding #110531 + + -- Javier Fernandez-Sanguino Pen~a Wed, 29 Aug 2001 16:03:29 +0200 + +tiger (2.2.4-1) unstable; urgency=low + + * Initial Release. + * Changed GROUPS variable to GROUPC since it seems to conflict with bash + * Modified Makefile so it installs correctly + * Provided a new check for open sockets and Debian specific checks for + md5sums of installed files and package associatons of installed files. + + -- Javier Fernandez-Sanguino Pen~a Thu, 23 Aug 2001 15:07:16 +0200 + --- tiger-3.2.2.orig/debian/compat +++ tiger-3.2.2/debian/compat @@ -0,0 +1 @@ +4 --- tiger-3.2.2.orig/debian/config +++ tiger-3.2.2/debian/config @@ -0,0 +1,13 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +db_input medium tiger/mail_rcpt || true +db_input medium tiger/policy_adapt || true +# Only ask for it if necessary +cruft=`find /var/log/ -type f -maxdepth 1 -name "tiger*"` +if [ ! -z "$cruft" ] ; then + db_input low tiger/remove_mess || true +fi +db_go + --- tiger-3.2.2.orig/debian/control +++ tiger-3.2.2/debian/control @@ -0,0 +1,38 @@ +Source: tiger +Section: admin +Priority: optional +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Javier Fernandez-Sanguino Pen~a +Build-Depends: debhelper (>= 4.1.13), autoconf, po-debconf (>= 0.5.0) +Standards-Version: 3.6.0.1 + +Package: tiger +Architecture: any +Depends: diff (>=2.0), net-tools, coreutils, binutils, bsdmainutils, debconf | debconf-2.0, ${shlibs:Depends} +Recommends: sendmail | mail-transport-agent, john, chkrootkit +Suggests: lsof +Description: Report system security vulnerabilities + TIGER, or the 'tiger' scripts, is a set of Bourne shell + scripts, C programs and data files which are used to perform + a security audit of UNIX systems. TIGER has one primary goal: + report ways 'root' can be compromised. + . + Debian's TIGER incorporates new checks primarily oriented towards + Debian distribution including: md5sums checks of installed files, + location of files not belonging to packages, check of security + advisories and analysis of local listening processes. + +Package: tiger-otheros +Architecture: any +Depends: tiger +Description: Scripts to run Tiger in other operating systems + TIGER, or the 'tiger' scripts, is a set of Bourne shell + scripts, C programs and data files which are used to perform + a security audit of UNIX systems. TIGER has one primary goal: + report ways 'root' can be compromised. + . + This package provides all the scripts for operating systems other + than Linux provided for in the Tiger distribution. It is provided + in the hope it will be useful for admins that wish to run tiger + in a distributed environment sharing this files through the network + (e.g. NFS). --- tiger-3.2.2.orig/debian/copyright +++ tiger-3.2.2/debian/copyright @@ -0,0 +1,46 @@ +This package was debianized by Javier Fernandez-Sanguino Pea + on Thu, 23 Aug 2001 15:07:16 +0200. + +It was downloaded from ftp://sunsite.unc.edu/pub/Linux/system/security +(original site is at http://www.net.tamu.edu/ftp/security/TAMU +more information at http://www.net.tamu.edu/network/tools/tiger.html) + +The TARA version which has been also integrated in this package +(even if the name of the upstream source has not been changed) is +available for download from http://www.arsc.com + + +Upstream Authors: + Douglas Lee Schales + Dave Hess + Khalid Warraich + Dave Safford +[modifications for support of Redhat Linux 2.x. made by] + Robert L. Ziegler (rlz@mediaone.net) +[modifications for NeXT, IRIX, SunOS 5.x, AIX 4, UNICOS systems + as well as a big number of bug fixes and new scripts, made by the + group from Advanced Research Corporation for tara, composed of:] + Liam Forbes + Nathan Bills and + Mike Kienenberger +[new checks for RedHat and Debian GNU/Linux 2.x. made by] + Paul Telford + Bryan Gartner +[modifications for support of Debian GNU/Linux 2.x. made by] + Javier Fernandez-Sanguino Pea + + +Copyright: (c) 1993 Texas A&M University Supercomputer Center + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 1, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +You can find a copy of the GPL license in your Debian system under +the /usr/share/common-licenses directory. --- tiger-3.2.2.orig/debian/cron.d +++ tiger-3.2.2/debian/cron.d @@ -0,0 +1,9 @@ +# +# Regular cron jobs for the tiger package +# +# Configuration file +DEFAULT=/etc/default/tiger +# default setting, overriden in the above file +NICETIGER=10 +# +0 * * * * root test -x /usr/sbin/tigercron && { [ -r "$DEFAULT" ] && . "$DEFAULT" ; nice -n$NICETIGER /usr/sbin/tigercron -q ; } --- tiger-3.2.2.orig/debian/debian.ignore +++ tiger-3.2.2/debian/debian.ignore @@ -0,0 +1,30 @@ +Login ID nobody is disabled, but still has a valid shell \(/bin/sh\) +Login ID mail's home directory \(/var/mail\) has group `mail' write access. +Login ID \w+'s parent directory \(/home\) has group `staff' write access. +Log file /var/log/wtmp permission should be 644 +Log file /var/log/btmp does not exist +Log file /var/run/utmp permission should be 644 +Log file /var/log/loginlog does not exist +Log file /var/log/messages permission should be 640 +The owner of /var/log/wtmp should be root (owned by utmp). +/var/log/wtmp should not have group write. +The owner of /var/run/utmp should be root (owned by utmp). +/var/run/utmp should not have group write. +/var/log/XFree86.0.log should not have world read. +/etc/fstab should not have group read. +/etc/fstab should not have world read. +/etc/inetd.conf should not have group read. +/etc/inetd.conf should not have world read. +/etc/pam.d/sudo should not have world read. +The directory /dev/ataraid resides in a device directory. +The directory /dev/cciss resides in a device directory. +The directory /dev/fd resides in a device directory. +The directory /dev/input resides in a device directory. +The directory /dev/pts resides in a device directory. +The directory /dev/rd resides in a device directory. +The directory /dev/usb resides in a device directory. +The directory /dev/ida resides in a device directory. +/dev/null has world permissions +/dev/ptmx has world permissions +/dev/gpmctl has world permissions +/dev/gpmdata has world permissions --- tiger-3.2.2.orig/debian/dirs +++ tiger-3.2.2/debian/dirs @@ -0,0 +1,7 @@ +etc/tiger +etc/tiger/templates +etc/default +usr/sbin +usr/lib/tiger +var/lib/tiger/work +var/log/tiger --- tiger-3.2.2.orig/debian/docs +++ tiger-3.2.2/debian/docs @@ -0,0 +1,19 @@ +USING +BUGS.EXTERN +DESCRIPTION +CREDITS +README +README.1st +README.hostids +README.ignore +README.linux +README.logo +README.signatures +README.sources +README.time +README.unsupported +README.writemodules +TODO +tiger_logo_half.jpg +tiger_logo.jpg +tiger_logo_small.jpg --- tiger-3.2.2.orig/debian/po/POTFILES.in +++ tiger-3.2.2/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- tiger-3.2.2.orig/debian/po/cs.po +++ tiger-3.2.2/debian/po/cs.po @@ -0,0 +1,96 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2004-12-26 20:33+0100\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-2\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Kdo m dostvat denn potu?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Uivatel, kterho zde zadte, bude dostvat emaily, je \"tygr\" bhem dne " +"zasl. Tk se to pouze pi sputn \"tygra\" z cronu - na run spoutn " +"nem vliv. K tmto zprvm bude mt pstup i administrtor, protoe jejich " +"kopie se ukldaj do adrese /var/log/tiger/." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Najdte si chvilku na pizpsoben \"tygra\"" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Soubory v adresi /etc/tiger/ byste si mli pizpsobit sv mstn " +"bezpenostn politice. V prv ad se jedn o /etc/tiger/tigerrc, kde " +"nastavte testy, kter se budou spoutt, spolu s dalmi informacemi, " +"ktermi omezte falen poplachy. Ve druh ad je poteba v souboru " +"/etc/tiger/cronrc nastavit, kdy se maj testy soutt. Za tet, protoe " +"podle va politiky nemus bt varovn nkterch modul dleit, mete " +"v /etc/tiger/templates/ nadefinovat pslunou ablonu. Pi samotnm " +"sputn bude vstup kontrolovn oproti nadefinovanm ablonm (vdy jedna " +"ablona pro jeden modul) a budou hlena pouze nov varovn." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Odstranit ablony z chybovch verz \"tygra\"" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"Pvodn verze balku tiger z Debianu 3.1 obsahovaly chybu, dky kter se " +"ablony msto ve /var/log/tiger/ vytvely ve /var/log/. S tm ovem " +"program nepot a ablony se nepouij. Tyto soubory mete zachovat, " +"pout jako ablony a pesunout je na sprvn msto run. Balk to " +"neprovede automaticky, aby omylem nesmazal exisujc ablony. Pokud " +"naleznu takto patn umstn soubory, mm je odstranit?" --- tiger-3.2.2.orig/debian/po/da.po +++ tiger-3.2.2/debian/po/da.po @@ -0,0 +1,105 @@ +# translation of tiger_1:3.2.1-7-da.po to Danish +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Claus Hindsgaul , 2004. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger_1:3.2.1-7-da\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2004-02-27 11:22+0100\n" +"Last-Translator: Claus Hindsgaul \n" +"Language-Team: Danish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.3\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Hvem skal modtage de daglige breve?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Den bruger, du angiver herunder, vil modtage alle de breve, 'tiger' sender " +"i lbet af dagen, nr den krer sine cron-jobs. Dette vil ikke betyde at " +"brugeren vil modtage rapporter hver gang 'tiger'-programmet bliver krt " +"af andre. Bemrk ogs at enhver administrator vil have adgang til rapporterne, " +"da de ligger i mappen /var/log/tiger/." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Brug et jeblik p at stte 'tiger' op" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Du br redigere filerne i /etc/tiger/, s de modsvarer din lokale " +"sikkerhedspolitik. For det frste br du justere hvilke slags tjek, " +"der skal udfres p dette system, ligesom du br give de ndvendige " +"oplysninger til at reducere antallet af falske positive (i " +"/etc/tiger/tigerrc). For det andet br du angive hvornr tjekkene " +"skal udfres (i /etc/tiger/cronrc). For det tredje br du definere " +"en given skabelonfil i /etc/tiger/templates ud fra krsler med hvert " +"af modulerne, da visse moduler advarer om ting, der ikke ndvendigvis " +"anses for problematiske i forhold til netop din sikkerhedspolitik. " +"S snart de er defineret, vil alle krsler blive holdt op med hver " +"enkelt af de tilgngelige skabeloner (en for hvert modul), og kun nye " +"advarsler vil blive udsendt." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Fjern skabeloner fra fejlbehftede 'tiger'-versioner" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"I starten blev Debians Tiger-version 3.1 distribueret med en fejl, der " +"gjorde at skabelonerne blev oprettet under /var/log/ i stedet for " +"/var/log/tiger. Under almindelig drift antages det at skabelonerne ligger " +"under /var/log/tiger/ og disse skabeloner vil ikke vre til gavn for nyere " +"Tiger-versioner. Hvis du nsker det, kan du gemme en kopi af dem (til brug " +"som skabeloner) og selv flytte dem til deres korrekte placering. Pakken vil " +"undlade at gre dette automatisk, for at undg at fjerne tidligere skabeloner. " +"Skal disse filer fjernes, hvis de findes?" + --- tiger-3.2.2.orig/debian/po/de.po +++ tiger-3.2.2/debian/po/de.po @@ -0,0 +1,102 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# Erik Schanze , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger_1:3.2.1-26_de\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2005-06-03 22:49+0200\n" +"Last-Translator: Erik Schanze \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Wer soll die täglichen E-Mails empfangen?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Der Benutzer, den Sie unten eingeben, wird alle von 'tiger' versandten " +"E-Mails erhalten, wenn die Cron-Jobs laufen. Das bedeutet nicht, dass der " +"Benutzer Berichte erhält, wenn Sie 'tiger' als einzelnes Programm aufrufen. " +"Beachten Sie auch, dass jeder Administrator auf die Berichte zugreifen kann, " +"weil sie im Verzeichnis /var/log/tiger/ verfügbar sind." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Nehmen Sie sich die Zeit, 'tiger' einzurichten." + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Sie sollten die Dateien im Verzeichnis /etc/tiger/ an Ihre Sicherheits- " +"Richtlinie anpassen. Zuerst sollten Sie die Tests einrichten, die auf Ihrem " +"System gemacht werden und die Daten für die Tests (in der Datei " +"/etc/tiger/tigerrc) bereitstellen, um Falschmeldungen zu vermeiden. Dann " +"sollten Sie (in der Datei /etc/tiger/cronrc) einstellen, zu welchen Zeiten " +"die Tests gemacht werden. Danach sollten Sie aus den Durchläufen der Module " +"Schablonen (im Verzeichnis /etc/tiger/templates/) erstellen, wenn Module " +"Warnungen ausgeben, die für Ihre Sicherheits-Richtlinie nicht problematisch " +"sind. Sind die Schablonen erstellt, wird jeder Durchlauf mit den verfügbaren " +"Schablonen (eine pro Modul) verglichen und es werden nur neue Warnungen " +"angezeigt." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Schablonen einer fehlerhaften 'tiger'-Version entfernen" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"Anfänglich enthielt die 'tiger'-Version in Debian 3.1 einen Fehler, bei dem " +"die Schablonen im Verzeichnis /var/log/ anstelle von /var/log/tiger/ angelegt " +"wurden. Die Schablonen werden aber im Verzeichnis /var/log/tiger/ erwartet und " +"die anderen werden bei neueren Versionen von 'tiger' nicht funktionieren. Sie " +"wollen vielleicht eine Kopie (als Schablonen) behalten und sie selbst an die " +"richtige Stelle legen. Das Paket tut das nicht automatisch, um nicht frühere " +"Schablonen zu entfernen. Sollen diese Dateien gelöscht werden, wenn welche " +"gefunden werden?" + --- tiger-3.2.2.orig/debian/po/es.po +++ tiger-3.2.2/debian/po/es.po @@ -0,0 +1,102 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 3.2.1-7\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2004-02-42 21:52+0200\n" +"Last-Translator: Javier Fernandez-Sanguino \n" +"Language-Team: Debian-Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Quin debera recibir los correos diarios?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"El usuario que introduzca abajo recibir todos los correos que 'tiger' enve " +"a lo largo del da durante la ejecucin de las tareas programadas en el " +"cron. Esto no significa que cuando se ejecute 'tiger' de forma independiente " +"vaya a recibir los informes. Tambin tome nota de que cualquier " +"administrador podr acceder a los informes dado que estn disponibles en el " +"directorio /var/log/tiger/." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Tomese un momento para configurar 'tiger'" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Debera configurar los ficheros en /etc/tiger/ para adaptarlos a su poltica " +"de seguridad local. En primer lugar, adapte el tipo de pruebas que se " +"realizarn en su sistema, as como la informacin que stos necesitan para " +"reducir falsos positivos (en /etc/tiger/tigerrc). En segundo lugar, ajuste " +"los momentos en los que se realizarn los tests (en /etc/tiger/cronrc). Y en " +"ltimo lugar, dado que los errores que tiger considera pueden no serlos en " +"funcin de su poltica de seguridad actual, defina una plantilla en /etc/" +"tiger/templates/ utilizando ejecuciones previas para los mdulos. Una vez la " +"defina, todas las ejecuciones subsiguientes se comprobarn contra las " +"plantillas disponibles (una por mdulo) y slo se indicarn los nuevos " +"errores." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Eliminar plantillas de versiones rotas de 'tiger'" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"Se distribuy una versin de Debian Tiger 3.1 que tena una errata que haca " +"que se crearan plantillas bajo /var/log en lugar de bajo /var/log/tiger. " +"Para funcionar correctamente, las plantillas deben estar bajo /var/log/tiger" +" y por tanto las plantillas antiguas no son tiles para versiones ms " +"modernas de Tiger. Puede que quiera guardar una copia de stas o moverlas " +"de forma manual a su nueva ubacin. Este paquete no realizar esta operacin " +"de forma automtica para evitar la eliminacin de las plantillas ya existentes." +"Debera borrar estos ficheros si los encuentro?" --- tiger-3.2.2.orig/debian/po/fr.po +++ tiger-3.2.2/debian/po/fr.po @@ -0,0 +1,103 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.1-2\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2003-10-31 15:51+0100\n" +"Last-Translator: Nicolas Bertolissio \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Destinataire des courriels quotidiens:" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"L'utilisateur que vous indiquerez recevra tous les courriels " +"envoys par tiger lors de l'excution des tches priodiques. Cet " +"utilisateur ne recevra pas les rapports lors de l'excution directe du " +"programme tiger. Veuillez aussi noter que tout administrateur pourra " +"accder aux rapports puisqu'ils seront disponibles dans le rpertoire /var/log/" +"tiger/." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Prenez le temps de personnaliser tiger" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Vous devriez personnaliser les fichiers dans /etc/tiger/ pour les adapter " +"votre politique de scurit locale. Commencez par personnaliser (dans /etc/tiger/tigerrc) les " +"vrifications qui sont faites sur le systme, ainsi que les informations " +"ncessaires aux tests. Cela permettra de rduire le nombre de faux positifs. " +"Ensuite, personnalisez (dans /etc/tiger/cronrc) l'heure laquelle ces tests sont " +"excuts. Puis, si les avertissements de certains " +"modules peuvent tre ignors au regard de votre politique de " +"scurit actuelle, dfinissez un fichier de modle dans /etc/tiger/" +"templates/ aprs avoir utilis chaque module. Par la suite, aprs chaque " +"excution, le rsultat sera compar ces fichiers de modles " +"et seuls les " +"nouveaux avertissements seront signals." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Supprimer les modles des versions bogues de tiger?" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"Les versions3.1 de Tiger initialement distribues dans Debian " +"craient les modles dans /var/log/ au lieu de /var/log/tiger/. Le " +"fonctionnement normal suppose que les modles sont dans /var/log/tiger/. " +"Les modles situs dans /var/log ne seront pas utiliss par les versions de Tiger plus rcentes. " +"Vous pouvez souhaiter en conserver une copie (pour servir de rfrence) et les " +"dplacer manuellement au bon endroit. Cela ne sera pas effectu " +"automatiquement pour viter de supprimer les modles prcdents. Cette " +"option permet de supprimer ces anciens fichiers s'ils existent." --- tiger-3.2.2.orig/debian/po/ja.po +++ tiger-3.2.2/debian/po/ja.po @@ -0,0 +1,78 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2003-11-23 10:45+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "ݡȤΥ᡼ïޤ?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "cronjob ưƤ 'tiger' ᡼桼ʲϤƤ 'tiger' ץबñȤǼ¹Ԥ줿ˤΥ桼ݡȤȤ̣ǤϤޤ󡣴ԤǤ /var/log/tiger/ ǥ쥯ȥ˥ǤΤǥݡȤɤȤȤˤդƤ" + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "'tiger' Υޥˤ¿֤ޤ" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "ΥƥݥꥷŬ礵뤿ˤ /etc/tiger/ ʲΥե򥫥ޥʤФʤޤ󡣤ޤϤ false positive 򸺤餹ᡢƥȤɬפȤʤΥޥϤΤȡΥƥǹԤåμ༫Τ򤷤ޤ (/etc/tiger/tigerrc) 2ܤˡΥƥȤ¹Ԥ뤫 (/etc/tiger/cronrc) 3ܤˡ⥸塼뤬ȯٹδĤϡߤΥƥݥꥷ˾Ȥ餹ȤϤʤʤΤǡ줾Υ⥸塼뤬¹Ԥ /etc/tiger/templates/ ˤƥץ졼ȥեޤ (⥸塼뤴Ȥ) Ѳǽʥƥץ졼Ȥ줾ФƥåԤ졢ٹ夲ޤ" + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Х¿С 'tiger' Υƥץ졼Ȥޤ" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "ǽۤ줿 Debian tiger С 3.1 Ǥϥƥץ졼Ȥ /var/log/tiger/ ǤϤʤ /var/log/ ˺ȤХޤ̾ /var/log/tiger/ ʲ˥ƥץ졼ȤȲꤷƤΤǡΥƥץ졼ȤϿ tiger ǤѤޤ󡣤Υԡ (ƥץ졼ȤȤƻȤ) ¸ۤɼư֤ذưƤȻפ⤷ޤ󡣥ѥåϰΥƥץ졼ȤΤ򤱤뤿ᡢκȤưŪˤϼ¹Ԥޤ󡣤ɤƤ⤳Υեޤ?" --- tiger-3.2.2.orig/debian/po/nl.po +++ tiger-3.2.2/debian/po/nl.po @@ -0,0 +1,53 @@ +# Dutch po-debconf translation of Tiger +# Copyright (C) 2007 Javier Fernandez-Sanguino +# This file is distributed under the same license as the Tiger package. +# Bart Cornelis +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2007-01-13 20:22+0100\n" +"PO-Revision-Date: 2007-03-06 18:07+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Who should receive the daily mails?" +msgstr "Wie moet de dagelijkse e-mails ontvangen?" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "The user you enter below will receive all the emails that 'tiger' sends during the day when running the cron jobs. This does not mean that when executing the 'tiger' program standalone this user will receive the reports. Also note that any administrator will be able to access the reports since they are available in the /var/log/tiger/ directory." +msgstr "De hier aangegeven gebruiker zal alle e-mails ontvangen die tiger verstuurt wanneer deze wordt aangeroepen door cron. Dit geldt dus niet voor berichten die tiger genereert als het expliciet aangeroepen wordt. Overigens kan de beheerder de rapporten altijd inkijken in de map /var/log/tiger." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Gelieve de tijd te nemen op 'tiger' aan uw wensen aan te passen." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "You should customize the files at /etc/tiger/ to adapt to your local security policy. Firstly, customizing the kind of checks that will be made in this system, as well as the information needed for tests in order to reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, since some modules warnings might not be problems regarding your current security policy, define a given template file at /etc/tiger/templates/ using runs from each of the modules. Once defined, all the runs will be checked against each one of the templates available (one per module) and only new warnings will be issued." +msgstr "U kunt de bestanden in /etc/tiger/ best aanpassen aan uw lokale beveiligingsbeleid. U kunt eerst de soorten checks die op dit systeem uitgevoerd dienen te worden in te stellen, alsmede de informatie die deze testen nodig hebben om het aantal valse positieven te verminderen (in /etc/tiger/tigerrc). Daarnaast kunt u de tijdstippen waarop deze tests uitgevoerd worden aanpassen (in /etc/tiger/cronrc). Tenslotte kunt u template-bestanden aangeven (in /etc/tiger/templates) via de resultaten van uitgevoerde tests, eens een template gedefiniëerd is zal tiger de gegenereerde waarschuwingingen vergelijken met deze in de beschikbare templates (1 per module) en worden enkel nieuwe waarschuwingen aangegeven. Dit laat toe om waarschuwingen die geen probleem zijn voor uw beveiligingsbeleid te negeren." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Templates in problematische 'tiger'-versies verwijderen." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Initially Debian's 3.1 tiger versions were distributed with a bug that would cause templates to be created under /var/log/ instead of /var/log/tiger/. Normal operation assumes templates are under /var/log/tiger/ and these templates will not be useful in newer Tiger versions. You might want to preserve a copy of them (to use as templates) and move them manually under their proper location. The package will not do this automatically in order to avoid removing previous templates. Should we remove these files if any are found?" +msgstr "Debian's 3.1 versie van het 'tiger'-pakket is oorspronkelijk uitgegeven met een fout de templates aanmaakte in /var/log i.p.v. /var/log/tiger/ . Normale operatie neemt aan dat de templates zich in /var/log/tiger bevinden, en deze templates worden niet gebruikt in de nieuwere versies van tiger. Omdat u mogelijk een kopie hiervan wilt bewaren (om als templates te gebruiken), of deze handmatig naar de juiste locatie wilt verplaatsen, verwijdert dit pakket de vorige templates niet automatisch. Wilt u dat deze bestanden verwijderd worden indien aanwezig?" + --- tiger-3.2.2.orig/debian/po/pt.po +++ tiger-3.2.2/debian/po/pt.po @@ -0,0 +1,98 @@ +# Portuguese translation of tiger's debconf messages. +# Copyright (C) 2007 Javier Fernandez-Sanguino +# This file is distributed under the same license as the tiger package. +# Luísa Lourenço , 2007 +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.1-35\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2007-08-31 12:06+0000\n" +"PO-Revision-Date: 2007-03-19 15:41+0000\n" +"Last-Translator: Luísa Lourenço \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Who should receive the daily mails?" +msgstr "Quem deve receber os mails diários?" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"O utilizador que inserir abaixo irá receber todos os emails que o 'tiger' envia " +"durante o dia quando executa as tarefas cron. Isto não significa que quando executa " +"o programa isolado 'tiger', este utilizador irá receber os relatórios. Note " +"também que qualquer administrador poderá aceder a estes relatórios visto estarem " +"disponíveis na directoria /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Tire um minuto para personalizar o 'tiger'" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Deve personalizar os ficheiros em /etc/tiger/ para adoptarem a sua politica de " +"segurança local. Primeiro, personalize o tipo de verificações que irão ser feitas " +"neste sistema, assim como a informação necessária para testes para reduzir " +"falsos positivos (em /etc/tiger/tigerrc). Segundo, personalize as alturas a que" +"devem estes testes ser executados (em /etc/tiger/cronrc). E em terceiro, visto " +"que alguns avisos de módulos podem não ser problemas acerca da sua politica de " +"segurança actual, defina um ficheiro modelo em /etc/tiger/templates/ usando " +"execuções em cada um dos módulos. Assim que definidos, todas as execuções serão " +"verificadas para cada modelo disponível (um por módulo) e só alguns novos avisos " +"aparecerão." + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Remover modelos em versões do 'tiger' com bugs" + +#. Type: boolean +#. Description +#: ../templates:3001 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"Inicialmente as versões do Debian 3.1 do tiger eram distribuídas com um bug " +"que causava modelos serem criados sobre o /var/log/ em vez do /var/log/tiger/. " +"Operações normais assumem que os modelos estão em /var/log/tiger/ e estes " +"modelos não irão ser úteis em novas versões do Tiger. Poderá querer preservar " +"uma cópia desses modelos (para usar como modelos) e move-los manualmente sobre " +"a sua localização apropriada. O pacote não irá fazer isto automaticamente para " +"evitar remover modelos anteriores. Devem estes ficheiros ser removidos caso " +"sejam encontrados?" --- tiger-3.2.2.orig/debian/po/pt_BR.po +++ tiger-3.2.2/debian/po/pt_BR.po @@ -0,0 +1,105 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger_3.1-8\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2003-03-29 23:43-0300\n" +"Last-Translator: Andr Lus Lopes \n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Quem deve receber as mensagens diarias?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"O usurio informado abaixo ir receber todas as mensagens que o 'tiger' " +"enviar durante o dia quando executa os jobs do cron. Isto no significa que " +"quando o programa 'tiger' executado em modo standalone (no atravs de " +"jobs do cron) este usurio ir receber os relatrios. Note tambm que " +"quaisquer administradores sero capazes de acessar os relatrios uma vez que " +"os mesmos estaro disponveis no diretrio /var/log/tiger/." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Reserve um minuto para personalizar o 'tiger'" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Voc dever personalizar os arquivos em /etc/tiger/ e adapt-los para sua " +"poltica local de segurana. Primeiro, personalizando os tipos de checagens " +"que sero feitas neste sistema, bem como a informao necessria para os " +"testes de modo a reduzir a possibilidade de falsos positivos (em /etc/tiger/" +"tigerrc). Segundo, personalizando quando esses testes devero ser executados " +"(em /etc/tiger/cronrc). E terceiro, uma vez que alguns avisos (warnings) de " +"mdulos podem na verdade no ser problemas relacionados a sua poltica atual " +"de segurana local, definir um dado arquivo de modelo (template) em /etc/" +"tiger/template/ usando execues de cada um dos mdulos. Uma vez definidas, " +"todas as execues sero checadas contra cada um dos modelos disponveis (um " +"por mdulo) e somente novos avisos sero gerados." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Remover modelos em verses com erros do 'tiger'" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" +"Inicialmente as verses do Debian 3.1 do tiger foram distribudas com um bug " +"que fazia com que os modelos fossem criados sob /var/log ao invs de sob /" +"var/log/tiger. Operaes normais assumem que os modelos estejam sob /var/log/" +"tiger/ e esses modelos no sero teis em novas verses do Tiger. Voc pode " +"desejar preservar uma copia deles (para usar como modelos) e mov-los " +"manualmente sob sua prpria localizao. O pacote no ir fazer isso " +"automaticamente para evitar remover modelos anteriores. Esses arquivos devem " +"ser removidos caso sejam encontrados ?" + +#~ msgid "root" +#~ msgstr "root" --- tiger-3.2.2.orig/debian/po/sv.po +++ tiger-3.2.2/debian/po/sv.po @@ -0,0 +1,55 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.1-28 \n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2005-12-17 18:39+0100\n" +"Last-Translator: Daniel Nylander \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Vem ska ta emot dagliga e-postmeddelanden?" + +#. Description +#: ../templates:4 +msgid "The user you enter below will receive all the emails that 'tiger' sends during the day when running the cron jobs. This does not mean that when executing the 'tiger' program standalone this user will receive the reports. Also note that any administrator will be able to access the reports since they are available in the /var/log/tiger/ directory." +msgstr "Anvndaren du anger nedan kommer att ta emot all e-post som \"tiger\" skickar under dagen vid krning av cron-jobb. Detta betyder inte att denna anvndaren tar emot rapporter vid fristende krningar av programmet \"tiger\". Notera ven att alla administratrer kommer att ha mjligheten att tillt rapporter eftersom de r tillgngliga i katalogen /var/log/tiger/." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Spendera ngon minut p att anpassa \"tiger" + +#. Description +#: ../templates:13 +msgid "You should customize the files at /etc/tiger/ to adapt to your local security policy. Firstly, customizing the kind of checks that will be made in this system, as well as the information needed for tests in order to reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, since some modules warnings might not be problems regarding your current security policy, define a given template file at /etc/tiger/templates/ using runs from each of the modules. Once defined, all the runs will be checked against each one of the templates available (one per module) and only new warnings will be issued." +msgstr "Du br anpassa filerna i /etc/tiger fr att passa din lokala skerhetspolicy. Anpassa frst den typ av kontroll som ska gras i systemet, svl den information som behvs fr tester fr att eliminera falska-positiva (i /etc/tiger/tigerrc). Fr det andra, anpassa vilka tider dessa tester ska kras (i /etc/tiger/cronrc) och fr det tredje, eftersom vissa varningar frn moduler kanske inte r problem i din nuvarande skerhetspolicy, definiera en angiven mallfil i /etc/tiger/templates/ med krningar frn varje modul. Nr de r definierade kommer alla krningar att kontrolleras mot en av de tillgngliga mallarna (en per modul) och endast nya varningar kommer att visas." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Ta bort mallar i buggiga versioner av \"tiger" + +#. Description +#: ../templates:28 +msgid "Initially Debian's 3.1 tiger versions were distributed with a bug that would cause templates to be created under /var/log/ instead of /var/log/tiger/. Normal operation assumes templates are under /var/log/tiger/ and these templates will not be useful in newer Tiger versions. You might want to preserve a copy of them (to use as templates) and move them manually under their proper location. The package will not do this automatically in order to avoid removing previous templates. Should we remove these files if any are found?" +msgstr "Initialt sett var tiger-versionerna i Debian 3.1 utsnda med en bugg som kunde orsaka att mallar skapades under /var/log/ istllet fr i /var/log/tiger/. Normal krning antar att mallarna finns under /var/log/tiger/ och dessa mallar kommer inte vara anvndbara i senare versioner av Tiger. Du kanske vill behlla en kopia av dessa (fr att anvnda som nya mallar) och flytta dom manuellt under deras korrekta plats. Paketet kommer inte att gra detta automatiskt fr att undvika att ta bort fregende mallar. Ska vi ta bort dessa filer om de ptrffas?" + --- tiger-3.2.2.orig/debian/po/templates.pot +++ tiger-3.2.2/debian/po/templates.pot @@ -0,0 +1,78 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "" + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "" + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "" --- tiger-3.2.2.orig/debian/po/vi.po +++ tiger-3.2.2/debian/po/vi.po @@ -0,0 +1,73 @@ +# Vietnamese translation for tiger. +# Copyright © 2005 Free Software Foundation, Inc. +# Clytie Siddall , 2005. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1/3.2.1-26\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-10-10 19:26+0200\n" +"PO-Revision-Date: 2005-08-10 16:52+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0\n" +"X-Generator: LocFactoryEditor 1.2.2\n" + +#. Description +#: ../templates:4 +msgid "Who should receive the daily mails?" +msgstr "Ai nên nhận các thư hàng ngày?" + +#. Description +#: ../templates:4 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "Người dùng được nhập vào đây sẽ nhập mọi thư mà trình tiger gởi trong khi chạy công việc định kỳ (cron) hàng ngày. Không có nghĩa là người dùng này sẽ nhận các thông báo trong khi thực hiện trình riêng tiger. Cũng hãy ghi chú rằng bất cứ quản trị nào có thể truy cập các thông báo này, vì chúng có trong thư mục « /var/log/tiger/ »." + +#. Description +#: ../templates:13 +msgid "Take a minute to customize 'tiger'" +msgstr "Hãy mất một chút để tùy chỉnh trình tiger." + +#. Description +#: ../templates:13 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "Bạn nên tùy chỉnh những tập tin trong « /etc/tiger/ » để thích nghi với chính sách bảo mật của chỗ này.\n" +" • Tùy chỉnh kiểu việc kiểm tra sẽ xảy ra trong hệ thống này, cũng thông tin cần thiết khi kiểm tra để giảm số dương giả (trong « /etc/tiger/tigerrc »).\n" +" • Tùy chỉnh thời gian cần thực hiện việc kiểm tra (trong « /etc/tiger/cronrc »).\n" +" • Vì một số cảnh báo mô-đun có lẽ không là lỗi về chính sách bảo mật hiện thời, hãy định nghĩa một tập tin mẫu cho trước tại « /etc/tiger/templates/ », dùng việc chạy từ mỗi mô-đun. Một khi đã định nghĩa thì mọi việc chạy sẽ được kiểm tra so với mỗi mẫu sẵn sàng (một mẫu cho mỗi mô-đun), và sẽ cung cấp chỉ cảnh báo mới." + +#. Description +#: ../templates:28 +msgid "Remove templates in buggy 'tiger' versions" +msgstr "Loại bỏ mẫu ra phiên bản tiger có lỗi." + +#. Description +#: ../templates:28 +msgid "" +"Initially Debian's 3.1 tiger versions were distributed with a bug that would " +"cause templates to be created under /var/log/ instead of /var/log/tiger/. " +"Normal operation assumes templates are under /var/log/tiger/ and these " +"templates will not be useful in newer Tiger versions. You might want to " +"preserve a copy of them (to use as templates) and move them manually under " +"their proper location. The package will not do this automatically in order " +"to avoid removing previous templates. Should we remove these files if any " +"are found?" +msgstr "Trước, phiên bản tiger của Debian được phát hành với một lỗi gây ra mẫu được tạo dưới « /var/log/ » thay vào dưới « /var/log/tiger/ ». Thao tác chuẩn giả sử mọi mẫu có dưới « /var/log/tiger/ », thì mẫu cũ này sẽ không có ích trong phiên bản Tiger mới hơn. Có lẽ bạn muốn bảo quản bản sao của mẫu này (để sử dụng là mẫu), và tự di chuyẩn chúng vào vị trí đúng. Gói này sẽ không tự động làm như thế, để tránh loại bỏ mẫu trước. Bạn có muốn trình này loại bỏ tập tin mẫu cũ nào trong vị trí không đúng không?" --- tiger-3.2.2.orig/debian/postinst +++ tiger-3.2.2/debian/postinst @@ -0,0 +1,64 @@ +#!/bin/sh -e + +CONFIG=/etc/tiger/tigerrc + +. /usr/share/debconf/confmodule +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +remove_mess() { + # Do we have any tigerXX files under /var/log/? if so we should remove + # them. This were created due to bug #164682 ... + db_get tiger/remove_mess || true ; REMOVE="$RET" + [ "$REMOVE" = "true" ] && { + find /var/log/ -type f -maxdepth 1 -name "tiger*" |xargs rm -f + } + +} + +case "$1" in + install) + remove_mess + ;; + upgrade) + remove_mess + ;; + configure) + # edit config file + db_get tiger/mail_rcpt || true; MAIL_RCPT="$RET" + test -f $CONFIG || touch $CONFIG + sed -e "s/^Tiger_Mail_RCPT=.*$/Tiger_Mail_RCPT=\"$MAIL_RCPT\"/" < $CONFIG > $CONFIG.$$ + mv $CONFIG.$$ $CONFIG + remove_mess + ;; + abort-upgrade) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- tiger-3.2.2.orig/debian/postrm +++ tiger-3.2.2/debian/postrm @@ -0,0 +1,34 @@ +#! /bin/sh +# postrm script for tiger +# +# see: dh_installdeb(1) + +set -e + +case "$1" in + purge) + for dir in /var/log/tiger/ /var/lib/tiger/ /var/run/tiger/ + do + [ -d "$dir" ] && { + find $dir -type d -o -exec rm -f {} \; + find $dir -type d -depth -exec rmdir {} \; + } + done +# Do we have any tigerXX files under /var/log/? if so we should remove +# them. This were created due to bug #164682 ... + find /var/log/ -type f -name "tiger*" | xargs rm -f + + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) +# Do nothing + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# --- tiger-3.2.2.orig/debian/postrm.debhelper +++ tiger-3.2.2/debian/postrm.debhelper @@ -0,0 +1,6 @@ +# Automatically added by dh_installdebconf +if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge +fi +# End automatically added section --- tiger-3.2.2.orig/debian/rules +++ tiger-3.2.2/debian/rules @@ -0,0 +1,97 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# We depend on baashisms +SHELL=/bin/bash + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=4 + +build: build-stamp +build-stamp: + dh_testdir + + autoconf + ./configure --with-tigerhome=/usr/lib/tiger --with-tigerwork=/var/lib/tiger/work --with-tigerlog=/var/log/tiger --with-tigerbin=/usr/sbin --with-tigerconfig=/etc/tiger --prefix=/usr --mandir=/usr/share/man + $(MAKE) all + + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + [ -f Makefile ] && $(MAKE) distclean || $(MAKE) -f Makefile.in distclean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tiger. + $(MAKE) install DESTDIR=debian/tiger/ + # Just in case + chmod a+x debian/tiger/usr/lib/tiger/systems/Linux/2/{deb,gen,check}_* + chmod a+x debian/tiger/usr/lib/tiger/scripts/check_* + # This is not needed + -rm -rf debian/tiger/usr/lib/tiger/man/ + # Remove the systems that do not apply. + # Currently only Linux and default + # AIX/ default/ HPUX/ IRIX/ Linux/ NeXT/ SunOS/ UNICOS/ UNICOSMK + # TODO: make this for all dirs save for Linux and default (i.e. + # make this 'mv' more generic) + -find debian/tiger/ -type d -a -name "CVS" |xargs rm -rf + mv debian/tiger/usr/lib/tiger/systems/{AIX,HPUX,IRIX,NeXT,SunOS,UNICOS,UNICOSMK,Tru64,MacOSX} debian/tiger-otheros/usr/lib/tiger/systems/ + #install -m 755 debian/tiger debian/tiger/usr/sbin/ + #install -m 755 debian/tigexp debian/tiger/usr/sbin/ + #install -m 755 tigercron debian/tiger/usr/lib/tiger/ + install -m 600 cronrc debian/tiger/etc/tiger/ + install -m 600 tigerrc debian/tiger/etc/tiger/ + install -m 600 debian/tiger.default debian/tiger/etc/default/tiger + install -m 600 debian/debian.ignore debian/tiger/etc/tiger/tiger.ignore + install -m 644 version.h debian/tiger/usr/lib/tiger/ + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + dh_installexamples tigerrc* site* cronrc debian/server.ignore + dh_installmenu + dh_installcron + dh_installman man/tiger.8 man/tigexp.8 man/tigercron.8 + dh_installinfo + dh_installchangelogs CHANGES + dh_link + dh_strip -XHPUX -XSunOS -XAIX -XIRIX -XNeXT -XMacOSX + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps -XHPUX -XSunOS -XAIX -XIRIX -XNeXT -XMacOSX + dh_gencontrol + dh_md5sums + dh_builddeb + +update-dsa: +# Updated Debian Security Advisories +# This target should only be run by the Debian maintainer (which needs +# to fix the update_advisories appropiately) + cd systems/Linux/2 && sh update_advisories.sh +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- tiger-3.2.2.orig/debian/server.ignore +++ tiger-3.2.2/debian/server.ignore @@ -0,0 +1,15 @@ +# Mysql database server +Program mysqld \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /var/log/mysql/mysql\.err\.[[:digit:]]+ \(deleted\) +# Apache web server +Server /usr/sbin/apache \(pid [[:digit:]]+\) is using deleted files +Program apache \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /tmp/session_mm_apache0.sem \(deleted\) +The parent process of server /usr/sbin/apache \(pid [[:digit:]]+\) is using deleted files +# Cupds printer daemon +Server /usr/sbin/cupsd \(pid [[:digit:]]+\) is using deleted files +Program cupsd \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /var/log/cupsd/error_log\..* \(deleted\) +#Mailman list manager +Program python \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /var/log/mailman/.* \(deleted\) +# Squid proxy +Server \(squid\) .* \(pid [[:digit:]]+\) is using deleted files +# SSH users accessing remotely with X11 forwarding 'on' +The process `sshd' is listening on socket 6[[:digit:]]+ (TCP on loopback interface) is run by .* --- tiger-3.2.2.orig/debian/substvars +++ tiger-3.2.2/debian/substvars @@ -0,0 +1,2 @@ +misc:Depends=debconf (>= 0.5) | debconf-2.0 +shlibs:Depends=libc6 (>= 2.3.5-1) --- tiger-3.2.2.orig/debian/templates +++ tiger-3.2.2/debian/templates @@ -0,0 +1,36 @@ +Template: tiger/mail_rcpt +Type: string +Default: root +_Description: Who should receive the daily mails? + The user you enter below will receive all the emails that 'tiger' sends + during the day when running the cron jobs. This does not mean that when + executing the 'tiger' program standalone this user will receive the + reports. Also note that any administrator will be able to access the + reports since they are available in the /var/log/tiger/ directory. + +Template: tiger/policy_adapt +Type: note +_Description: Take a minute to customize 'tiger' + You should customize the files at /etc/tiger/ to adapt to your local + security policy. Firstly, customizing the kind of checks that will be made + in this system, as well as the information needed for tests in order to + reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at + what times these tests will be executed (in /etc/tiger/cronrc). And + thirdly, since some modules warnings might not be problems regarding your + current security policy, define a given template file at + /etc/tiger/templates/ using runs from each of the modules. Once defined, + all the runs will be checked against each one of the templates available + (one per module) and only new warnings will be issued. + +Template: tiger/remove_mess +Type: boolean +Default: true +_Description: Remove templates in buggy 'tiger' versions + Initially Debian's 3.1 tiger versions were distributed with a bug that + would cause templates to be created under /var/log/ instead of + /var/log/tiger/. Normal operation assumes templates are under + /var/log/tiger/ and these templates will not be useful in newer Tiger + versions. You might want to preserve a copy of them (to use as templates) + and move them manually under their proper location. The package will not + do this automatically in order to avoid removing previous templates. + Should we remove these files if any are found? --- tiger-3.2.2.orig/debian/tiger-otheros.dirs +++ tiger-3.2.2/debian/tiger-otheros.dirs @@ -0,0 +1 @@ +usr/lib/tiger/systems/ --- tiger-3.2.2.orig/debian/tiger.default +++ tiger-3.2.2/debian/tiger.default @@ -0,0 +1,6 @@ +# +# Default settings for /etc/cron.d/tiger +# + +# Nice level to use for Tiger when running through cron +NICETIGER=10 --- tiger-3.2.2.orig/debian/tiger.links +++ tiger-3.2.2/debian/tiger.links @@ -0,0 +1 @@ +usr/sbin/tigexp usr/lib/tiger/tigexp --- tiger-3.2.2.orig/debian/tigexp +++ tiger-3.2.2/debian/tigexp @@ -0,0 +1,4 @@ +#!/bin/sh +# Wrapper script for tiger + +cd /usr/lib/tiger && ./tigexp $* --- tiger-3.2.2.orig/debian/watch +++ tiger-3.2.2/debian/watch @@ -0,0 +1,8 @@ +# Example watch control file for uscan +# Rename this file to "watch" and then you can run the "uscan" command +# to check for upstream updates and more. +# Site Directory Pattern Version Script +ftp://www.net.tamu.edu /pub/security/TAMU/ tiger-(.*)\.tar\.gz debian uupdate +# Other archives +#ftp://coast.cs.purdue.edu /pub/tools/unix/tiger/TAMU/ tiger-(.*)\.tar\.gz debian uupdate +#ftp://sunsite.unc.edu /pub/Linux/system/security tiger-(.*)\.tar\.gz debian uupdate --- tiger-3.2.2.orig/doc/explain.idx +++ tiger-3.2.2/doc/explain.idx @@ -0,0 +1,428 @@ +acc001w accounts.txt 2 6 +acc002i accounts.txt 8 9 +acc003w accounts.txt 11 14 +acc004w accounts.txt 16 19 +acc005w accounts.txt 21 24 +acc006w accounts.txt 26 29 +acc007a accounts.txt 31 36 +acc008w accounts.txt 38 40 +acc009a accounts.txt 42 46 +acc010a accounts.txt 48 50 +acc010aw accounts.txt 52 58 +acc011w accounts.txt 60 62 +acc011wc accounts.txt 64 70 +acc012w accounts.txt 72 75 +acc012wc accounts.txt 77 84 +acc013w accounts.txt 86 94 +acc014f accounts.txt 96 97 +acc015w accounts.txt 99 100 +acc017w accounts.txt 102 104 +acc018w accounts.txt 106 109 +acc019w accounts.txt 111 113 +acc020w accounts.txt 115 116 +acc021w accounts.txt 118 121 +acc022w accounts.txt 123 126 +acc023w accounts.txt 128 130 +acc024f accounts.txt 132 $ +aide001i aide.txt 2 2 +aide002e aide.txt 4 7 +aide003wsum aide.txt 9 9 +aide003w aide.txt 11 14 +aide004w aide.txt 16 23 +aide005w aide.txt 25 $ +ali001i aliases.txt 2 4 +ali002f aliases.txt 6 7 +ali003 aliases.txt 9 11 +ali004 aliases.txt 13 16 +ali005w aliases.txt 18 20 +ali006i aliases.txt 22 24 +ali007 aliases.txt 26 28 +ali008 aliases.txt 30 $ +ftp001i anonftp.txt 2 3 +ftp002a anonftp.txt 5 10 +ftp003w anonftp.txt 12 20 +ftp004w anonftp.txt 22 28 +ftp005f anonftp.txt 30 36 +ftp006w anonftp.txt 38 44 +ftp007f anonftp.txt 46 51 +ftp007w anonftp.txt 53 59 +ftp008f anonftp.txt 61 68 +ftp008w anonftp.txt 70 77 +ftp009w anonftp.txt 79 84 +ftp010f anonftp.txt 86 91 +ftp010w anonftp.txt 93 98 +ftp011w anonftp.txt 100 $ +rationale background.txt 2 $ +con001c config.txt 2 3 +con002c config.txt 5 7 +con003c config.txt 9 11 +con004c config.txt 13 14 +con005c config.txt 16 19 +con006e config.txt 21 35 +con007c config.txt 37 41 +con008e config.txt 43 47 +con009e config.txt 49 52 +con010c config.txt 54 57 +init001e config.txt 59 73 +init002e config.txt 75 80 +init003c config.txt 82 83 +init004e config.txt 85 86 +init005e config.txt 88 91 +init006e config.txt 93 94 +init007e config.txt 96 97 +init008e config.txt 99 100 +init009e config.txt 102 105 +util001e config.txt 107 109 +util002e config.txt 111 112 +post001e config.txt 114 115 +read001i config.txt 117 118 +run001e config.txt 120 121 +run002e config.txt 123 $ +cron001w cron.txt 2 4 +cron002 cron.txt 6 10 +cron003 cron.txt 12 16 +cron004w cron.txt 18 22 +cron005w cron.txt 24 32 +cron006w cron.txt 34 37 +cron007i cron.txt 39 $ +deb001e debian.txt 2 $ +embed embed.txt 2 9 +embed001w embed.txt 11 18 +embed001i embed.txt 20 26 +embed002w embed.txt 28 39 +embed002i embed.txt 41 47 +embed003w embed.txt 49 55 +embed003i embed.txt 57 64 +embed004w embed.txt 66 71 +embed004i embed.txt 73 $ +fsys001f filesys.txt 2 10 +fsys002w filesys.txt 12 21 +fsys003c filesys.txt 23 26 +fsys004a filesys.txt 28 29 +fsys005a filesys.txt 31 34 +fsys006a filesys.txt 36 39 +fsys007i filesys.txt 41 52 +fsys008f filesys.txt 54 56 +fsys009w filesys.txt 58 60 +fsys010w filesys.txt 62 66 +fsys011a filesys.txt 68 69 +fsys0012w filesys.txt 71 $ +grp001w group.txt 2 3 +grp002w group.txt 5 7 +grp003w group.txt 9 9 +grp004w group.txt 11 12 +grp005w group.txt 14 16 +grp006w group.txt 18 $ +trust001w hpux.txt 2 9 +trust002w hpux.txt 11 $ +inet001e inetd.txt 2 5 +inet002f inetd.txt 7 11 +inet003w inetd.txt 13 17 +inet004i inetd.txt 19 21 +inet005w inetd.txt 23 26 +inet006f inetd.txt 28 41 +inet007w inetd.txt 43 47 +inet008 inetd.txt 49 51 +inet009 inetd.txt 53 55 +inet010i inetd.txt 57 58 +inet011i inetd.txt 60 62 +inet012w inetd.txt 64 68 +inet013w inetd.txt 70 74 +inet014i inetd.txt 76 77 +inet015i inetd.txt 79 81 +inet016f inetd.txt 83 86 +inet017w inetd.txt 88 93 +inet018w inetd.txt 95 100 +inet019a inetd.txt 102 109 +inet020f inetd.txt 111 116 +inet021f inetd.txt 118 123 +inet022w inetd.txt 125 135 +inet023w inetd.txt 137 155 +inet024w inetd.txt 157 162 +inet025w inetd.txt 164 170 +inet026w inetd.txt 172 176 +inet027w inetd.txt 178 182 +inet098w inetd.txt 184 189 +inet099w inetd.txt 191 195 +inet100w inetd.txt 197 204 +xnet001e inetd.txt 206 210 +xnet002e inetd.txt 212 215 +xnet003e inetd.txt 217 221 +xnet004i inetd.txt 223 225 +xnet005i inetd.txt 227 $ +integ001i integrit.txt 2 2 +integ002e integrit.txt 4 7 +integ003wsum integrit.txt 9 10 +integ003w integrit.txt 12 15 +integ004w integrit.txt 17 24 +integ005w integrit.txt 26 $ +issue001w issue.txt 2 4 +issue002w issue.txt 6 $ +kis001a known.txt 2 5 +kis002a known.txt 7 9 +kis003a known.txt 11 14 +kis004w known.txt 16 23 +kis005a known.txt 25 28 +kis006e known.txt 30 32 +kis007a known.txt 34 37 +kis008w known.txt 39 44 +kis009w known.txt 46 53 +kis010w known.txt 55 60 +kis011f known.txt 62 72 +kis012w known.txt 74 82 +kis013a known.txt 84 87 +kis014a known.txt 89 $ +lin001w linux.txt 2 5 +lin002i linux.txt 7 9 +lin003w linux.txt 11 17 +lin004i linux.txt 19 22 +lin005f linux.txt 24 30 +lin006w linux.txt 32 35 +lin007w linux.txt 37 40 +lin008e linux.txt 42 47 +lin009i linux.txt 49 53 +lin010f linux.txt 55 58 +lin011f linux.txt 60 62 +lin012w linux.txt 64 73 +lin013f linux.txt 75 78 +lin014f linux.txt 80 86 +lin015w linux.txt 88 91 +lin016f linux.txt 93 100 +lin017w linux.txt 102 106 +lin018w linux.txt 108 115 +lin019f linux.txt 117 $ +logf001f logfiles.txt 2 5 +logf002f logfiles.txt 7 10 +logf003f logfiles.txt 12 15 +logf004f logfiles.txt 17 20 +logf005f logfiles.txt 22 23 +logf005w logfiles.txt 25 26 +logf006f logfiles.txt 28 31 +logf007f logfiles.txt 33 $ +ca9122f misc.txt 2 7 +ca9122w misc.txt 9 15 +ca9122i misc.txt 17 29 +misc001w misc.txt 31 45 +misc002w misc.txt 47 55 +misc003f misc.txt 57 64 +misc004w misc.txt 66 70 +misc005e misc.txt 72 73 +misc006w misc.txt 75 88 +misc007w misc.txt 90 93 +misc008w misc.txt 95 119 +misc009w misc.txt 121 125 +ca9302a misc.txt 127 133 +misc010w misc.txt 135 157 +misc011w misc.txt 159 161 +misc012e misc.txt 163 164 +misc013w misc.txt 166 171 +misc014w misc.txt 173 186 +misc015w misc.txt 188 197 +misc016w misc.txt 199 206 +misc017w misc.txt 208 216 +misc017f misc.txt 218 221 +misc018w misc.txt 223 225 +misc019w misc.txt 227 230 +misc020f misc.txt 232 233 +misc021w misc.txt 235 236 +misc022f misc.txt 238 239 +misc023w misc.txt 241 243 +misc024e misc.txt 245 250 +misc025e misc.txt 252 $ +ndd001f ndd.txt 2 9 +ndd002f ndd.txt 11 15 +ndd003w ndd.txt 17 21 +ndd004f ndd.txt 23 26 +ndd005w ndd.txt 28 32 +ndd006w ndd.txt 34 37 +ndd007f ndd.txt 39 44 +ndd008f ndd.txt 46 52 +ndd009f ndd.txt 54 61 +ndd010f ndd.txt 63 70 +ndd011w ndd.txt 72 $ +nrc001f netrc.txt 2 8 +nrc002w netrc.txt 10 14 +nrc003w netrc.txt 16 17 +nrc004a netrc.txt 19 22 +nrc005w netrc.txt 24 $ +netw001f network.txt 2 2 +netw002f network.txt 4 6 +netw003f network.txt 8 10 +netw004f network.txt 12 14 +netw005f network.txt 16 17 +netw006f network.txt 19 20 +netw006f network.txt 22 23 +netw007f network.txt 25 26 +netw008f network.txt 28 28 +netw009f network.txt 30 30 +netw010f network.txt 32 32 +netw011f network.txt 34 34 +netw012f network.txt 36 36 +netw013f network.txt 38 38 +netw014f network.txt 40 40 +netw015f network.txt 42 42 +netw016f network.txt 44 44 +netw017f network.txt 46 46 +netw018f network.txt 48 53 +netw019w network.txt 55 58 +netw020f network.txt 60 64 +netw021w network.txt 66 $ +nfs001f nfs.txt 2 5 +nfs002w nfs.txt 7 10 +nfs003w nfs.txt 12 14 +nfs004f nfs.txt 16 19 +nfs005f nfs.txt 21 24 +nfs006f nfs.txt 26 31 +nfs007w nfs.txt 33 37 +nfs008f nfs.txt 39 42 +nfs009f nfs.txt 44 47 +nfs010i nfs.txt 49 57 +nfs011w nfs.txt 59 67 +nfs012w nfs.txt 69 82 +nfs013i nfs.txt 84 96 +nfs014w nfs.txt 98 $ +pass001w passwd.txt 2 3 +pass002w passwd.txt 5 9 +pass003w passwd.txt 11 12 +pass004w passwd.txt 14 16 +pass005w passwd.txt 18 20 +pass006w passwd.txt 22 24 +pass007w passwd.txt 26 27 +pass008e passwd.txt 29 30 +pass009f passwd.txt 32 33 +pass010w passwd.txt 35 36 +pass011f passwd.txt 38 39 +pass012w passwd.txt 41 43 +pass013w passwd.txt 45 46 +pass014w passwd.txt 48 52 +pass015w passwd.txt 54 55 +pass016w passwd.txt 57 58 +pass017w passwd.txt 60 63 +pass018f passwd.txt 65 68 +pass19w passwd.txt 70 72 +pass20w passwd.txt 74 $ +path001w paths.txt 2 5 +path002w paths.txt 7 18 +path003i paths.txt 20 22 +path004w paths.txt 24 29 +path005w paths.txt 31 38 +path006w paths.txt 40 48 +path007w paths.txt 50 53 +path008i paths.txt 55 61 +path009w paths.txt 63 $ +pcap001i pcap.txt 2 4 +pcap002i pcap.txt 6 7 +pcap002w pcap.txt 9 11 +pcap003i pcap.txt 13 15 +pcap003w pcap.txt 17 $ +perm001a permissions.txt 2 4 +perm001f permissions.txt 6 7 +perm001w permissions.txt 9 11 +perm002a permissions.txt 13 16 +perm002f permissions.txt 18 20 +perm002w permissions.txt 22 24 +perm003a permissions.txt 26 29 +perm003f permissions.txt 31 32 +perm003w permissions.txt 34 36 +perm004c permissions.txt 38 40 +perm005a permissions.txt 42 47 +perm006w permissions.txt 49 51 +perm007f permissions.txt 53 57 +perm008w permissions.txt 59 64 +perm009f permissions.txt 66 68 +perm010w permissions.txt 70 77 +perm011w permissions.txt 79 86 +perm012w permissions.txt 88 92 +perm013f permissions.txt 94 96 +perm014a permissions.txt 98 102 +perm015f permissions.txt 104 108 +perm016w permissions.txt 110 113 +perm017w permissions.txt 115 119 +perm018a permissions.txt 121 123 +perm019a permissions.txt 125 127 +perm020w permissions.txt 129 131 +perm021w permissions.txt 133 139 +perm022w permissions.txt 141 143 +perm023a permissions.txt 145 147 +perm024a permissions.txt 149 152 +perm025w permissions.txt 154 159 +perm26f permissions.txt 161 164 +perm27f permissions.txt 166 170 +perm28f permissions.txt 172 178 +perm29f permissions.txt 180 190 +perm30f permissions.txt 192 $ +dev001f pxt.txt 2 2 +dev002f pxt.txt 4 8 +dev003w pxt.txt 10 13 +boot01 pxt.txt 15 16 +boot02 pxt.txt 18 19 +boot03w pxt.txt 21 22 +ptch01f pxt.txt 24 25 +ptch02f pxt.txt 27 28 +ptch03 pxt.txt 30 32 +ptch04w pxt.txt 34 38 +ptch05e pxt.txt 40 45 +osv001f pxt.txt 47 49 +osv002f pxt.txt 51 53 +osv003w pxt.txt 55 57 +osv004w pxt.txt 59 62 +sum001f pxt.txt 64 68 +trip01f pxt.txt 70 $ +curry references.txt 2 4 +garfinkel references.txt 6 $ +rcmd001f rhosts.txt 2 5 +rcmd002f rhosts.txt 7 12 +rcmd003w rhosts.txt 14 16 +rcmd004w rhosts.txt 18 22 +rcmd005i rhosts.txt 24 31 +rcmd006w rhosts.txt 33 42 +rcmd007w rhosts.txt 44 45 +rcmd008a rhosts.txt 47 51 +rcmd009f rhosts.txt 53 56 +rcmd010w rhosts.txt 58 59 +rcmd011f rhosts.txt 61 70 +rcmd012f rhosts.txt 72 74 +rcmd013w rhosts.txt 76 81 +rcmd015w rhosts.txt 83 86 +rcmd016w rhosts.txt 88 92 +rcmd017a rhosts.txt 94 102 +rcmd018a rhosts.txt 104 $ +rootdir001f rootdir.txt 2 4 +rootdir002f rootdir.txt 6 6 +rootdir003f rootdir.txt 8 $ +rootkit001f rootkit.txt 2 6 +rootkit002f rootkit.txt 8 12 +rootkit003w rootkit.txt 14 18 +rootkit004w rootkit.txt 20 23 +rootkit005a rootkit.txt 25 28 +rootkit006a rootkit.txt 30 $ +root001w root.txt 2 5 +root002w root.txt 7 8 +root003w root.txt 10 $ +sig001e signature.txt 2 9 +sig002a signature.txt 11 15 +sig003w signature.txt 17 20 +sig004w signature.txt 22 26 +sig005e signature.txt 28 30 +sig006w signature.txt 32 44 +sig007a signature.txt 46 50 +sig008w signature.txt 52 56 +sig009w signature.txt 58 66 +sig010w signature.txt 68 74 +sig011w signature.txt 76 81 +sig012w signature.txt 83 88 +sig013w signature.txt 90 94 +sig014w signature.txt 96 112 +sig015w signature.txt 114 119 +sig016w signature.txt 121 132 +sig017w signature.txt 134 144 +sig018w signature.txt 146 151 +sig019w signature.txt 153 162 +sig020w signature.txt 164 167 +sig021w signature.txt 169 175 +sig022f signature.txt 177 $ +ssh001w ssh.txt 2 3 +ssh002w ssh.txt 5 8 +ssh003w ssh.txt 10 13 +ssh004w ssh.txt 15 16 +ssh005e ssh.txt 18 $ --- tiger-3.2.2.orig/html/accounts.html +++ tiger-3.2.2/html/accounts.html @@ -0,0 +1,440 @@ +
+

Documents for accounts

+

Code [acc001w]

+The listed login ID is disabled in some manner ('*' in passwd field, etc), +but the login shell for the login ID is a valid shell (from /etc/shells +or the system equivalent). A valid shell can potentially enable the +login ID to continue to be used. The login shell should be changed +to something that doesn't exist, or to something like /bin/false. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc002i]

+The listed login ID is disabled, but has a potentially valid shell. +These can usually be safely ignored. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc003w]

+The listed login ID is disabled in some manner ('*' in passwd field, etc), +but the .forward file is setup to execute programs. This can allow the +login ID to continue to be used despite the fact that it is disabled. +The .forward file should be checked and probably removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc004w]

+The listed login ID is disabled in some manner ('*' in passwd field, etc), +but a non-zero length .rhosts file. This can allow the login ID to continue +to be used. Unless this has been specifically set up to provide some +service, it should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc005w]

+The listed login ID is disabled in some manner ('*' in passwd field, etc), +but has a 'cron' file or 'cron' entries. This allows commands to be executed +on behalf of the login ID, potentially allowing access to the login ID. +These should be removed unless specifically set up to provide a service. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc006w]

+The home directory of the listed login ID has group write permission, +world write permission or both enabled. This allows new files to be added +(and existing files potentially removed) by others. The write permissions +should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc007a]

+The listed login ID has a '.hushlogin' file which is not zero-length. +This file is normally a zero length file. This file is frequently used +by intruders as a place to store captured passwords. This file should +be looked at. If it appears to be such a log file, then the system should +be regarded as being compromised. The system should be thoroughly checked +and cleaned. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc008w]

+The listed login ID has a configuration file which has group write permission, +word write permission, or both enabled. This allows others to change this +file, compromising the login ID. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc009a]

+The login ID 'sync' has no password and the shell is not /bin/sync, which +is what it normally is. This could indicate an intrusion has occurred. +If the shell is one of the normal shells (/bin/sh, /bin/csh, etc), then +this is very likely the situation. The login ID should be disabled, or +the shell reset to '/bin/sync'. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc010a]

+The listed login ID has a user ID of zero (0) and does not have a password. +This could indicate an intrusion has occurred. This should be disabled +immediately and the machine checked and cleaned. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc010aw]

+The listed login ID has a user ID of zero (0) and does not have a password. +This could indicate an intrusion has occurred. This should be disabled +immediately and the machine checked and cleaned. +

+On this system, comments are not allowed in the password file. An attempt +to comment out an entry simply results in a login ID which begins with a +'#'. See message ID 'acc013w' for more information. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc011w]

+The listed login ID does not have a password. Anyone can use this account, +allowing them to explore the system for other security problems. Unless +this is a secure captured account, this should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc011wc]

+The listed login ID does not have a password. Anyone can use this account, +allowing them to explore the system for other security problems. Unless +this is a secure captured account, this should be corrected. +

+On this system, comments are not allowed in the password file. An attempt +to comment out an entry simply results in a login ID which begins with a +'#'. See message ID 'acc013w' for more information. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc012w]

+The listed login ID has a user ID of zero (0) and is not the 'root' +account. This should be checked to see if it is legitimate. In any +case, having login ID's with a user ID of zero tends to lead to security +problems, and should be avoided (except for 'root') +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc012wc]

+The listed login ID has a user ID of zero (0) and is not the 'root' +account. This should be checked to see if it is legitimate. In any +case, having login ID's with a user ID of zero tends to lead to security +problems, and should be avoided (except for 'root') +

+On this system, comments are not allowed in the password file. An attempt +to comment out an entry simply results in a login ID which begins with a +'#'. See message ID 'acc013w' for more information. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc013w]

+On this system, comments are not allowed in the password file. An attempt +to comment out an entry simply results in a login ID which begins with a +'#'. For example: +

+#joeuser:zqa4324x2423x:234:23:Joe User:/home/joeuser:/bin/csh +

+indicates a user with the username '#joeuser'. The account has not +been disabled, it has simply been renamed. Such entries should be +deleted from the system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc014f]

+The root user (UID 0) should not be having "/" (system root directory) +as its home drive. This is a possible security hole. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc015w]

+The listed login ID has a duplicate home directory with another login +ID. This should be remedied to prevent permission problems. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc017w]

+The listed login ID does not have corresponding entries in both the +/etc/passwd and /etc/shadow databases. This may indicate tampering +with either file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc018w]

+The listed administrative login should have an impossible password. +Files owned by this login ID may reside in critical system directories +and compromise of this account could lead to trojan executables in +typical search paths. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc019w]

+The listed login ID may be missing a login program initialization +file. This file controls the behaviour of the login process and of +many important environment variables. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc020w]

+The listed login ID does not have a valid login program or shell. +Usually these are defined in /etc/shells. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc021w]

+The listed login ID appears to be dormant. Files in the home +directory of this user have not been modified in the specified +period of time and after investigation the account may need to +be disabled. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc022w]

+The listed login ID has a home directory which is not accessible. +This should be checked to see if this is due to networking problem +for remote home directories. Without a valid home directory, +the user will end up with / as the home directory. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc023w]

+The user's parent directory does not have the correct administrative +permissions. It generally should not have write access for groups & +others. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [acc024f]

+There is a user in the system (which might or might not have a valid +password) that has not logged into the system since he/she was created. +If the user is not disabled (can log in to the system), the user's +password is the default which might be vulnerable to brute-force attacks +(or might even be empty). +This check is based on the 'lastlog' file, see lastlog(8), if this +file has been reset then these checks might send false positives. --- tiger-3.2.2.orig/html/aide.html +++ tiger-3.2.2/html/aide.html @@ -0,0 +1,101 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for aide

+

Code [aide001i]

+Aide detected no changes. Good. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [aide002e]

+Aide configuration files can make use of variable substitution in a way Tiger +cannot make use of in the current Tiger version. Please supply a custom +configuration file using Tiger_Run_AIDE_CFG_OVERRIDE and/or make sure +no variable substitution is used in the Aide configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [aide003wsum]

+Aide detected changes in filesystem integrity. This line is only the summary. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [aide003w]

+Aide detected, by checking against the files' the attributes in the database, +the file has changed. "Benign" actions, like accessing a file (remember +directories are files too) may have changed it, but it may be part of a breach +of security. Please investigate. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [aide004w]

+Aide detected, by checking against the files' the attributes in the database, +the file has been removed. "Benign" configuration errors of the database +settings may lead to incorporation and checking of for instance temporary +files. Uninstalling software and related files may lead to the same result +when the database was not upgraded before this check. +If the removed file was not a temporary file and not part of legitimately +uninstalled software, it may have been used in a breach of security. +Please investigate. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [aide005w]

+Aide detected, by checking file against the database, the file was not part of +the database. "Benign" actions like installing software and related files or +changes in the configuration file may lead to this result when the database +was not upgraded before this check. If the removed file was not part of +legitimately installed software, it may be in use in a breach of security. +Please investigate. --- tiger-3.2.2.orig/html/aliases.html +++ tiger-3.2.2/html/aliases.html @@ -0,0 +1,127 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for aliases

+

Code [ali001i]

+The indicated alias is a program alias, but the indicated program doesn't +appear to exist. This indicates either a configuration error or an old +entry which should be removed. This is just an informatory message. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali002f]

+The 'uudecode' alias is a known security problem and should be disabled. +It allows files to be created/overwritten on the machine. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali003]

+The indicated alias is a program alias, but the executable is not owned +by root. This may allow the owner of the executable (or anyone gaining +access to that login ID) to gain unauthorized privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali004]

+The indicated alias is a program alias, but the executable has group +write permission, world write permission or both. This allows others +to replace/modify the executable, possibly allowing them to gain +unauthorized privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali005w]

+The indicated alias is a program alias. Program aliases should be +used with care, as they can provide unauthorized entry into the +system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali006i]

+The indicated alias attempts to include a file, but the file does +not exist. This is indicates either a misconfiguration, or an +old entry which should be removed. This is just an informatory message. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali007]

+The indicated alias includes a file which is not owned by root. +This may allow the owner of the included file (or anyone gaining +access to that login ID) to gain unauthorized privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ali008]

+The indicated alias includes a file which has group write permission, +world write permission or both. This allows others to add or modify +entries in the file, possibly gaining unauthorized privileges. --- tiger-3.2.2.orig/html/anonftp.html +++ tiger-3.2.2/html/anonftp.html @@ -0,0 +1,269 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for anonftp

+

Code [ftp001i]

+There doesn't appear to be an anonymous ftp setup on this machine, +and hence there is nothing to check. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp002a]

+There is a .rhosts file in the top level of the anonymous ftp +directory. This can allow unauthorized 'rlogin's or 'rsh's to +occur to the ftp account. This indicates a possible intrusion. +The contents of the file are listed immediately following the message. +The machine should be checked for other signs of intrusion and should +be cleaned up. The .rhosts file should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp003w]

+The etc/passwd file in the anonymous ftp directory appears to +contain valid entries in the password field. If these are valid, +then the file can be retrieved and a password cracking program +run against it. The etc/passwd file in the anonymous ftp directory +should simply have a '*' in the password field, and should only +include entries for the 'ftp' and 'root' accounts. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp004w]

+Anonymous ftp appears to be setup on this machine, but the directory +field in the password field is empty. This exposes the entire machine +to anonymous users, allowing them to browse looking for security +problems. A specific (not /) directory should be specified. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp005f]

+The anonymous ftp directory is set to the root directory (/). This +exposes the entire machine to anonymous users, allowing them to browse +looking for security problems. The directory should be set to a +hierarchy that doesn't allow access to system or user files. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp006w]

+Anonymous ftp appears to be setup, but the directory indicated as +the ftp directory does not exist. This indicates either a misconfiguration +or an old setup. This should be corrected by either correcting the +directory name, or deleting the ftp account. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp007f]

+The indicated file is owned by the 'ftp' account and is writable. This +may allow unauthorized access to the machine. The indicated file should +be owned by 'root' and not writable by group or world. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp007w]

+The indicated file is owned by the 'ftp' account and is writable. This +allows anonymous ftp users to modify this file, possibly compromising +the system. The indicated file should be owned by 'root' and not writable +by group or world. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp008f]

+The indicated file is owned by the 'ftp' account, but is not currently +writable. Since it is often possible to change the permissions through +ftp, it may still be possible to modify the file, possibly allowing +an intruder to gain unauthorized access. The indicated file should +be owned by 'root' and not writable by group or world. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp008w]

+The indicated file is owned by the 'ftp' account, but is not currently +writable. Since it is often possible to change the permissions through +ftp, it may still be possible to modify the file, possibly compromising +the system. The indicated file should be owned by 'root' and not writable +by group or world. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp009w]

+The indicated file is not owned by root. This may allow unauthorized +access to the system. The owner of the file should be root and the +group and write permissions removed. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp010f]

+The indicated file is writable by the 'ftp' account. This may allow +an intruder to gain unauthorized access. The group and write permissions +should be removed. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp010w]

+The indicated file is writable by the 'ftp' account. This may allow +the system to be compromised. The group and write permissions should be +removed. +

+See CERT advisory CA-93:10 for information on setting up an anonymous +FTP server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ftp011w]

+The 'ftp' account appears to have a valid shell. A valid shell is not +required for the 'ftp' user and can be safely set to /bin/false, +/sbin/nologin, etc. --- tiger-3.2.2.orig/html/background.html +++ tiger-3.2.2/html/background.html @@ -0,0 +1,50 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for background

+

Code [rationale]

+

+The primary rationale behind many of the checks performed by `Tiger' +is to protect the super-user account. The assumption made is that any +other account or any group can be accessed. The goal is to protect +`root' from all accounts, even system accounts. +

+The reasons for these assumptions are varied, but they all fall back +to one thing. The `root' (uid=0) account is the only account that is +normally given special protection by services. Examples: +

+(In the following discussion, a network is considered to be a set of +machines, networked together, with trusted host facilities such as +/etc/hosts.equiv or NFS.) +

+o The Berkeley r-cmds (rlogin, rsh) will not honor /etc/hosts.equiv +for the super-user account. This protects a network of trusted +machines should one of them be compromised. +

+o NFS (Network File System, SMI) translates requests from super-user +accounts to requests from `nobody' (although this can be overridden). +As before, this attempts to protect a network of NFS'd machines should +one of them be compromised. +

+Other accounts are not protected in this way, including system +accounts such as `bin' and `daemon'. Once one of the accounts is +compromised on one machine on a network, the account is compromised on +all of the machines in the network. Often these system accounts are +considered safe and are trusted to own system executables, directories +and files. This is not true in a networked environment. Note that +simply disabling the account, or even deleting the account will not +remove the problem. +

+Hence, `Tiger' will report anything not owned by `root' which root +accesses, especially executables. One of the problems with this is +setuid executables which are setuid to a userid other than root. The +ownership can not be changed (if it is, it will no doubt create worse +security problems). A solution to this problem will be provided in +the future. --- tiger-3.2.2.orig/html/config.html +++ tiger-3.2.2/html/config.html @@ -0,0 +1,423 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for config

+

Code [con001c]

+The configuration file listed was not read because it was +a directory. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con002c]

+The configuration file listed was not read because it was +not owned by `root'. This is to prevent someone from +modifying the configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con003c]

+The configuration file listed was not read because it was +writable by non-root users. This is to prevent someone from +modifying the configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con004c]

+Informational message describing which configuration files are +being used during the checks. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con005c]

+Configuration files, specific to the type of system that `tiger' is being +run on, do not exist. It may not be possible to perform all of the checks +due to the lack of certain files. Some checks that are performed may +also generate incorrect or incomplete information. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con006e]

+The indicated option was not recognized. The valid options are: +

+-B tiger_home Specify tiger home directory +

+-d directory Specify directory to create security logs in +

+-w directory Specify directory to use for scratch files +

+Insert explanations into output +

+Generate separate explanation report +

+-S Perform partial checks of disk-less client +

+configuration files on server. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con007c]

+Generic configuration files for this system do not exist. The +checking system will continue on, attempting to locate items it +needs, and using default configuration files. Many checks will +not be performed, and many that are attempted may function +incorrectly, generating incorrect output. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con008e]

+Generic configuration files for this system do not exist. The +checking system attempted to continue on, but could not locate +the default configuration files either. This is an installation +problem. It may be necessary to indicate the location of the +tiger files using the '-B' option. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con009e]

+There doesn't exist a configuration variable or it is not properly +defined. Since the variable is needed for the module to run, it +will probably exit. This is a configuration problem. It is +necessary to add the variable to the tigerrc configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [con010c]

+The filesystem is not recognised by Tiger as a local filesystem +for this operating system and will not be analysed by it. If this +is a local filesystem then the configuration script for this +operating system needs to be modified. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init001e]

+The indicated variable, which should specifies the pathname to a command, +does not have a value. This message should not appear on platforms +for which support is listed. If it does appear, then for the missing +commands, if you know the name of the command, then simply place it +into the environment and rerun the checking system. +

+setenv AWK /usr/bin/awk +

+./tiger +

+Or alternately, create a 'site' configuration file and insert an +assignment statement in there of the form: +

+AWK=/usr/bin/awk +

+

+
+
+
+
+
+
+
+
+
+
+
+

Code [init002e]

+The required configuration script was not found in the listed directory. +The programs can not run without this script. The '-B' switch can +be used to specify the directory containing the configuration script. +

+./tiger -B path_to_tiger_home +

+

+
+
+
+
+
+
+
+
+
+
+
+

Code [init003c]

+Output when run in `self-test' mode indicating that everything appears +to be OK as far as having all commands and files. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init004e]

+The indicated command does not exist or is not executable. This +indicates a configuration error. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init005e]

+The indicated variable, which should contain the pathname to an +input file or work directory does not have a value. This indicates +that either full support is not available for this platform, +or that there is a configuration error. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init006e]

+An input file required for performing a test is not available. This +indicates that there is a configuration error. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init007e]

+A required variable does not have a value. This indicates either +incomplete support this platform or a configuration error. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init008e]

+An attempt was made to run one of the support scripts directly. +These scripts can only be invoked by the top level scripts. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [init009e]

+The script wanted to use a temporary script which already exists, this +might mean somebody created it to make use of a (fortunately non-existent) +race condition. The script will not proceed further since it will not +use a file which it did not create itself. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [util001e]

+The attempt to compile the signature checking program (SNEFRU) failed. +This will prevent the tests of the integrity of system binaries from +being performed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [util002e]

+The attempt to compile the program for resolving symbolic links failed. +This will prevent the checks of symbolic links from being performed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [post001e]

+The listed file was not deleted because it was not in the scratch +directory. This indicates an internal error. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [read001i]

+The indicated file exists, but can not be read. This usually happens +if you do not run the scripts from an account with super-user privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [run001e]

+A needed file cannot be read, probably due to insufficient privileges. +Make sure that Tiger is run by the superuser (root) account. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [run002e]

+A needed command cannot be executed, probably due to insufficient privileges. +Make sure that Tiger is run by the superuser (root) account. --- tiger-3.2.2.orig/html/cron.html +++ tiger-3.2.2/html/cron.html @@ -0,0 +1,124 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for cron

+

Code [cron001w]

+The listed cron entry does not use a full pathname for the listed command +(or if a shell is specified, the name of the shell script). Full pathnames +should be used for cron entries. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [cron002]

+The listed cron entry uses an executable or file which is not owned +by the owner of the cron entry, and is also not owned by a system +account (root or bin, etc). For root cron entries, these are especially +dangerous. Note that the actual problem may be with a directory in +the path to the file, not the file itself. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [cron003]

+The listed cron entry uses a file or executable which has group write +permissions, world write permissions or both. This can allow the +system to be compromised. For root cron entries, this is especially +dangerous. Note that the actual problem may be with a directory in +the path to the file, not the file itself. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [cron004w]

+There is no crontab for the superuser account this is not in itself +an error since many systems might ship without one and use other +methods (/etc/cron* files) to run programs as root. However, if there +is no method for root to run scripts some system checking scripts +(like tiger) might not get executed at all. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [cron005w]

+Cron allows users to submit jobs for the system to do at a +particular, possibly recurring time. It can be very useful, but also +has a very real potential for abuse by either users or system crackers. +Users can be restricted to use cron by creating a /etc/cron.allow +(holding only system administrators) or a /etc/cron.deny file +(listing which users are not allowed access). Depending on the site +configuration if none exist either only root will be able to setup +cron tasks or all users will be permitted. In many systems the +default is to allow access to all users. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [cron006w]

+Cron is not restricted to a given user. It is usually good to restrict +cron as much as possible since this system has a real potential by +abuse by either users or system crackers. Consider removing the user +from the allowed cron list if it is not strictly needed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [cron007i]

+Cron is restricted to a given user. This is usually good, since +restricting cron prevents this system from being +abused by either users or system crackers. --- tiger-3.2.2.orig/html/debian.html +++ tiger-3.2.2/html/debian.html @@ -0,0 +1,17 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for debian

+

Code [deb001e]

+The package installed in this systems suffers from a security problem +which has been notified in a Debian Security Advisory. Update your +system against the latest available version from security.debian.org +Read http://www.debian.org/security/ on how to automatically upgrade +your system to the latest security fixes. --- tiger-3.2.2.orig/html/embed.html +++ tiger-3.2.2/html/embed.html @@ -0,0 +1,186 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for embed

+

Code [embed]

+The embedded references are formatted as +

+pathname_1->pathname_2->pathname_3... +

+which indicates that pathname_1 is a string embedded in the +binary pointed to by pathname_2, which in turn is a string +embedded in pathname_3. Or, to read it the other way around, +pathname_3 refers to pathname_2 which refers to pathname_1. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed001w]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The indicated pathname to an executable contains a component which is not +owned by root. This can enable an intruder to gain unauthorized privileges +if they are able to replace the binary. See the 'rationale' explanation +for a discussion of the reasons that executables run by root should be +owned by root. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed001i]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The indicated pathname to a file or directory contains a component which +is not owned by root. This may indicate a vulnerability in the system. +It will be necessary to study the programs in which the pathname was +found to determine whether there is a problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed002w]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The indicated executable is not owned by owned by root. This can +enable an intruder to gain unauthorized privileges if they are able to +overwrite the executable. See the 'rationale' explanation for a +discussion of the reasons that executables run by root should be owned +by root. +

+Note that if the executable is setuid to a non-root ID, then the +ownershop should *NOT* be changed to root unless the setuid bit +is also removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed002i]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The indicated file or directory is not owned by root. This may +indicate a vulnerability in the system. It will be necessary to study +the programs in which the pathname was found to determine whether +there is a problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed003w]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The indicated pathname to an executable contains a component which +is group writable, world writable or both. This can enable an intruder +to gain unauthorized privileges if they are able to replace the +executable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed003i]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The indicated pathname to a file or directory contains a component +which is group writable, world writable or both. This may indicate a +vulnerability in the system. It will be necessary to study the file +and programs in which the pathname was found to determine whether +there is a problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed004w]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The executable is group writable, world writable or both. This can +enable an intruder to gain unauthorized privileges if they are able to +overwrite the executable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [embed004i]

+See the 'embed' explanation for an explanation of the format of the +embedded references. +

+The file or directory is group writable, world writable or both. This +may indicate a vulnerability in the system. It will be necessary to +study the file and programs in which the pathname was found to +determine whether there is a problem. --- tiger-3.2.2.orig/html/filesys.html +++ tiger-3.2.2/html/filesys.html @@ -0,0 +1,216 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for filesys

+

Code [fsys001f]

+The listed file is a setuid script. On most UNIX machines, it is not +possible to write a secure setuid script, due to a race condition in +the Operating System. Even on systems where this is corrected, the +difficulties in writing a truly secure setuid script make them very +undesirable. The setuid bits should be turned off of this file. +

+If you must run a script under another id, then perhaps the best +solution is to write a wrapper program in C which creates a safe +environment for the script, then exec()'s it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys002w]

+The listed program is a setuid executable, and it appears to contain +relative pathnames (do not start with a '/'). This often represents +a security hole in the program. These relative pathnames can be caused +by system()* or popen()* calls which do not use full pathnames to the +executable, or, on systems which support dynamic linking, relative +pathnames indicating the directories containing the libraries. In any +case, these need to be checked. +

+*Note: system() and popen() should *never* be used from a program +which is executing with privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys003c]

+The database of setuid programs for this platform does not exist, thus +all setuid programs will be listed. When fully configured for a +platform, only those setuid programs that do not appear in the +distribution will be listed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys004a]

+The listed programs are setuid, but are not in the database of +setuid programs which appear in the OS distribution. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys005a]

+The listed file has an unusual filenames. These include files with +multiple leading '.', filenames with spaces, etc. The variable +FS_FILES can be set in the 'tigerrc' file to specify the filename +patterns which are reported. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys006a]

+The listed files are device files that are located in non-standard +locations. These should be checked. The variable FS_DEVDIRS can +be set in the 'tigerrc' file to specify other directories which can +contain device files. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys007i]

+The indicated file is a symbolic link to a system file which is +related to system security. In itself, the link is not dangerous, +but you should be aware of its presence, as it can cause unexpected +results with the 'chown' and 'chmod' commands. On many systems, the +'chown' command does not change the owner of the link itself, but +instead, changes the ownership of the file the link resolves to. +The same type of problem exists for 'chmod' on most systems. Thus, +the simple act of performing a +

+chown -R joeuser /home/joeuser +

+could potentially change the owner of a system file to 'joeuser'. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys008f]

+The listed directories are world writable. These provide a location +for intruders to store files. They should be checked for unusual +files. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys009w]

+An FSP server control file has been located. This indicates that +an FSP server may be running, or have been running, using the +directory containing the listed file as its base. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys010w]

+The listed file is a setgid script. On most UNIX machines, it is not +possible to write a secure setgid script, due to a race condition in +the Operating System. Even on systems where this is corrected, the +difficulties in writing a truly secure setgid script make them very +undesirable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys011a]

+The listed programs are setgid, but are not in the database of +setgid programs which appear in the OS distribution. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [fsys0012w]

+The listed program is not owned by an administrative user. The +majority of SUID programs should probably be owned by an +administrative user. --- tiger-3.2.2.orig/html/group.html +++ tiger-3.2.2/html/group.html @@ -0,0 +1,91 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for group

+

Code [grp001w]

+The indicated group name exists multiple times in the same group file. +This indicates a configuration problem which should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [grp002w]

+The indicated group id (gid) exists multiple times in the same group file. +This indicates a configuration problem which should be corrected. Failure +to do so could allow unexpected access to resources. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [grp003w]

+The listed entry does not have the correct number of fields (4). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [grp004w]

+The indicated group name exists in separate group files, but the group +id's are different. This can lead to unexpected access to resources. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [grp005w]

+The indicated group id (gid) exists in separate group files, but the +group names are different. This can lead to unexpected access to +resources. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [grp006w]

+The group files have integrity issues as found by 'grpck -r'. This +can lead to looping of password manipulation programs and to allow +unexpected access to resources. --- tiger-3.2.2.orig/html/hpux.html +++ tiger-3.2.2/html/hpux.html @@ -0,0 +1,40 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for hpux

+

Code [trust001w]

+Many additional security features are available when running the +system in trusted mode. It is recommended that you enable trusted +mode through SAM. You can find more information on the major +differences between trusted and non-trusted modes in the HP-UX FAQ +http://www.faqs.org/faqs/hp/hpux-faq/section-68.html +and at the HP document "Administering your HP-UX Trusted System" +(B2355-90121) available at +http://docs.hp.com/hpux/onlinedocs/B2355-90121/B2355-90121.html +

+
+
+
+
+
+
+
+
+
+
+
+

Code [trust002w]

+When the system is in trusted mode, HP-UX can enforce a default +number of login attempts before the account is disabled. This +is useful for preventing potential intruders from brute forcing +and/or guessing passwords. Since limiting the number of logins +can also be used as a Denial of Service attack, the number of +login attempts is configurable on a per-user basis. Read the +default(4) and modprpw(1M) man pages for additional information. --- tiger-3.2.2.orig/html/inetd.html +++ tiger-3.2.2/html/inetd.html @@ -0,0 +1,648 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for inetd

+

Code [inet001e]

+One or the other of the two listed files are unavailable. These +files are required for the checks to proceed. This either indicates +an incorrect configuration, or that a port to this machine has not +been completed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet002f]

+The indicated service is assigned to the wrong port. This indicates +either a misconfiguration in the services database, or a possible +sign of an intrusion. This should be checked and corrected. If it +is not apparent why it is like this, the system should be checked +for other signs of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet003w]

+The indicated port number is assigned to another service. This +indicates either a misconfiguration in the services database, or a +possible sign of an intrusion. This should be checked and corrected. +If it is not apparent why it is like this, the system should be +checked for other signs of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet004i]

+The indicated service has been added to the services database +as distributed. These are normal output, but you should be +familiar with what is there, and note any changes. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet005w]

+'inetd' is using the indicated binary for the listed service instead +of what is normally expected there. Unexpected differences should +be checked, and if anything unusual is found, the system should +be checked for other signs of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet006f]

+The 'rexd' (or 'exec') service is very insecure and should never be +enabled. Known rexd servers have little or no security in their design +or implementation. Intruders can exploit this service to execute +commands as any user. +

+It should be disabled immediately by editing the inetd.conf file +and removing the 'rexd' entry, and sending a HUP signal to the +'inetd' process. +

+For AIX systems, CERT Advisory CA-92:05 is applicable. +

+Notice that some intruders may turn on a service +that you previously thought you had turned off, or replace +the inetd program with a Trojan horse program. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet007w]

+'inetd' is using the indicated executable for a port other than +what would normally be expected for this port. This may indicate +a backdoor into the system and should be checked. If anything +unusual is found, the system should be checked for other signs +of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet008]

+The owner of the indicated executable is not 'root'. The owner +of the executable should be root in order to reduce the possibility +of it being altered or replaced. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet009]

+The indicated executable is group writable, world writable or both. +The executable should be owned by root and writable only by the +owner. This reduces the possibility of it being altered or replaced. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet010i]

+The program listed in the `inetd' configuration file does not +exist or is not executable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet011i]

+The listed entry is a local addition to the `inetd.conf' file. +This should be checked to see if it is a valid addition. If it +is not, it should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet012w]

+The 'systat' service is enabled, this system provides a considerable +number of information to remote anonymous users. +Consider disabling it by editing the inetd.conf file, +removing the 'systat' entry, and sending a HUP signal to the +'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet013w]

+The 'netstat' service is enabled, this system provides a considerable +number of information to remote anonymous users. +Consider disabling it by editing the inetd.conf file, +removing the 'netstat' entry, and sending a HUP signal to the +'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet014i]

+The listed entry was protected by tcp wrappers by the default installation +and is currently protected this way too. This is a good thing! +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet015i]

+The listed entry has been modified in order for it to be protected +by using tcp wrappers. This has been changed from default installation +(which did not provide it) but is probably a better setup. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet016f]

+The listed entry was protected by tcp wrappers by the system but has, +for some unknown reason, changed to no longer be protected by them. Make +sure that the service is secured since, if not using tcp wrappers, +access control for it might be disabled. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet017w]

+The inetd configuration file permissions is not 600. This is the recommended +setting by CERT's 'UNIX Security Checklist v2.0'. You should check that the +file permissions on that file are correct. +If an attacker can access the file due to lack of file permissions it might +enable him to add new lines to the file which would, when inetd is restarted, +allow him to introduce backdoors in the system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet018w]

+The inetd configuration file can be written by any user of a given group since +the file permissions ensure this. If the group is not an administrative group +you should consider changing its permissions to 600. +If the group includes untrusted users, one of them could +add new lines to the file which would, when inetd is restarted, +allow him to introduce backdoors in the system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet019a]

+The inetd configuration file can be written by any user of the system. +This makes it possible for any user to add new lines to the file which +would, when inetd is restarted, allow him to introduce backdoors in the +system. +You should review your inetd configuration file to determine if there are +suspicious services enabled since this might indicate that an intrusion +has taken placed on the system. Also change the file permissions to restrict +this misuse. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet020f]

+The inetd configuration file is not owned by root which is usually the owner +of this file in most systems. This might indicate that the system has +been affected by an intrusion and permissions of both the file and +the directory it is stored in should be reviewed. Also review the content +of this file in order to check if there are suspicious services enabled +since this might indicate that an intrusion has taken place. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet021f]

+TCP wrappers do not seem to be installed in the system since the 'tcpd' program +is not found in the system. Tcp wrappers allows you to monitor and filter +incoming requests for common network services (through the use of the +hosts.allow and hosts.deny files) and can be used to 'wrap' services either +running through the inetd or in rc.d files. +It is available via anonymous FTP from: ftp://ftp.porcupine.org/pub/security/ +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet022w]

+The tftpd service is enabled, disable tftp if not needed by +commenting it out from the file /etc/inetd.conf and restarting the +inetd process. +

+If the tftpd service is required, create a separate partition to +store the files to be served by tftp and limit the tftp daemon +to the directory where this partition is mounted. Also make sure +that the files in the tftpd area are not writable. +

+If it is not required, disable it by editing the inetd.conf file, +removing the 'tftp' entry, and sending a HUP signal to the 'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet023w]

+The 'finger' service is enabled, this system provides a considerable +number of information to remote anonymous users. An +intruder can obtain quite a number of information about a remote host. +Also, if improperly configured it can be used to create a 'finger war' +DoS loop and can be used to do indirect finger requests +(that is contact remote servers when a remote user sends a request +for 'user@other_host@your_host') +

+You should make sure that you have an up-to-date version of fingerd. +Do not use a version of fingerd that is older than 16 October, 2000. +For more information consult the AusCERT ESB available at +ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2000.286 +

+Consider disabling it unless it is considered essentially +by editing the inetd.conf file, removing the 'finger' entry, +and sending a HUP signal to the 'inetd' process. +

+If you cannot remove finger consider reducing the content by replacing +it with a version which only offers restricted information. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet024w]

+The 'rusers' service is enabled, this system provides a considerable +number of information to remote anonymous users. +

+Consider disabling it by editing the inetd.conf file, +removing the 'rusers' entry, and sending a HUP signal to the +'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet025w]

+The 'echo' and 'chargen' UDP servers are potentially problematic +since they can be used to setup ping-pong DoS attacks targeted at +other systems by means of IP address spoofing. +

+Consider disabling it by editing the inetd.conf file, +removing the 'echo' and/or 'chargen' entries, and sending a HUP signal to the +'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet026w]

+The linuxconf service can be utilized for remote administration. +

+Consider disabling it by editing the inetd.conf file, +removing the 'linuxconf' entry, and sending a HUP signal to the +'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet027w]

+The 'identd or auth' service is enabled, this system provides a considerable +number of information to remote anonymous users. +

+Consider disabling it by editing the inetd.conf file, removing the 'auth' entry, +and sending a HUP signal to the 'inetd' process. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet098w]

+Services that pass sensitive information (including passwords) should +be replaced with the family of programs that comprise secure shell (ssh) +which use strong encryption based on public-key cryptography. +

+You can use the freely-available OpenSSH implementation at +http://www.openssh.org +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet099w]

+The indicated service is not protected by tcp wrappers or xinetd access +control. The use of this facility is encouraged to limit access and to +improve logging. +The listed entry was protected by tcp wrappers by the default installation +and is currently protected this way too. This is a good thing! +

+
+
+
+
+
+
+
+
+
+
+
+

Code [inet100w]

+The inetd services does not have logging enabled. Adding logging to the +inetd services will help identify potential mis-use of system system resources. +

+To enable logging for the inetd service add the -l option in the inetd startup +scripts. +

+To enable logging for the xinetd services add the log_type, log_on_success +and/or log_on_failure to the /etc/xinetd.conf file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [xnet001e]

+The script cannot find an xinetd configuration file in this system. This +might happen if Xinetd is not installed of if the XINETDCONF configuration +variable is not properly defined. The script will try to find this configuration +file in standard locations (/etc/xinetd.conf) but if it's not there +you will need to define it in the siterc configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [xnet002e]

+A directory which is being included by the XINETDCONF configuration file +is not really a directory. This prevents the script from analysing all +the active services and might be a configuration issue. Please check +Xinetd's configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [xnet003e]

+The script cannot read the xined configuration file in this system. This +should not usually happen since the script should be running with +root privileges. In order to analyse the configuration file you need +to run this script as a user who can read all the Xinetd configuration +files. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [xnet004i]

+The service is enabled in the Xinetd configuration file. You should verify +that services enabled in the server are legitimate and consider disabling +unused services in order to minimise exposure (and associated risk) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [xnet005i]

+The service is disabled in the Xinetd configuration file. This is usually +a good thing, since this limits exposure of the server and prevents +external attacks. --- tiger-3.2.2.orig/html/integrit.html +++ tiger-3.2.2/html/integrit.html @@ -0,0 +1,103 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for integrit

+

Code [integ001i]

+Integrit detected no changes. Good. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [integ002e]

+Integrit configuration files can make use of variable substitution in a way +Tiger cannot make use of in the current Tiger version. Please supply a custom +configuration file using Tiger_Run_AIDE_CFG_OVERRIDE and/or make sure +no variable substitution is used in the Integrit configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [integ003wsum]

+Integrit detected changes in filesystem integrity. This line is only the +summary. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [integ003w]

+Integrit detected, by checking against the files' the attributes in the +database, the file has changed. "Benign" actions, like accessing a file +(remember directories are files too) may have changed it, but it may be part +of a breach of security. Please investigate. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [integ004w]

+Integrit detected, by checking against the files' the attributes in the +database, the file has been removed. "Benign" configuration errors of the +database settings may lead to incorporation and checking of for instance +temporary files. Uninstalling software and related files may lead to the +same result when the database was not upgraded before this check. +If the removed file was not a temporary file and not part of legitimately +uninstalled software, it may have been used in a breach of security. +Please investigate. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [integ005w]

+Integrit detected, by checking file against the database, the file was +not part of the database. "Benign" actions like installing software and +related files or changes in the configuration file may lead to this result +when the database was not upgraded before this check. If the removed file +was not part of legitimately installed software, it may be in use in a +breach of security. +Please investigate. --- tiger-3.2.2.orig/html/issue.html +++ tiger-3.2.2/html/issue.html @@ -0,0 +1,31 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for issue

+

Code [issue001w]

+The /etc/issue file does not have the designated content. This file +is often used as a local login banner and should contain appropriate +content, often an unwelcome message. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [issue002w]

+The /etc/issue.net file does not have the designated content. This file +is often used as a network login banner by programs and should contain +appropriate content, often an unwelcome message. --- tiger-3.2.2.orig/html/known.html +++ tiger-3.2.2/html/known.html @@ -0,0 +1,269 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for known

+

Code [kis001a]

+The indicated file is a directory. The file is a known location used +by intruders. This should be considered a sign that this system +has been compromised. The system should be checked for other signs +of intrusion and cleaned up. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis002a]

+The indicated file is a known location used by intruders. This should +be considered a sign that this system has been compromised. The system +should be checked for other signs of intrusion and cleaned up. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis003a]

+The indicated window server directory contains files other than UNIX +data-gram sockets. This should be considered a sign that this system +has been compromised. The system should be checked for other signs +of intrusion and cleaned up. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis004w]

+The 'lost+found' directory (one exists for each file system) is used +by the `fsck' program as a directory for re-linking "dangling" files +during the file system check. These directories should be checked when +a file system check is not clean and files recovered from here. This +directory is also used by intruders to store files, as it is often +ignored. The files found here should be checked. If any unusual files +are found, the system should be checked for other signs of intrusion. +In any event, the 'lost+found' directories should be kept clean. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis005a]

+The /bin/login program appears to have a back-door installed. The +program should be compared against distribution media and replaced +if it has been altered. The system should be checked for other +signs of intrusion and cleaned. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis006e]

+The attempt to compile the program to check the setuid() system +call failed for some reason. This will prevent the test from +occurring. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis007a]

+The setuid() system call succeeded even though the user was not +root. This most likely indicates that the system has been compromised +and the OS altered. A new kernel should be installed and the machine +rebooted. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis008w]

+The indicated file in the system mail spool does not have a name which +matches the owner. This indicates either an attempt to create a mailbox +for another user (allowing someone else to read that persons mail), +or that the mail spool is being used to store files. These files should +be checked, and if unusual, the system should be examined for other signs +of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis009w]

+There is an .exrc file outside of any user's home directory. This file can +be loaded inadvertently by a user if executing an editor in that directory +and could introduce unexpected commands through it. +Note that in all modern versions of vi, you have to set the exrc option +in your home's directory .exrc file before vi will read the exrc in +the current directory (using 'set exrc'). +If you are using an old version of vi or users have this option enabled, +however, commands in .exrc might compromise the security of your system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis010w]

+The indicated file in the system mail spool does not belong to any user +in the system. This might indicate that a user has been removed but not his +mailbox or that this mailbox has been created wrongly. These files should +be checked and, if belonging to former users, removed. +(Note: this warning will be given too if, for some reason, the user running +Tiger cannot access the user database) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis011f]

+A server in the system (that is, a process with a listening socket towards +the Internet) or its parent process has an open file which has been removed +from the system. This might be a usual behaviour in the process or it might +be an indication of an intruder that has executed a backdoor in the system +(which opens a connection to accept requests from the Internet) and has +later removed the program from the system so that it cannot be traced back +to him. +This also can happen if a local service is using shared libraries which have +been upgraded but the service itself has not been restarted in order to +use the new libraries. Notice that if there was a vulnerability in the +library and the server is not restarted the system is still vulnerable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis012w]

+An application in the system is using a deleted file. This might be an +indication of an intruder executing rogue processes and removing the files +from disk so that they cannot be traced or detected by the local administrator. +This has been observed both in intruders running password cracking programs +or worms propagating through remote attacks. +This also can happen if a local application is using shared libraries which have +been upgraded but the service itself has not been restarted in order to +use the new libraries. Notice that if there was a vulnerability in the +library and the server was not restarted the system is still vulnerable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis013a]

+A interface is set up on promiscuous mode, this is a common method +used by attackers to capture user account and and password information. +For related information, see CERT advisory CA-94:01 available in +http://www.cert.org/advisories/CA-94.01.ongoing.network.monitoring.attacks.html +

+
+
+
+
+
+
+
+
+
+
+
+

Code [kis014a]

+A shell entry (/bin/sh or /bin/csh) has been defined in inetd.conf, this is +a common method used by attackers to introduce system backdoors and may +exploits run the following code: +

+echo 'ingreslock stream tcp nowait root /bin/sh sh -i' > /tmp/bob; /usr/sbin/inetd -s /tmp/bob +

+You should check all if the inetd running in the system is using a modified +configuration file and check all the programs specified in either that +configuration file or /etc/inetd.conf to verify that they are correct +and have not been replaced by Trojan horse programs. +Also check for legitimate services that you have commented +out in your /etc/inetd.conf. Intruders may turn on a service +that you previously thought you had turned off, or replace +the inetd program with a Trojan horse program. --- tiger-3.2.2.orig/html/linux.html +++ tiger-3.2.2/html/linux.html @@ -0,0 +1,355 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for linux

+

Code [lin001w]

+A program installed in your system has probably been not installed +by a package of your Linux packaging system. If this binary has +been installed by the administrator note that /usr/local/ is the +place for this files. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin002i]

+Installed processes listening on Internet interfaces must be +tightly controlled since they are the "open doors" to the +outside. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin003w]

+Processes that have not been run by root are listening on +interfaces open to the outside. This processes might have been +run by root and changed uids or might be rogue processes. +Confirm if their presence is necessary. +Notice that sometimes services open sporadic UDP listeners to +receive DNS requests, if you receive reports on open UDP services +that later on are closed this might be a false positive. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin004i]

+Netstat can be used instead of lsof in order to provide information +on listening processes, however it will provide less info since it +cannot determine the process (or PID) associated with the open socket +or the user that runs it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin005f]

+In Debian systems, checksums are stored in /var/lib/dpkg/info/ +if the md5sum of a file differs from the checksum of installed packages +it might be due to changes made by the system administrator (for +example, files in /etc) by everyday use of by a possible intruder +(who might have placed a trojan instead of the checked file) +Be forewarned, an attacker might have modified this info files +(they are not protected against this) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin006w]

+A file installed by a package no longer exists in the system and +cannot be checked for. An administrator should not remove files from +the system, they should be removed uninstalling the packages that +provided them. This is an unusual behavior. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin007w]

+In the default configuration of many GNU/Linux distributions users can +reboot the machine pressing Ctrl+Alt+Delete while in console mode. This can +be considered a security risk if an attacker can easily taken down the +server from console. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin008e]

+The /proc pseudo-filesystem is needed to check the network configuration +settings in the kernel and determine insecure setups. /proc is available +when the kernel is compiled with the CONFIG_PROC_FS=Y option (if you want +to modify them you also need to add the CONFIG_SYSCTL=Y option). You also +need to have it mounted, if it's not try: 'mount -t proc proc /proc'. +This is usually done in most distributions per default. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin009i]

+The kernel will answer (per configuration) to ICMP echo requests in any +interface. You might want to configure it to not answer to this requests +and thus make it more "invisible". Do it with: +# sysctl -w net.ipv4.icmp_echo_ignore_all=1 +Note, however, that this violates RFCs. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin010f]

+The system will answer to ICMP broadcast echo messages. This is considered +a problem since ICMP broadcasts can cause network denial of service as +the same time as giving away the location of the hosts. To remove this do: +# sysctl -w net.ipv4.icmp_echo_ignore_broadcasts = 1 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin011f]

+The system is configured to answer to bad formatted ICMP messages. This +behavior is not recommended, please unconfigure it with: +# sysctl -w net.ipv4.icmp_ignore_bogus_error_responses = 1 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin012w]

+The system is configured to accept ICMP redirects, this might or might +not be necessary in your network topology. If you have multiple routers +to which connect through to outside locations it might be necessary, +otherwise remove it since an attacker could send bogus ICMP redirection +messages to try to route the outgoing network packets to other systems +(including his own) and thus allowing for man in the middle or +denial of service attacks: +# sysctl -w net.ipv4.conf.all.accept_redirects = 0 +and: +# sysctl -w net.ipv4.conf.default.accept_redirects = 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin013f]

+It is common to protect systems against Denial of Service attacks using +SYN packets (commonly known as "SYN flooding") by activating support +of TCP syncookies. Note, however, that activating this violates some RFCs: +# sysctl -w net.ipv4.tcp_syncookies = 1 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin014f]

+It is possible to send IP spoofed packets from this machine. Spoofed +packets are commonly used by trojans that make use of compromised hosts +to deliver denial of service, man in the middle or connection hijacking. +You should consider configuring your kernel to not permit this: +# sysctl -w net.ipv4.conf.all.rp_filter = 2 +and: +# sysctl -w net.ipv4.conf.default.rp_filter = 2 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin015w]

+IP forwarding is the option that permits the system to act as a router +and thus resend packets from one network interface to another. If your +system is not acting as such this option should be disabled: +# sysctl -w net.ipv4.ip_forward = 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin016f]

+Source routing might permit an attacker to send packets through your +host (if routing is enabled) to other hosts without following your +network topology setup. It should be enabled only under very special +circumstances or otherwise an attacker could try to bypass the traffic +filtering that is done on the network: +# sysctl -w net.ipv4.conf.all.accept_source_route = 0 +and: +# sysctl -w net.ipv4.conf.default.accept_source_route = 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin017w]

+Suspicious packets received by the kernel should be logged to detect +incoming attacks. To activate this logging capability: +# sysctl -w net.ipv4.conf.all.log_martians = 1 +and: +# sysctl -w net.ipv4.conf.default.log_martians = 1 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin018w]

+The "weak end host" description in the RFC1122 permits multihomed systems +to receive packets for a network interface from another network interface. +This, as a matter of fact, removes the benefit of configuring services +and binding them to a single IP address (not to all IP addresses). +For 2.2 kernels remove this option with: +# echo 1 > /proc/sys/net/ipv4/conf/eth1/hidden +For 2.4 and later kernels you might need to patch the kernel or configure +your firewalling rules properly (i.e. defining anti-spoofing rules). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [lin019f]

+The system has no firewalling rules in place to limit access to network +services and protocols. Considering configuring a set of local firewall +rules adapted to your needs. There are multiple firewall generation software +you can use to generate these (such as Bastille, Shorewall, Firestarter, +or Knetfiler). +Local firewall rules can be used to block undesired incoming and outgoing +traffic and can be useful to prevent access to network services that are +listening on all system interfaces, only want to be used from specific +hosts (or interfaces) and lack capabilities to either restrict its +use to specific local network IP addresses or hosts. +If the system is multi-home a local firewall configuration will prevent +spoofing attacks due to "weak end host" issues. --- tiger-3.2.2.orig/html/logfiles.html +++ tiger-3.2.2/html/logfiles.html @@ -0,0 +1,136 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for logfiles

+

Code [logf001f]

+The log file "wtmp" should exist to show an audit trail of which user has +logged into the server. This file is accessed by the command "last". +It might not exist due to a system configuration error or an +intruder that has tried to cover this tracks by removing it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf002f]

+The log file "btmp" should exist to log a list of bad logins. +This file is accessed using the command "lastb". +It might not exist due to a system configuration error or an +intruder that has tried to cover this tracks by removing it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf003f]

+The log file "lastlog" should exist to show a user's most recent login +session on the server. This file is accessed by the command "lastlog". +It might not exist due to a system configuration error or an +intruder that has tried to cover this tracks by removing it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf004f]

+The log file "utmp" should exist so that a list of current users on the +server can be listed. This is accessed by the command "who". +It might not exist due to a system configuration error or an +intruder that has tried to cover this tracks by removing it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf005f]

+The log file does not have proper permissions set. It is recommended that +you change the permissions to those suggested for these file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf005w]

+There are no umask entries in the configuration file. It is recommended +that there are umask entries set in the configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf006f]

+The log file "loginlog" should exist to show a user login attempts +on the server. +It might not exist due to a system configuration error or an +intruder that has tried to cover this tracks by removing it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [logf007f]

+The log file "messages" should exist to show a trace of the system logs +(including reboots and kernel messages), it is also often used by the +syslog daemon to log information. The contents of the "messages" logfile +depends upon the configuration of the syslog.conf and varies by +distribution and/or system administrator preference. +It might not exist if you have configured your system to use a +different file for logging or if an intruder has tried to cover +his tracks by removing it since the messages file might contain +bad login attempts from local users and remote hosts. --- tiger-3.2.2.orig/html/misc.html +++ tiger-3.2.2/html/misc.html @@ -0,0 +1,613 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for misc

+

Code [ca9122f]

+CERT Advisory CA-91:22 +

+The `loadmodule' executable from OpenWindows 3.0 contains a security +vulnerability that can allow a local user to gain root access. +

+Sun Patch 100448-01 provides a fix for this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ca9122w]

+CERT Advisory CA-91:22 +

+The `loadmodule' executable installed on this machine may contain a +security vulnerability that can allow a local user to gain root +access. This applies to OpenWindows 3.0. +

+Sun Patch 100448-01 provides a fix for this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ca9122i]

+The OpenWindows binary `loadmodule' could not be located in order +to check it for vulnerabilities. If you have OpenWindows 3.0 installed, +then you should set the environment variable OPENWINHOME to point to +the OpenWindows installation directory and rerun the security checking +system. For example: +

+setenv OPENWINHOME /usr/local/openwin +

+./tiger +

+Other versions of OpenWindows do not exhibit this vulnerability. +

+See message-id ca9122f for information on the vulnerability. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc001w]

+If the console on a Sun workstation is marked as secured, then it is +possible for someone with physical access to the console to +reboot the machine in single-user mode, thus giving them root +access to the machine. This can be corrected by editing the +file /etc/ttytab and removing the word 'secure' from the +entry for the console. By doing this, the root password must +be entered when booting in single-user mode. Thus, if you forget +the root password, you will have to boot from some other media +in order to get back in. This will *also* prevent root logins +on the console. It will be necessary to login as a normal user, +then 'su' to the root account (this is a preferred method as it +provides accountability). +

+If your system's console is in a physically secure location, then +it is fairly safe to leave this as it is. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc002w]

+If the tty's and pseudo-tty's on a Sun workstation are marked +as secured, then it is possible to login as 'root' on any of +these tty's. This does not provide any accountability as +to who is using the 'root' account. This can be corrected by +editing the file /etc/ttytab and removing the word 'secure' from +the tty and pseudo-tty lines. By doing this, it will not be +possible to login directly as 'root' via telnet, rlogin, or on +a hardwired terminal. It will be necessary to login as a normal +user, then 'su' to the root account, thereby providing accountability. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc003f]

+Without the /var/yp/securenets file, an NIS server will hand out +its map files to any client that asks. Since the password file +is one of the maps maintained by the NIS server, anyone on the +Internet is capable of retrieving your password file. The `securenets' +file allows you to specify networks and hosts which are allowed to +retrieve information from the server. +

+This requires that Sun Patch ID 100482 be installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc004w]

+If the PROM monitor is not in secure mode, then someone with +physical access to the console can enter the PROM monitor and +execute commands which allow them to read and modify memory, boot +alternate OS's etc. See the 'eeprom' man page for information +on securing the PROM monitor. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc005e]

+The listed security check file from a check.d/ file does not +exist. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc006w]

+The NFS mount daemon is running with port checking disabled. +This means that any user on an authorized client can obtain +a file handle for an exported file-system. If port checking +is also disabled in the kernel, this file handle can be used +to gain unauthorized access to files, and possibly to gain +unauthorized privileges. On SunOS 4.x machines, the '-n' +switch is used to disable port checking. This is the default +when C2 security is not enabled. Port checking can be enabled +by editing the /etc/rc.local file and removing the '-n' switch +from the rpc.mountd command. +

+NOTE: Doing this may break certain older NFS implementations which +do not use a privileged port. You should verify that any clients +do not have this problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc007w]

+The `ypbind' on this machine is running with a `ypset' option (either +-ypset or -ypsetme). These options can allow an intruder to redirect +NIS lookups to a server set up by them, allowing them to gain privileged +access. These options should not be used. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc008w]

+The running kernel is not checking to see if the source +port for NFS requests is a privileged port. If the machine +is not doing NFS serving, this is not a problem. If it is, +this means that any user on an authorized client that can obtain +a file handle for an exported file-system can gain unauthorized +access to files, and possibly gain unauthorized privileges. +If port checking is also disabled for the NFS mount daemon [misc006w], +this becomes very easy to do. To enable port checking, the +kernel variable 'nfs_portmon' should be set to a non-zero value. +

+On SunOS 4.x systems, an 'adb' command exists in the /etc/rc.local +script to set this variable during boot up. This command is normally +only executed for systems which have enabled Sun's C2 security. +Removing the command from the surrounding 'if' block will enable it +for non-C2 systems. +

+For SunOS 5.x systems, add the line +

+set nfs:nfs_portmon = 1 +

+to the /etc/system file and reboot. +

+NOTE: Enabling NFS port checking may break certain older NFS +implementations which do not use a privileged port. You should verify +that any clients do not have this problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc009w]

+The -hosts option is being used with the automounter. This may +allow unauthorized access or privileges to be gained. The -hosts +option allows filesystems to be automounted from any host on +the network. If the machine is attached to the Internet, any +host on the Internet is a candidate. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ca9302a]

+CERT Advisory CA-93:02a +

+A vulnerability exists in the distributed printing facility of all +releases of NeXTSTEP software though NeXTSTEP 3.0. The "_writers" +property on the "/printers" and "/fax_modems" should be removed. +

+See the CERT advisory for more details. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc010w]

+CERT Advisory CA-93:15 +

+CERT Advisory CA-93:16 +

+A serious vulnerability exists in most versions of sendmail +distributed prior to late October, or early November 1993. This +vulnerability allows remote users to execute arbitrary programs. +The vulnerability affects the final destination host, therefore +firewalled machines are vulnerable. The CERT advisory CA-93:16 +provides three approaches for the problem. If feasible, the +best approach is to disable the program mailer (Mprog) in the +`sendmail.cf' file. If not feasible, then a version of sendmail +(such as sendmail 8.6.4 or later from ftp.cs.berkeley.edu) should +be installed. Vendor provided fixes are +

+HP-UX 8.x, series 300/400 PHNE_3369 +

+HP-UX 9.x, series 300/400 PHNE_3370 +

+HP-UX 8.x, series 700/800 PHNE_3371 +

+HP-UX 9.x, series 700/800 PHNE_3372 +

+

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc011w]

+The local sendmail.cf is using the sendmail restricted shell (smrsh) +for program delivery, but it appears to use a program which allows +the vulnerabilities discussed in `misc010w' to be exploited. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc012e]

+The indicated file could not be read. This generally indicates that +the check was attempted from a userid with insufficient privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc013w]

+CERT Advisory CA-93:17 +

+The xterm utility contains a vulnerability which allows any file to +be overwritten, or the ownership of the file changed. Consult vendors +for patches for supported versions of xterm. MIT Patch 26 for X11R5 +contains a patch for the MIT distribution. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc014w]

+

+The file `/etc/rcS' is executed during the switch to single user +mode (part of booting and shutting down). If file system checks +fail, then this script will start a root shell on the console. +To force a password to be entered, locate the line that reads +

+/sbin/sh < /dev/console +

+and change this to +

+/sbin/sulogin +

+This will force the root password to be entered should the +file system checks fail. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc015w]

+

+The `xload' utility, when built with the standard (unpatched) MIT +X11R5 distribution on systems with dynamic linking, contains a +security vulnerability. The link step links against libraries +using relative pathnames (../../..). To correct the problem, +the `xload' utility should be relinked without these pathnames +(the absolute pathname to your X11 libraries should be used). +

+Another alternative is to disable the `xload' utility by turning +off the setuid and/or setgid bits. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc016w]

+

+The `ie', `le', and `qe' device files can be used to snoop packets +from the network (Ethernet in these cases). This ability should be +restricted. The permissions on the listed files should be 0600. The +Solaris package facility will occasionally reset these permissions to +what they are defined to be in in the /var/sadm/install/contents file. +Therefore, they must be changed there as well. The file is an ASCII +file and can be edited with any editor. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc017w]

+

+The `ie', `le', and `qe' device files can be used to snoop packets +from the network (Ethernet in these cases). This ability should be +restricted. The listed device files should be owned by root and only +readable/writable by root in order to restrict access. The Solaris +package facility will occasionally reset the ownership and permissions to +what they are defined to be in in the /var/sadm/install/contents file. +Therefore, they must be changed there as well. The file is an ASCII +file and can be edited with any editor. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc017f]

+The umask settings used in the boot scripts is insecure. +This means that probably the boot scripts will create files +(if any) with permissions that make them subject to attack. Recommended +permissions are 022 or 022. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc018w]

+There are two umask settings in the boot scripts, this probably means +that only one of them will be valid. Check the appropriate file to +fix this issue. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc019w]

+Tiger was unable to found any umask settings to be used in the boot +scripts. This means that probably the boot scripts will create files +(if any) with vulnerable permissions. +Tiger was unable +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc020f]

+Tiger checked the process table and was not able to find a process +which it was configured to look for. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc021w]

+There are no umask entries in the configuration file. It is recommended +that there are umask entries set in the configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc022f]

+The umask setting in the configuration file is insecure. Umask must be +set as to prevent public write (i.e. either 002 or 022). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc023w]

+There are more than two umask entries in the configuration file. Please +check if the umask settings are secure (to prevent public write, suggested +values are either 002 or 022). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc024e]

+The script will not be run since it belongs to a different owner than the +one running the Tiger program (or script). Since running this script might +introduce a risk (if the script was dropped in a directory that Tiger searches +for by an attacker to have it run) it will not be executed. +This might be a problem in the installation of Tiger so you should recheck +the script owner and permissions. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [misc025e]

+The script will not be run since it is not executable. This might be a problem +with the installation of Tiger so you should recheck the script's file owner +and permissions. --- tiger-3.2.2.orig/html/ndd.html +++ tiger-3.2.2/html/ndd.html @@ -0,0 +1,207 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for ndd

+

Code [ndd001f]

+This option determines whether to forward broadcast packets directed +to a specific net or subnet, if that net or subnet is directly +connected to the machine. If the system is acting as a router, this +option can be exploited to generate a great deal of broadcast network +traffic. Turning this option off will help prevent broadcast traffic +attacks. +To disable this do: +# ndd -set /dev/ip ip_forward_directed_broadcasts 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd002f]

+This option determines whether to forward packets that are source +routed. These packets define the path the packet should take instead +of allowing network routers to define the path. +To disable this do: +# ndd -set /dev/ip ip_forward_src_routed 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd003w]

+IP forwarding is the option that permits the system to act as a router +and thus resend packets from one network interface to another. If your +system is not acting as such this option should be disabled. +To disable this do: +# ndd -set /dev/ip ip_forwarding 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd004f]

+The echo-request PMTU strategy can be used for amplification attacks. +Use either strategy 1 or strategy 0. +To disable this do: +# ndd -set /dev/ip ip_pmtu_straegy [0|1] +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd005w]

+This option determines whether to send ICMP redirect messages which +can introduce changes into remote system's routing table. It should +only be used on systems that act as routers. +To disable this do: +# ndd -set /dev/ip ip_send_redirects 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd006w]

+The system is configured to send ICMP source quench messages. These +ICMP messages have been deprecated. +To disable this do: +# ndd -set /dev/ip ip_send_source_sqench 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd007f]

+This options determines whether to respond to ICMP netmask requests +which are typically sent by diskless clients when booting. An +attacker may use the netmask information for determining network +topology or the broadcast address for the subnet. +To disable this do: +# ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd008f]

+This option determines whether to respond to ICMP broadcast echo +requests (ping). An attacker may try to create a denial of service +attack on subnets by sending many broadcast echo requests to which all +systems will respond. This also provides information on systems that +are available on the network. +To disable this do: +# ndd -set /dev/ip ip_respond_to_echo_broadcast 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd009f]

+This option determines whether to respond to ICMP broadcast timestamp +requests which are used to discover the time on all systems in the +broadcast range. This option is dangerous for the same reasons as +responding to a single timestamp request. Additionally, an attacker +may try to create a denial of service attack by generating many +broadcast timestamp requests. +To disable this do: +# ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd010f]

+This option determines whether to respond to ICMP timestamp requests +which some systems use to discover the time on a remote system. An +attacker may use the time information to schedule an attack at a +period of time when the system may run a cron job (or other time- +based event) or otherwise be busy. It may also be possible predict +ID or sequence numbers that are based on the time of day for spoofing +services. +# ndd -set /dev/ip ip_respond_to_timestamp 0 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ndd011w]

+This option determines if HP-UX will include explanatory text in the +RST segment it sends. This text is helpful for debugging, but is also +useful to potential intruders. +To disable this do: +# ndd -set /dev/tcp tcp_text_in_resets 0 --- tiger-3.2.2.orig/html/netrc.html +++ tiger-3.2.2/html/netrc.html @@ -0,0 +1,85 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for netrc

+

Code [nrc001f]

+The indicated .netrc file is readable by others and contains entries +for login ID's that are not anonymous FTP, and these entries contain +passwords. This provides login information to intruders, allowing +them to compromise the remote site. The read permissions should be +removed immediately. It is also not a good idea to have the passwords +in the file. Unless absolutely necessary, these entries should +be deleted. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nrc002w]

+The indicated .netrc file contains entries for login ID's that are not +anonymous FTP, and these entries contain passwords. The .netrc file +is not readable, but it is still not a good idea to have the passwords +in the file. Unless absolutely necessary, these entries should be +deleted. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nrc003w]

+The indicated .netrc file is a symbolic link. This is an unusual +condition and should be checked out. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nrc004a]

+The indicated .netrc file is a directory. This possibly indicates +that an intrusion has occurred. The directory should be examined +for unusual files. The system should also be checked for other +signs of intrusion. The directory should be renamed or removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nrc005w]

+The user has a .netrc file, you should avoid usage of these files unless +absolutely necessary since they can contain sensible information which +could be used by a local intruder. --- tiger-3.2.2.orig/html/network.html +++ tiger-3.2.2/html/network.html @@ -0,0 +1,333 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for network

+

Code [netw001f]

+The listed file is world writable. chmod -ow file to correct. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw002f]

+The listed file is not owned by an 'administrative' account. +Change the ownership, or add your admin user to 'Tiger_Admin_Accounts' +list of valid administrative users. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw003f]

+The inetd daemon is not configured with login enabled. If xinetd +based, add the 'filelog' or 'syslog' options in /etc/sysconfig/xinetd +configuration file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw004f]

+The syslogd daemon should be executing to log system events. Please +add the appropriate start link to /etc/rc.d/rc[RUNLEVEL].d to the +/etc/rc.d/init.d/syslog script, or install syslog if it isn't. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw005f]

+Omniback is installed, but there is no cell server specified. Please +put the IP address of your cell server in /usr/omni/config/cell/cell_server +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw006f]

+Please specify the cell server by IP address in /usr/omni/config/cell/cell_server +to prevent DNS spoofing. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw006f]

+Disable fingerd in inetd's config file and restart inetd. If you're +running fingerd as a standalone daemon, please disable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw007f]

+Disable identd in inetd's config file and restart inetd. If you're +running identd as a standalone daemon, please disable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw008f]

+The listed service should be disabled in inetd's config file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw009f]

+The listed routing daemon should be disabled. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw010f]

+/etc/securetty does not exist. Please create it! +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw011f]

+/etc/securetty contains an invalid entry. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw012f]

+/etc/securetty is not OWNED by an admin user. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw013f]

+/etc/securetty is not OWNED by an admin group. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw014f]

+/etc/securetty has world write permissions. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw015f]

+IP Forwarding is not permitted. Please disable ip forwarding. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw016f]

+Your version of BIND is old, update to a more secure version. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw017f]

+Your version of wu-ftpd is old, update to a more secure version. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw018f]

+There is an administrative user (low UID) which can access the +local FTP server. If the local FTP server is enabled and a user +with administrative rights can access it remotely this might lead +to a security compromise of the system. It is recommended for +administrative users to be added into /etc/ftpusers +if you have a FTP server installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw019w]

+The sendmail configuration file (sendmail.cf) has the default +sendmail banner. This means that when the mail server is active +it publishes the version you are currently running. Attackers can use this +information to determine if you are running a vulnerable version. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw020f]

+There is no ftpusers configuration file. In some systems this might +enable all administrative users (low UID) to access the local FTP +server if it is enabled (some other systems might deprecate its use). +It is recommended that administrative users are added into /etc/ftpusers +if you have a FTP server installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [netw021w]

+There is a restricted user (uses a restricted shell) which can access the +local FTP server. If the local FTP server is enabled and a restricted user +can access it remotely this might lead to a security compromise of the +system. It is recommended for restricted users to be added into +/etc/ftpusers if you have a FTP server installed. --- tiger-3.2.2.orig/html/nfs.html +++ tiger-3.2.2/html/nfs.html @@ -0,0 +1,268 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for nfs

+

Code [nfs001f]

+The anonymous ID defines the 'uid' to be used for authenticating +NFS requests which have no credentials. Setting this to 0 is +very dangerous. It allows the system to be compromised from client +machines. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs002w]

+The anonymous ID defines the 'uid' to be used for authenticating +NFS requests which have no credentials. Setting this to 0 is +very dangerous. It allows all files to be searched, possibly +revealing security problems. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs003w]

+Exporting the root file-system allows remote machines to +access critical files such as /etc/passwd, possibly allowing +the machine to be compromised. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs004f]

+Exporting the root file system allows remote machines to +access critical file such as /etc/passwd. Exporting this +R/W to everyone means that on the Internet can modify system +files, allowing them to gain further access to the machine. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs005f]

+Exporting the root file system allows remote machines to +access critical file such as /etc/passwd. Exporting this +to everyone means that anyone on the Internet can browse system +files, allowing them to find other security problems. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs006f]

+Exporting a file-system R/W to everyone means that anyone can +modify the data on your system, possibly making changes that +allow them to login to the system and access or destroy other +files. +

+See `nfs013i' +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs007w]

+Exporting a directory to everyone means that anyone can +look at your files. The information gained can possibly +be used to gain further access to the machine. +

+See `nfs013i' +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs008f]

+Exporting the root file system read only and with root access +will allow the remote machine to view system files, +possibly allowing them to gain further access to the +machine. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs009f]

+Exporting the root file system with R/W and root access +will allow the remote machine to edit system files, +such as /etc/passwd, allowing them to gain access to the +machine. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs010i]

+Exporting a file-system with root access can allow the +a user on the remote host to gain further access on +the local machine. Removing root exports is a means +of limiting the number of affected machines in the +event that a machine(s) is compromised. In this case, +the directory is protected on the server because the +permissions are '700'. Note on some platforms, if this +is not the root directory of a file-system, then the +server may still be vulnerable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs011w]

+The listed directory is exported with root access to a +machine, and the directory is accessible on the server. +By setting the permissions to 'rwx------', if the client is +compromised, the server can not be compromised by any files +which are placed underneath this directory, since they will +be unreachable by a non-privileged user on the server. +Note on some platforms, if this is not the root directory +of a file-system, then the server may still be vulnerable. +

+

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs012w]

+The directory for a disk-less client is exported with +root access, but the directory is not protected on the +server because the permissions are not '700'. By setting +the permissions of the directory to `700', any files created +from the client machine will not be accessible on the server. +Note on some platforms, if this is not the root directory +of a file-system, then the server may still be vulnerable. +

+NOTE: For the disk-less clients '/' (root) directory, the +permissions can *not* be `700' as non-root processes on the +client will not be able to access any files. The permissions +on the parent directory on the server should be set to `700' +(or if feasible, the root directory of the file-system on which +the directory resides should be set to `700'). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs013i]

+A common problem with setting up NFS exports is the inability +to get the client access to work. Often, in frustration, +the administrator of the machine removes the export restrictions +and exports the file systems to everyone. This problem is +usually caused by host name mismatches. On most implementations +of NFS, the name matching is case sensitive. The name specified +in the exports file (or equivalent) must match exactly. One +way of determining the correct name is to login to the client, +then use `telnet' to login to the server. The `who' or `finger' +command can then be used to determine the client host name (it +may be truncated, but enough information should be listed to +determine the correct name). This host name should be used in +the access list in the exports file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [nfs014w]

+Exporting the `/usr' partition with read/write access can allow +the server to be compromised if the client is compromised. An +intruder can replace system binaries. By exporting it read/only, +they will be unable to do this. --- tiger-3.2.2.orig/html/passwd.html +++ tiger-3.2.2/html/passwd.html @@ -0,0 +1,316 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for passwd

+

Code [pass001w]

+The listed username occurs more than once in the same file. This +indicates a configuration problem and should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass002w]

+The listed userid (uid) occurs more than once in the same file. This +usually indicates a configuration problem and should be corrected. On +many systems, uid 0 (zero) and uid 1 (one) are often used for multiple +usernames. It is usually to completely disable all of the usernames +except for `root' for uid zero and all of the usernames for uid one. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass003w]

+The listed entry does not have the correct number of fields. This +indicates a configuration problem that should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass004w]

+The listed username occurs in separate password sources, but the userid +(uid) is different in them. This can lead to unexpected access to +resources if not corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass005w]

+The listed userid (uid) occurs in separate password sources, but the +usernames are different. This can lead to unexpected access to resources +if not corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass006w]

+The password files have integrity issues as found by 'pwck -r'. This +can lead to looping of password manipulation programs and to authentication +or login issues if not corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass007w]

+Some password controls or constraints are missing. These should be be +applied to all users via their /etc/login.defs configuration values. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass008e]

+The password file was not generated and cannot be analysed. This might +probably happen due to Tiger not running with full administrative access. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass009f]

+The format of a given configuration file used for user (or group) +authentication has some inconsistency that might be a security vulnerability. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass010w]

+The listed groupname occurs more than once in the same file. This +indicates a configuration problem and should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass011f]

+The listed username has an empty password string. This will allow any user +to gain access to the account without being prompted for a password. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass012w]

+The listed home directory is specified for multiple users. This can lead to +denial-of-service and unexpected resource usage (i.e. shell initialization +files, etc) if not corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass013w]

+The listed username is not using an acceptable, cryptographic method for the +password hash. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass014w]

+The listed login ID is disabled in some manner ('*' in passwd field, etc), +but the login shell for the login ID is a valid shell (from /etc/shells +or the system equivalent). A valid shell can potentially enable the +login ID to continue to be used. The login shell should be changed +to something that doesn't exist, or to something like /bin/false. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass015w]

+The listed login ID does not have a valid login program or shell. +Usually these are defined in /etc/shells. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass016w]

+The listed login ID should not have "/" (system root directory) +as its home drive. This is a possible security hole. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass017w]

+The listed login ID has a user ID of zero (0) and is not the 'root' +account. This should be checked to see if it is legitimate. In any +case, having login ID's with a user ID of zero tends to lead to security +problems, and should be avoided (except for 'root') +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass018f]

+The listed administrative login should have an impossible password. +Files owned by this login ID may reside in critical system directories +and compromise of this account could lead to trojan executables in +typical search paths. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass19w]

+The listed login ID does not have password aging enabled. Good +password management practices indicate that passwords should not +be static, but rather should be changed on a regular basis. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pass20w]

+The listed login ID is not configured to use shadow passwords. This +indicates the specified login ID has its cypher text publicly available +and is subject to brute force password cracking, even though shadow +passwords are implimented on the system. --- tiger-3.2.2.orig/html/paths.html +++ tiger-3.2.2/html/paths.html @@ -0,0 +1,171 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for paths

+

Code [path001w]

+The indicated file is in root's PATH, and is group writable, world +writable or both. This can allow Trojan horse programs or viruses to be +planted into these executables and spread by `root'. The group +and world write permissions should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path002w]

+The indicated file is in root's PATH, but is not owned by root. This +can allow Trojan horse programs or viruses to be planted into these +executables and spread by `root'. Often these executables are owned by +`bin', `uucp' or other system accounts. If these commands are never +used by root, then this is not a problem. If they are, you should +consider changing the owner to `root'. Because of SMI's recent decision +to install most /usr/sbin/a2dismod /usr/sbin/a2dissite /usr/sbin/a2enmod /usr/sbin/a2ensite /usr/sbin/ab /usr/sbin/accept /usr/sbin/accessdb /usr/sbin/acpid /usr/sbin/addgnupghome /usr/sbin/addgroup /usr/sbin/add-shell /usr/sbin/adduser /usr/sbin/apache /usr/sbin/apache2 /usr/sbin/apache2ctl /usr/sbin/apacheconfig /usr/sbin/apachectl /usr/sbin/apache-modconf /usr/sbin/arp /usr/sbin/arp2ethers /usr/sbin/arpd /usr/sbin/arpfetch /usr/sbin/arpsnmp /usr/sbin/arpspoof /usr/sbin/arpwatch /usr/sbin/aspell-autobuildhash /usr/sbin/atd /usr/sbin/AutomatedBastille /usr/sbin/avahi-daemon /usr/sbin/backup-simple /usr/sbin/bastille /usr/sbin/BastilleBackEnd /usr/sbin/BastilleChooser /usr/sbin/bihourly /usr/sbin/biosdecode /usr/sbin/bonobo-activation-sysconf /usr/sbin/chat /usr/sbin/check_forensic /usr/sbin/checkgid /usr/sbin/checkrestart /usr/sbin/checksecurity /usr/sbin/cheops-agent /usr/sbin/chgpasswd /usr/sbin/chkrootkit /usr/sbin/chpasswd /usr/sbin/chroot /usr/sbin/cleanup-info /usr/sbin/coldnamed /usr/sbin/cpgr /usr/sbin/cppw /usr/sbin/Crack /usr/sbin/crack_mkdict /usr/sbin/crack_packer /usr/sbin/Crack-Reporter /usr/sbin/crack_testlib /usr/sbin/crack_testnum /usr/sbin/crack_teststr /usr/sbin/crack_unpacker /usr/sbin/cron /usr/sbin/cruft /usr/sbin/cupsaccept /usr/sbin/cupsaddsmb /usr/sbin/cupsctl /usr/sbin/cupsd /usr/sbin/cupsdisable /usr/sbin/cupsenable /usr/sbin/cupsfilter /usr/sbin/cupsreject /usr/sbin/cvs-pserver /usr/sbin/cytune /usr/sbin/dbconfig-generate-include /usr/sbin/dbconfig-load-include /usr/sbin/ddcprobe /usr/sbin/debootstrap /usr/sbin/debsecan-create-cron /usr/sbin/debsums_gen /usr/sbin/defoma-reconfigure /usr/sbin/delgroup /usr/sbin/deluser /usr/sbin/diagperm /usr/sbin/dmassagevendor /usr/sbin/dmidecode /usr/sbin/dnssec-keygen /usr/sbin/dnssec-signzone /usr/sbin/dnsspoof /usr/sbin/dpkg-divert /usr/sbin/dpkg-preconfigure /usr/sbin/dpkg-reconfigure /usr/sbin/dpkg-statoverride /usr/sbin/dsniff /usr/sbin/dumbnet /usr/sbin/editkeep /usr/sbin/ethtool /usr/sbin/exicyclog /usr/sbin/exigrep /usr/sbin/exim /usr/sbin/exim4 /usr/sbin/exim_checkaccess /usr/sbin/exim_convert4r4 /usr/sbin/exim_dbmbuild /usr/sbin/exim_dumpdb /usr/sbin/exim_fixdb /usr/sbin/exim_lock /usr/sbin/eximstats /usr/sbin/exim_tidydb /usr/sbin/exinext /usr/sbin/exipick /usr/sbin/exiqgrep /usr/sbin/exiqsumm /usr/sbin/exiwhat /usr/sbin/famd /usr/sbin/fdutilsconfig /usr/sbin/filefrag /usr/sbin/filesnarf /usr/sbin/foomatic-addpjloptions /usr/sbin/foomatic-cleanupdrivers /usr/sbin/foomatic-extract-text /usr/sbin/foomatic-fix-xml /usr/sbin/foomatic-getpjloptions /usr/sbin/foomatic-kitload /usr/sbin/foomatic-nonumericalids /usr/sbin/foomatic-preferred-driver /usr/sbin/foomatic-printermap-to-gimp-print-xml /usr/sbin/foomatic-replaceoldprinterids /usr/sbin/fping /usr/sbin/fping6 /usr/sbin/ftpasswd /usr/sbin/ftpquota /usr/sbin/ftpshut /usr/sbin/ftpstats /usr/sbin/gconf-schemas /usr/sbin/gdm /usr/sbin/gdmsetup /usr/sbin/gnome-pty-helper /usr/sbin/gpm /usr/sbin/gpmconfig /usr/sbin/gpm-microtouch-setup /usr/sbin/gpm-mouse-test /usr/sbin/groupadd /usr/sbin/groupdel /usr/sbin/groupmod /usr/sbin/grpck /usr/sbin/grpconv /usr/sbin/grpunconv /usr/sbin/grub /usr/sbin/grub-floppy /usr/sbin/grub-install /usr/sbin/grub-md5-crypt /usr/sbin/grub-reboot /usr/sbin/grub-set-default /usr/sbin/grub-terminfo /usr/sbin/hald /usr/sbin/hddtemp /usr/sbin/hping /usr/sbin/hping2 /usr/sbin/hpiod /usr/sbin/hpssd /usr/sbin/htcacheclean /usr/sbin/htdigconfig /usr/sbin/httxt2dbm /usr/sbin/huntd /usr/sbin/hwinfo /usr/sbin/iconvconfig /usr/sbin/identd /usr/sbin/idswakeup /usr/sbin/ifdhandler /usr/sbin/ifdproxy /usr/sbin/ikeygen /usr/sbin/in.comsat /usr/sbin/inetd /usr/sbin/in.ntalkd /usr/sbin/in.proftpd /usr/sbin/install-docs /usr/sbin/install-info /usr/sbin/install-keymap /usr/sbin/install-menu /usr/sbin/install-sgmlcatalog /usr/sbin/in.talkd /usr/sbin/InteractiveBastille /usr/sbin/invoke-rc.d /usr/sbin/ipmasqadm /usr/sbin/iptraf /usr/sbin/ircflush /usr/sbin/ircio /usr/sbin/ispell-autobuildhash /usr/sbin/ispellconfig /usr/sbin/iwu /usr/sbin/jail_uml /usr/sbin/john /usr/sbin/kernel-packageconfig /usr/sbin/laptop-detect /usr/sbin/locale-gen /usr/sbin/localepurge /usr/sbin/logcheck /usr/sbin/logresolve /usr/sbin/logrotate /usr/sbin/logtail /usr/sbin/logtail2 /usr/sbin/lpadmin /usr/sbin/lpc /usr/sbin/lpdomatic /usr/sbin/lpinfo /usr/sbin/lpmove /usr/sbin/lsusb /usr/sbin/macof /usr/sbin/magicfilter /usr/sbin/magicfilterconfig /usr/sbin/mailer /usr/sbin/mailsnarf /usr/sbin/MAKEFLOPPIES /usr/sbin/makejail /usr/sbin/make-ssl-cert /usr/sbin/massagevendor /usr/sbin/mkboot /usr/sbin/mkinitramfs /usr/sbin/mkinitramfs-kpkg /usr/sbin/mklost+found /usr/sbin/mksmbpasswd /usr/sbin/modconf /usr/sbin/modules-config /usr/sbin/msgsnarf /usr/sbin/mysqld /usr/sbin/mysqlmanager /usr/sbin/named /usr/sbin/named-checkconf /usr/sbin/named-checkzone /usr/sbin/named-compilezone /usr/sbin/ndb_cpcd /usr/sbin/ndbd /usr/sbin/ndb_mgmd /usr/sbin/nessus-adduser /usr/sbin/nessus-check-signature /usr/sbin/nessusd /usr/sbin/nessus-mkcert /usr/sbin/nessus-rmuser /usr/sbin/nessus-update-plugins /usr/sbin/nessus-update-plugins-gpl /usr/sbin/netscsid /usr/sbin/netwatch /usr/sbin/newusers /usr/sbin/nmbd /usr/sbin/nologin /usr/sbin/ntop /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdate-debian /usr/sbin/ntp-keygen /usr/sbin/ntptime /usr/sbin/ntp-wait /usr/sbin/oinkmaster /usr/sbin/openct-control /usr/sbin/orphaner /usr/sbin/ownership /usr/sbin/p0f /usr/sbin/packit /usr/sbin/pam_getenv /usr/sbin/pam_tally /usr/sbin/paperconfig /usr/sbin/pbuilder /usr/sbin/pconf_detect /usr/sbin/pcscd /usr/sbin/pg_maintenance /usr/sbin/popcon-largest-unused /usr/sbin/popularity-contest /usr/sbin/pppconfig /usr/sbin/pppd /usr/sbin/pppdump /usr/sbin/pppoe /usr/sbin/pppoeconf /usr/sbin/pppoe-connect /usr/sbin/pppoe-discovery /usr/sbin/pppoe-relay /usr/sbin/pppoe-server /usr/sbin/pppoe-setup /usr/sbin/pppoe-sniff /usr/sbin/pppoe-start /usr/sbin/pppoe-status /usr/sbin/pppoe-stop /usr/sbin/pppstats /usr/sbin/privoxy /usr/sbin/proftpd /usr/sbin/pwck /usr/sbin/pwconv /usr/sbin/pwunconv /usr/sbin/ramsize /usr/sbin/rdev /usr/sbin/readprofile /usr/sbin/reject /usr/sbin/remove-default-ispell /usr/sbin/remove-default-wordlist /usr/sbin/remove-shell /usr/sbin/RevertBastille /usr/sbin/rmail /usr/sbin/rmt /usr/sbin/rmt-tar /usr/sbin/rndc /usr/sbin/rndc-confgen /usr/sbin/rootflags /usr/sbin/rotatelogs /usr/sbin/rsmtp /usr/sbin/rtcwake /usr/sbin/runas /usr/sbin/runq /usr/sbin/rvnamed /usr/sbin/safe_finger /usr/sbin/samhain /usr/sbin/saned /usr/sbin/select-default-ispell /usr/sbin/select-default-wordlist /usr/sbin/sendmail /usr/sbin/setvesablank /usr/sbin/smartctl /usr/sbin/smartd /usr/sbin/smbd /usr/sbin/snort /usr/sbin/snort-stat /usr/sbin/spamd /usr/sbin/spfd /usr/sbin/spfd.mail-spf-query-perl /usr/sbin/split-logfile /usr/sbin/sshd /usr/sbin/sshmitm /usr/sbin/sshow /usr/sbin/statnetd /usr/sbin/su-to-root /usr/sbin/synaptic /usr/sbin/sync-available /usr/sbin/syslog2eximlog /usr/sbin/syslogd-listfiles /usr/sbin/syslog-facility /usr/sbin/sysv-rc-conf /usr/sbin/tcpblast /usr/sbin/tcpd /usr/sbin/tcpdchk /usr/sbin/tcpdmatch /usr/sbin/tcpdump /usr/sbin/tcpkill /usr/sbin/tcpnice /usr/sbin/tcpxtract /usr/sbin/thpot /usr/sbin/tickadj /usr/sbin/tiger /usr/sbin/tigercron /usr/sbin/tigexp /usr/sbin/tmpreaper /usr/sbin/trafshow /usr/sbin/try-from /usr/sbin/tunctl /usr/sbin/tunelp /usr/sbin/udevmonitor /usr/sbin/udpblast /usr/sbin/unafs /usr/sbin/UndoBastille /usr/sbin/unique /usr/sbin/unshadow /usr/sbin/update-alternatives /usr/sbin/update-binfmts /usr/sbin/update-ca-certificates /usr/sbin/update-catalog /usr/sbin/update-cracklib /usr/sbin/update-default-aspell /usr/sbin/update-default-ispell /usr/sbin/update-default-wordlist /usr/sbin/update-dictcommon-aspell /usr/sbin/update-exim4.conf /usr/sbin/update-exim4.conf.template /usr/sbin/update-exim4defaults /usr/sbin/update-fmtutil /usr/sbin/update-fonts-alias /usr/sbin/update-fonts-dir /usr/sbin/update-fonts-scale /usr/sbin/update-gconf-defaults /usr/sbin/update-gdkpixbuf-loaders /usr/sbin/update-grub /usr/sbin/update-gtk-immodules /usr/sbin/update-iceape-chrome /usr/sbin/update-icon-caches /usr/sbin/update-inetd /usr/sbin/update-initramfs /usr/sbin/update-ispell-dictionary /usr/sbin/update-java-alternatives /usr/sbin/update-language /usr/sbin/update-locale /usr/sbin/update-locale-config /usr/sbin/update-mime /usr/sbin/update-mozilla-chrome /usr/sbin/update-openoffice-dicts /usr/sbin/update-pangox-aliases /usr/sbin/update-passwd /usr/sbin/update-python-modules /usr/sbin/update-rc.d /usr/sbin/update-reader.conf /usr/sbin/update-texmf /usr/sbin/update-updmap /usr/sbin/update-usbids /usr/sbin/update-xmlcatalog /usr/sbin/update-xpdfrc /usr/sbin/urlsnarf /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/usermod /usr/sbin/validlocale /usr/sbin/vcstime /usr/sbin/vidmode /usr/sbin/vigr /usr/sbin/vipw /usr/sbin/visudo /usr/sbin/vpddecode /usr/sbin/w3camd /usr/sbin/webmitm /usr/sbin/webspy /usr/sbin/writevt /usr/sbin/wserv /usr/sbin/xresprobe /usr/sbin/zic and /usr/bin/[ /usr/bin/411toppm /usr/bin/7z /usr/bin/7za /usr/bin/7zr /usr/bin/822-date /usr/bin/a2p /usr/bin/a2ping /usr/bin/a2ps /usr/bin/a2ps-lpr-wrapper /usr/bin/a52dec /usr/bin/a5booklet /usr/bin/aaxine /usr/bin/abiword /usr/bin/AbiWord-2.4 /usr/bin/abw2html /usr/bin/aclocal /usr/bin/aclocal-1.4 /usr/bin/aclocal-1.7 /usr/bin/acpi /usr/bin/acpi_listen /usr/bin/activation-client /usr/bin/addftinfo /usr/bin/addpart /usr/bin/addr2line /usr/bin/adnsheloex /usr/bin/adnshost /usr/bin/adnslogres /usr/bin/adnsresfilter /usr/bin/afm2pl /usr/bin/afm2tfm /usr/bin/afmdiff.awk /usr/bin/afmtodit /usr/bin/akodeplay /usr/bin/al2 /usr/bin/alacarte /usr/bin/alexandria /usr/bin/alien /usr/bin/allcm /usr/bin/allec /usr/bin/allneeded /usr/bin/amarok /usr/bin/amarokapp /usr/bin/amarokcollectionscanner /usr/bin/amarok_daapserver.rb /usr/bin/amarok_libvisual /usr/bin/amarok_proxy.rb /usr/bin/amor /usr/bin/amstex /usr/bin/amuFormat.sh /usr/bin/amule /usr/bin/analog /usr/bin/animate /usr/bin/annotate-output /usr/bin/anytopnm /usr/bin/apmount /usr/bin/apogee_ppi /usr/bin/appletviewer /usr/bin/appres /usr/bin/apropos /usr/bin/apt-cache /usr/bin/apt-cdrom /usr/bin/apt-config /usr/bin/apt-extracttemplates /usr/bin/apt-file /usr/bin/apt-ftparchive /usr/bin/apt-get /usr/bin/aptitude /usr/bin/aptitude-create-state-bundle /usr/bin/aptitude-run-state-bundle /usr/bin/apt-key /usr/bin/apt-listchanges /usr/bin/apt-mark /usr/bin/apt-sortpkgs /usr/bin/ar /usr/bin/ar86 /usr/bin/archer /usr/bin/archpath /usr/bin/ark /usr/bin/arping /usr/bin/arrow /usr/bin/artsbuilder /usr/bin/artscat /usr/bin/artsc-config /usr/bin/artscontrol /usr/bin/artsd /usr/bin/artsdsp /usr/bin/artsmessage /usr/bin/artsplay /usr/bin/artsrec /usr/bin/artsshell /usr/bin/artswrapper /usr/bin/as /usr/bin/as86 /usr/bin/asciitopgm /usr/bin/ascii-xfr /usr/bin/aspell /usr/bin/aspell-import /usr/bin/at /usr/bin/atktopbm /usr/bin/atlantikdesigner /usr/bin/atobm /usr/bin/atq /usr/bin/atrm /usr/bin/audacity /usr/bin/audiofile-config /usr/bin/autoconf /usr/bin/autoconf2.13 /usr/bin/autoconf2.50 /usr/bin/autoheader /usr/bin/autoheader2.13 /usr/bin/autoheader2.50 /usr/bin/autom4te /usr/bin/automake /usr/bin/automake-1.4 /usr/bin/automake-1.7 /usr/bin/autopoint /usr/bin/autoproject /usr/bin/autopsy /usr/bin/autoreconf /usr/bin/autoreconf2.13 /usr/bin/autoreconf2.50 /usr/bin/autoscan /usr/bin/autoscan2.13 /usr/bin/autoupdate /usr/bin/autoupdate2.13 /usr/bin/awk /usr/bin/b2m /usr/bin/b2m.emacs21 /usr/bin/baobab /usr/bin/basename /usr/bin/bashbug /usr/bin/batch /usr/bin/baz /usr/bin/bazaar-gpg-check /usr/bin/bc /usr/bin/bdftopcf /usr/bin/bdftops /usr/bin/bdftruncate /usr/bin/beep /usr/bin/beforelight /usr/bin/berkeley_db3_svc /usr/bin/berkeley_db4.3_svc /usr/bin/bibindex /usr/bin/biblook /usr/bin/bibtex /usr/bin/bibtool /usr/bin/biff /usr/bin/binstats /usr/bin/bioradtopgm /usr/bin/bison /usr/bin/bison.yacc /usr/bin/bitchx /usr/bin/BitchX /usr/bin/bitmap /usr/bin/bluefish /usr/bin/bmore /usr/bin/bmp2tiff /usr/bin/bmptopnm /usr/bin/bmptoppm /usr/bin/bmtoa /usr/bin/bochs /usr/bin/bochs-bin /usr/bin/bonobo-activation-run-query /usr/bin/bonobo-application-x-mines /usr/bin/bonobo-audio-ulaw /usr/bin/bonobo-moniker-gunzip /usr/bin/bonobo-moniker-http /usr/bin/bonobo-selector /usr/bin/bonobo-slay /usr/bin/bonobo-text-plain /usr/bin/bookify /usr/bin/bookman /usr/bin/brasero /usr/bin/brushtopbm /usr/bin/bsd-write /usr/bin/bsh /usr/bin/bsp_virtual /usr/bin/btcflash /usr/bin/btcompletedir /usr/bin/btcompletedir.bittorrent /usr/bin/btdownloadcurses /usr/bin/btdownloadcurses.bittorrent /usr/bin/btdownloadheadless /usr/bin/btdownloadheadless.bittorrent /usr/bin/btedit /usr/bin/btlaunchmany /usr/bin/btlaunchmany.bittorrent /usr/bin/btlaunchmanycurses /usr/bin/btlaunchmanycurses.bittorrent /usr/bin/btmakemetafile /usr/bin/btmakemetafile.bittorrent /usr/bin/btreannounce /usr/bin/btreannounce.bittorrent /usr/bin/btrename /usr/bin/btrename.bittorrent /usr/bin/bts /usr/bin/btshowmetainfo /usr/bin/btshowmetainfo.bittorrent /usr/bin/bttrack /usr/bin/bttrack.bittorrent /usr/bin/bug-buddy /usr/bin/buildhash /usr/bin/burnBX /usr/bin/burnK6 /usr/bin/burnK7 /usr/bin/burnMMX /usr/bin/burnP5 /usr/bin/burnP6 /usr/bin/bvedit /usr/bin/bvi /usr/bin/bview /usr/bin/bwm /usr/bin/bxcommit /usr/bin/bximage /usr/bin/bzr /usr/bin/c++ /usr/bin/c2man /usr/bin/c2ph /usr/bin/c89 /usr/bin/c89-gcc /usr/bin/c99 /usr/bin/c99-gcc /usr/bin/cabextract /usr/bin/cacaxine /usr/bin/cadubi /usr/bin/caff /usr/bin/cal /usr/bin/calendar /usr/bin/callgrind_annotate /usr/bin/callgrind_control /usr/bin/cancel /usr/bin/capinfos /usr/bin/captoinfo /usr/bin/card /usr/bin/cardos-info /usr/bin/castellanizar /usr/bin/catalogmanager /usr/bin/catchsegv /usr/bin/catdoc /usr/bin/catman /usr/bin/catppt /usr/bin/cc /usr/bin/ccache /usr/bin/ccal /usr/bin/ccmakedep /usr/bin/ccmtcnvt /usr/bin/cdadd /usr/bin/cdbackup /usr/bin/cdbs-edit-patch /usr/bin/cdcd /usr/bin/cdclose /usr/bin/cdctrl /usr/bin/cdda2mp3 /usr/bin/cdda2ogg /usr/bin/cdda2wav /usr/bin/cddb-slave2-properties /usr/bin/cdebootstrap /usr/bin/cdecl /usr/bin/cdeject /usr/bin/cdinfo /usr/bin/cdir /usr/bin/cdloop /usr/bin/cdown /usr/bin/cdparanoia /usr/bin/cdpause /usr/bin/cdplay /usr/bin/cdrbq /usr/bin/cdrdao /usr/bin/cdrecord /usr/bin/cdreset /usr/bin/cdrestore /usr/bin/cdrtoaster /usr/bin/cdshuffle /usr/bin/cdstop /usr/bin/cdtool2cddb /usr/bin/cdvolume /usr/bin/celestrongps /usr/bin/c++filt /usr/bin/cflow /usr/bin/cg_annotate /usr/bin/chage /usr/bin/charmap /usr/bin/charset /usr/bin/chattr /usr/bin/chcon /usr/bin/checkbash /usr/bin/checkbashisms /usr/bin/checkint /usr/bin/checkXML /usr/bin/cheops /usr/bin/cheops-ng /usr/bin/chfn /usr/bin/chilight /usr/bin/chkdupexe /usr/bin/chktri /usr/bin/chrootuid /usr/bin/chrt /usr/bin/chsh /usr/bin/chvt /usr/bin/ci /usr/bin/cjpeg /usr/bin/ckeygen /usr/bin/cksum /usr/bin/cleanlinks /usr/bin/clear /usr/bin/clear_console /usr/bin/cli /usr/bin/cli-gacutil /usr/bin/clips /usr/bin/cli-wrapper /usr/bin/clusterdb /usr/bin/cmp /usr/bin/cmuwmtopbm /usr/bin/co /usr/bin/cobfusc /usr/bin/codepage /usr/bin/col /usr/bin/colcrt /usr/bin/coldsync /usr/bin/collateindex.pl /usr/bin/colrm /usr/bin/column /usr/bin/combinediff /usr/bin/comm /usr/bin/compare /usr/bin/comp_err /usr/bin/compile_et /usr/bin/compose /usr/bin/composeglyphs /usr/bin/composite /usr/bin/compress /usr/bin/compress-dummy /usr/bin/conch /usr/bin/conchftp /usr/bin/conjure /usr/bin/consolechars /usr/bin/ControlPanel /usr/bin/convert /usr/bin/cpan /usr/bin/cpif /usr/bin/cpp /usr/bin/cpp-2.95 /usr/bin/cpp-3.2 /usr/bin/cpp-3.3 /usr/bin/cpp-4.0 /usr/bin/cpp-4.1 /usr/bin/cpp-4.2 /usr/bin/cpufreq-selector /usr/bin/create-branching-keyboard /usr/bin/createdb /usr/bin/createdisk /usr/bin/createlang /usr/bin/createuser /usr/bin/c_rehash /usr/bin/crontab /usr/bin/crossbow /usr/bin/cryptoflex-tool /usr/bin/cslatex /usr/bin/csplain /usr/bin/csplit /usr/bin/csslint-0.6 /usr/bin/cstr /usr/bin/csv2vcard /usr/bin/ctags /usr/bin/ctags.emacs21 /usr/bin/ctstat /usr/bin/cundecl /usr/bin/cunloop /usr/bin/cups-config /usr/bin/cupsdconf /usr/bin/cupsdisable /usr/bin/cupsdoprint /usr/bin/cupsenable /usr/bin/cupstestdsc /usr/bin/cupstestppd /usr/bin/curl /usr/bin/cut /usr/bin/cvs /usr/bin/cvsaskpass /usr/bin/cvs-debc /usr/bin/cvs-debi /usr/bin/cvs-debrelease /usr/bin/cvs-debuild /usr/bin/cvsservice /usr/bin/cvt /usr/bin/cw /usr/bin/cwgen /usr/bin/cxref /usr/bin/cxref-cc /usr/bin/cxref-cpp /usr/bin/cxref-cpp-configure /usr/bin/cxref-cpp.upstream /usr/bin/cxref-query /usr/bin/daemon /usr/bin/dasher /usr/bin/dash-search /usr/bin/datastat /usr/bin/db2dvi /usr/bin/db2html /usr/bin/db2pdf /usr/bin/db2ps /usr/bin/db2rtf /usr/bin/db3_archive /usr/bin/db3_checkpoint /usr/bin/db3_deadlock /usr/bin/db3_dump /usr/bin/db3_dump185 /usr/bin/db3_load /usr/bin/db3_printlog /usr/bin/db3_recover /usr/bin/db3_stat /usr/bin/db3_upgrade /usr/bin/db3_verify /usr/bin/db4.3_archive /usr/bin/db4.3_checkpoint /usr/bin/db4.3_deadlock /usr/bin/db4.3_dump /usr/bin/db4.3_load /usr/bin/db4.3_printlog /usr/bin/db4.3_recover /usr/bin/db4.3_stat /usr/bin/db4.3_upgrade /usr/bin/db4.3_verify /usr/bin/db_archive /usr/bin/db_checkpoint /usr/bin/db_deadlock /usr/bin/db_dump /usr/bin/db_dump185 /usr/bin/dbforge2.byte /usr/bin/dbforge2.gui.byte /usr/bin/dbilogstrip /usr/bin/dbiprof /usr/bin/dbiproxy /usr/bin/db_load /usr/bin/dbmmanage /usr/bin/db_printlog /usr/bin/db_recover /usr/bin/dbs-edit-patch /usr/bin/db_stat /usr/bin/dbus-binding-tool /usr/bin/dbus-cleanup-sockets /usr/bin/dbus-daemon /usr/bin/dbus-launch /usr/bin/dbus-monitor /usr/bin/dbus-send /usr/bin/dbus-uuidgen /usr/bin/dbverify /usr/bin/dc /usr/bin/dcalc /usr/bin/dcat /usr/bin/dch /usr/bin/dcop /usr/bin/dcopclient /usr/bin/dcopfind /usr/bin/dcopidl /usr/bin/dcopidl2cpp /usr/bin/dcopidlng /usr/bin/dcopobject /usr/bin/dcopquit /usr/bin/dcopref /usr/bin/dcopserver /usr/bin/dcopserver_shutdown /usr/bin/dcopstart /usr/bin/ddate /usr/bin/ddd /usr/bin/dd-list /usr/bin/deallocvt /usr/bin/debc /usr/bin/debchange /usr/bin/debcheckout /usr/bin/debclean /usr/bin/debcommit /usr/bin/debconf /usr/bin/debconf-apt-progress /usr/bin/debconf-communicate /usr/bin/debconf-copydb /usr/bin/debconf-escape /usr/bin/debconf-getlang /usr/bin/debconf-get-selections /usr/bin/debconf-gettextize /usr/bin/debconf-loadtemplate /usr/bin/debconf-mergetemplate /usr/bin/debconf-set-selections /usr/bin/debconf-show /usr/bin/debconf-updatepo /usr/bin/debdiff /usr/bin/debget /usr/bin/debi /usr/bin/debiandoc2docbookxml /usr/bin/debiandoc2dvi /usr/bin/debiandoc2html /usr/bin/debiandoc2info /usr/bin/debiandoc2latex /usr/bin/debiandoc2latexdvi /usr/bin/debiandoc2latexpdf /usr/bin/debiandoc2latexps /usr/bin/debiandoc2pdf /usr/bin/debiandoc2ps /usr/bin/debiandoc2sgml /usr/bin/debiandoc2texinfo /usr/bin/debiandoc2text /usr/bin/debiandoc2textov /usr/bin/debiandoc2wiki /usr/bin/debiandoc2xml /usr/bin/debian-mirrors /usr/bin/debman /usr/bin/debmany /usr/bin/debmirror /usr/bin/deborphan /usr/bin/debpkg /usr/bin/debrelease /usr/bin/deb-reversion /usr/bin/debrsign /usr/bin/debsecan /usr/bin/debsign /usr/bin/debstd /usr/bin/debsums /usr/bin/debuild /usr/bin/debuild-pbuilder /usr/bin/defoma /usr/bin/defoma-app /usr/bin/defoma-font /usr/bin/defoma-hints /usr/bin/defoma-id /usr/bin/defoma-psfont-installer /usr/bin/defoma-subst /usr/bin/defoma-user /usr/bin/degrep /usr/bin/dehtmldiff /usr/bin/delpart /usr/bin/desktop-check-mime-types /usr/bin/desktop-file-install /usr/bin/desktop-file-validate /usr/bin/devdump /usr/bin/dexconf /usr/bin/dfgrep /usr/bin/dga /usr/bin/dget /usr/bin/dglob /usr/bin/dgrep /usr/bin/dh_builddeb /usr/bin/dh_clean /usr/bin/dh_compress /usr/bin/dh_desktop /usr/bin/dh_fixperms /usr/bin/dh_gconf /usr/bin/dh_gencontrol /usr/bin/dh_gstscancodecs /usr/bin/dh_gtkmodules /usr/bin/dh_icons /usr/bin/dh_install /usr/bin/dh_installcatalogs /usr/bin/dh_installchangelogs /usr/bin/dh_installcron /usr/bin/dh_installdeb /usr/bin/dh_installdebconf /usr/bin/dh_installdefoma /usr/bin/dh_installdirs /usr/bin/dh_installdocs /usr/bin/dh_installemacsen /usr/bin/dh_installexamples /usr/bin/dh_installifupdown /usr/bin/dh_installinfo /usr/bin/dh_installinit /usr/bin/dh_installkpatches /usr/bin/dh_installlogcheck /usr/bin/dh_installlogrotate /usr/bin/dh_installman /usr/bin/dh_installmanpages /usr/bin/dh_installmenu /usr/bin/dh_installmime /usr/bin/dh_installmodules /usr/bin/dh_installpam /usr/bin/dh_installppp /usr/bin/dh_installtex /usr/bin/dh_installudev /usr/bin/dh_installwm /usr/bin/dh_installxfonts /usr/bin/dh_installxmlcatalogs /usr/bin/dh_link /usr/bin/dh_listpackages /usr/bin/dh_make /usr/bin/dh-make-perl /usr/bin/dh_makeshlibs /usr/bin/dh_md5sums /usr/bin/dh_movefiles /usr/bin/dh_pangomodules /usr/bin/dh_perl /usr/bin/dh_pycentral /usr/bin/dh_pysupport /usr/bin/dh_python /usr/bin/dh_scrollkeeper /usr/bin/dh_shlibdeps /usr/bin/dh_strip /usr/bin/dh_suidregister /usr/bin/dh_testdir /usr/bin/dh_testroot /usr/bin/dh_testversion /usr/bin/dh_undocumented /usr/bin/dh_usrlocal /usr/bin/dia /usr/bin/dia-gnome /usr/bin/dialog /usr/bin/dia-normal /usr/bin/dict /usr/bin/dictl /usr/bin/diff /usr/bin/diff3 /usr/bin/diffpp /usr/bin/diffstat /usr/bin/dig /usr/bin/dircolors /usr/bin/directomatic /usr/bin/dirmngr /usr/bin/dirmngr-client /usr/bin/dirname /usr/bin/dirsplit /usr/bin/discover-config /usr/bin/disdvi /usr/bin/diskd /usr/bin/diskseekd /usr/bin/disk_sreset /usr/bin/disk_stat /usr/bin/display /usr/bin/djpeg /usr/bin/djscript /usr/bin/dls /usr/bin/dnet-config /usr/bin/dns_browse /usr/bin/dns-helper /usr/bin/dns_tree /usr/bin/docbook2dvi /usr/bin/docbook2html /usr/bin/docbook2man /usr/bin/docbook2pdf /usr/bin/docbook2ps /usr/bin/docbook2rtf /usr/bin/docbook2tex /usr/bin/docbook2texi /usr/bin/docbook2txt /usr/bin/docbook-to-man /usr/bin/dos2unix /usr/bin/dotlockfile /usr/bin/do_unlinks /usr/bin/doxygen /usr/bin/doxytag /usr/bin/dpatch /usr/bin/dpatch-convert-diffgz /usr/bin/dpatch-cowdancer-patch /usr/bin/dpatch-edit-patch /usr/bin/dpatch-get-origtargz /usr/bin/dpatch-list-patch /usr/bin/dpigs /usr/bin/dpkg /usr/bin/dpkg-architecture /usr/bin/dpkg-awk /usr/bin/dpkg-buildpackage /usr/bin/dpkg-checkbuilddeps /usr/bin/dpkg-deb /usr/bin/dpkg-depcheck /usr/bin/dpkg-distaddfile /usr/bin/dpkg-genbuilddeps /usr/bin/dpkg-genchanges /usr/bin/dpkg-gencontrol /usr/bin/dpkg-name /usr/bin/dpkg-parsechangelog /usr/bin/dpkg-query /usr/bin/dpkg-scanpackages /usr/bin/dpkg-scansources /usr/bin/dpkg-shlibdeps /usr/bin/dpkg-source /usr/bin/dpkg-split /usr/bin/dprofpp /usr/bin/dpsch-auto-cronapt /usr/bin/dpsch-backupclean /usr/bin/dpsch-cvsclean /usr/bin/dpsch-gencvsignore /usr/bin/dpsch-gendepends /usr/bin/dpsch-genpkg /usr/bin/dpsch-installcfengine /usr/bin/dpsch-installcronapt /usr/bin/dpsch-installgroups /usr/bin/dpsch-installpatch /usr/bin/dpsch-installskel /usr/bin/dpsch-installuserpatch /usr/bin/dpsch-installusers /usr/bin/dpsch-installuserskel /usr/bin/dpsch-listbinpkgs /usr/bin/dpsch-showfirstbinpkg /usr/bin/dpsyco-applypatch /usr/bin/dpsyco-patch /usr/bin/dpsyco-skel /usr/bin/dropdb /usr/bin/droplang /usr/bin/dropuser /usr/bin/dscverify /usr/bin/dselect /usr/bin/du /usr/bin/dumbnet-config /usr/bin/dumpcap /usr/bin/dumphint /usr/bin/dumpiso /usr/bin/dumpkeys /usr/bin/dupload /usr/bin/dvd-ram-control /usr/bin/dvd+rw-booktype /usr/bin/dvd+rw-format /usr/bin/dvd+rw-mediainfo /usr/bin/dvi2fax /usr/bin/dvi2tty /usr/bin/dvidvi /usr/bin/dvigif /usr/bin/dvipdf /usr/bin/dvipdfm /usr/bin/dvipdfmx /usr/bin/dvipdft /usr/bin/dvipng /usr/bin/dvips /usr/bin/dvired /usr/bin/dzgrep /usr/bin/easy_install /usr/bin/easy_install-2.4 /usr/bin/easy_install-2.5 /usr/bin/ebb /usr/bin/ebrowse /usr/bin/ebrowse.emacs21 /usr/bin/echo-client-2 /usr/bin/edit /usr/bin/editcap /usr/bin/editdiff /usr/bin/editor /usr/bin/editres /usr/bin/efax /usr/bin/efix /usr/bin/efstool /usr/bin/eidenv /usr/bin/eject /usr/bin/ekiga /usr/bin/ekiga-config-tool /usr/bin/elinks /usr/bin/emacs /usr/bin/emacs21 /usr/bin/emacs21-x /usr/bin/emacsclient /usr/bin/emacsclient.emacs21 /usr/bin/enc2xs /usr/bin/enchant /usr/bin/enchant-lsmod /usr/bin/enscript /usr/bin/entrigraph /usr/bin/env /usr/bin/envsubst /usr/bin/eog /usr/bin/eperl /usr/bin/epiphany /usr/bin/epiphany-browser /usr/bin/eps2eps /usr/bin/epsffit /usr/bin/eqn /usr/bin/eqn2graph /usr/bin/erb1.8 /usr/bin/esd /usr/bin/esd-config /usr/bin/espeak /usr/bin/espeak-synthesis-driver /usr/bin/etags /usr/bin/etags.emacs21 /usr/bin/etex /usr/bin/etherape /usr/bin/ethstatus /usr/bin/euro-test /usr/bin/eventlogadm /usr/bin/evince /usr/bin/evince-thumbnailer /usr/bin/evolution /usr/bin/evolution-addressbook-export /usr/bin/ex /usr/bin/exif /usr/bin/exifautotran /usr/bin/expand /usr/bin/expiry /usr/bin/expr /usr/bin/extcheck /usr/bin/extlinux /usr/bin/extract_a52 /usr/bin/extractkmdr /usr/bin/extractres /usr/bin/ext_skel /usr/bin/eyuvtoppm /usr/bin/factor /usr/bin/faillog /usr/bin/faked-sysv /usr/bin/faked-tcp /usr/bin/fakeroot /usr/bin/fakeroot-sysv /usr/bin/fakeroot-tcp /usr/bin/fax /usr/bin/fax2ps /usr/bin/fax2tiff /usr/bin/fbxine /usr/bin/fc-cache /usr/bin/fc-cat /usr/bin/fc-list /usr/bin/fc-match /usr/bin/fdformat /usr/bin/fdlist /usr/bin/fdmount /usr/bin/fdmountd /usr/bin/fdrawcmd /usr/bin/fdumount /usr/bin/fdupes /usr/bin/feedbrowser /usr/bin/festival /usr/bin/festival_client /usr/bin/festival-synthesis-driver /usr/bin/fetchmail /usr/bin/ffind /usr/bin/ffmpeg /usr/bin/ffplay /usr/bin/ffserver /usr/bin/fiascotopnm /usr/bin/fig2dev /usr/bin/fig2mpdf /usr/bin/fig2ps2tex /usr/bin/filan /usr/bin/file /usr/bin/file-roller /usr/bin/filesharelist /usr/bin/fileshareset /usr/bin/filterdiff /usr/bin/finch /usr/bin/find /usr/bin/find2perl /usr/bin/findaffix /usr/bin/findsmb /usr/bin/finger /usr/bin/firefox /usr/bin/fitstopnm /usr/bin/fix_bs_and_del /usr/bin/fixcvsdiff /usr/bin/fixdlsrps /usr/bin/fixfmps /usr/bin/fixincludes /usr/bin/fixmacps /usr/bin/fixnt /usr/bin/fixps /usr/bin/fixpsditps /usr/bin/fixpspps /usr/bin/fixscribeps /usr/bin/fixtpps /usr/bin/fixwfwps /usr/bin/fixwpps /usr/bin/fixwwps /usr/bin/flac /usr/bin/flashrom /usr/bin/flex /usr/bin/flex++ /usr/bin/fliccd /usr/bin/flipdiff /usr/bin/fliwheel /usr/bin/flock /usr/bin/floppycontrol /usr/bin/floppymeter /usr/bin/fls /usr/bin/fmt /usr/bin/fmtutil /usr/bin/fmtutil-sys /usr/bin/fold /usr/bin/font2c /usr/bin/font2psf /usr/bin/fontinst /usr/bin/fontname /usr/bin/fontprop /usr/bin/foomatic-combo-xml /usr/bin/foomatic-compiledb /usr/bin/foomatic-configure /usr/bin/foomatic-datafile /usr/bin/foomatic-gswrapper /usr/bin/foomatic-perl-data /usr/bin/foomatic-ppdfile /usr/bin/foomatic-ppd-options /usr/bin/foomatic-printjob /usr/bin/foomatic-rip /usr/bin/formail /usr/bin/fping /usr/bin/fping6 /usr/bin/free /usr/bin/freetype-config /usr/bin/fribidi /usr/bin/fribidi-config /usr/bin/from /usr/bin/fromdos /usr/bin/fslsfonts /usr/bin/fsstat /usr/bin/fstobdf /usr/bin/fstopgm /usr/bin/ftdump1 /usr/bin/fterror /usr/bin/ftlint1 /usr/bin/ftmetric /usr/bin/ftp /usr/bin/ftpcount /usr/bin/ftpdctl /usr/bin/ftptop /usr/bin/ftpwho /usr/bin/ftsbit /usr/bin/ftstring1 /usr/bin/ftstrpnm /usr/bin/ftstrtto /usr/bin/fttimer1 /usr/bin/ftview1 /usr/bin/ftzoom /usr/bin/funzip /usr/bin/g++ /usr/bin/g3topbm /usr/bin/g++-4.1 /usr/bin/gacutil /usr/bin/gaim /usr/bin/gaim-remote /usr/bin/gaim-send /usr/bin/gaim-send-async /usr/bin/gaim-text /usr/bin/gaim-url-handler /usr/bin/gamma4scanimage /usr/bin/gapi2-codegen /usr/bin/gapi2-fixup /usr/bin/gapi2-parser /usr/bin/gawk /usr/bin/gcalctool /usr/bin/gcc /usr/bin/gcc-2.95 /usr/bin/gcc-3.2 /usr/bin/gcc-3.3 /usr/bin/gcc-4.0 /usr/bin/gcc-4.1 /usr/bin/gcc-4.2 /usr/bin/gccbug-3.2 /usr/bin/gccbug-3.3 /usr/bin/gccbug-4.0 /usr/bin/gccbug-4.1 /usr/bin/gccmakedep /usr/bin/gconfd-1 /usr/bin/gconf-editor /usr/bin/gconfigger /usr/bin/gconf-merge-tree /usr/bin/gconf-sanity-check-1 /usr/bin/gconfsharp2-schemagen /usr/bin/gconftool /usr/bin/gconftool-1 /usr/bin/gconftool-2 /usr/bin/gcore /usr/bin/gcov /usr/bin/gcov-2.95 /usr/bin/gcov-3.2 /usr/bin/gcov-3.3 /usr/bin/gcov-4.0 /usr/bin/gcov-4.1 /usr/bin/gcov-4.2 /usr/bin/gcvs /usr/bin/gdb /usr/bin/gdbserver /usr/bin/gdbtui /usr/bin/gdialog /usr/bin/gdk-pixbuf-csource /usr/bin/gdk-pixbuf-query-loaders /usr/bin/gdlib-config /usr/bin/gdm-dmx-reconnect-proxy /usr/bin/gdmdynamic /usr/bin/gdmflexiserver /usr/bin/gdmphotosetup /usr/bin/gdmthemetester /usr/bin/gdmXnest /usr/bin/gdmXnestchooser /usr/bin/gedit /usr/bin/gemtopbm /usr/bin/gemtopnm /usr/bin/gencat /usr/bin/gendiff /usr/bin/genisoimage /usr/bin/gensgmlenv /usr/bin/geqn /usr/bin/GET /usr/bin/getafm /usr/bin/getafm-freetype /usr/bin/getconf /usr/bin/get-edid /usr/bin/geteltorito /usr/bin/getent /usr/bin/getfdprm /usr/bin/gethostip /usr/bin/getkeycodes /usr/bin/getls-lR /usr/bin/getnonfreefonts /usr/bin/getnonfreefonts-sys /usr/bin/getopt /usr/bin/getpeername /usr/bin/gettext /usr/bin/gettextize /usr/bin/gettext.sh /usr/bin/gfloppy /usr/bin/gfplus /usr/bin/gfserver /usr/bin/gftodvi /usr/bin/gftopk /usr/bin/gftype /usr/bin/gif2tiff /usr/bin/giftopnm /usr/bin/gimp /usr/bin/gimp-2.4 /usr/bin/gimp-console /usr/bin/gimp-console-2.4 /usr/bin/gimpprint-config /usr/bin/gimp-remote /usr/bin/gimp-remote-2.4 /usr/bin/ginstall-info /usr/bin/gkrellm /usr/bin/gksu /usr/bin/gksudo /usr/bin/gksu-properties /usr/bin/glade-3 /usr/bin/glewinfo /usr/bin/glib-config /usr/bin/glib-genmarshal /usr/bin/glib-gettextize /usr/bin/glib-mkenums /usr/bin/gmcs /usr/bin/gmenu-simple-editor /usr/bin/gmplayer /usr/bin/gnomad2 /usr/bin/gnome-about /usr/bin/gnome-about-me /usr/bin/gnome-accessibility-keyboard-properties /usr/bin/gnome-appearance-properties /usr/bin/gnome-at-mobility /usr/bin/gnome-at-properties /usr/bin/gnome-at-visual /usr/bin/gnome-audio-profiles-properties /usr/bin/gnomebaker /usr/bin/gnome-brightness-applet /usr/bin/gnome-bug /usr/bin/gnome-calculator /usr/bin/gnome-cd /usr/bin/gnome-character-map /usr/bin/gnome-control-center /usr/bin/gnome-cups-add /usr/bin/gnome-cups-icon /usr/bin/gnome-cups-manager /usr/bin/gnome-db2html /usr/bin/gnome-default-applications-properties /usr/bin/gnome-desktop-item-edit /usr/bin/gnome-dictionary /usr/bin/gnome-display-properties /usr/bin/gnome-doc /usr/bin/gnome-doc-prepare /usr/bin/gnome-doc-tool /usr/bin/gnome-dump-metadata /usr/bin/gnome-dupload /usr/bin/gnome-eject /usr/bin/gnome-font-install /usr/bin/gnome-font-viewer /usr/bin/gnome-gen-mimedb /usr/bin/gnome-help /usr/bin/gnome-inhibit-applet /usr/bin/gnome-keybinding-properties /usr/bin/gnome-keyboard-properties /usr/bin/gnome-keyring-daemon /usr/bin/gnome-keyring-manager /usr/bin/gnome-make-tartar /usr/bin/gnomemeeting /usr/bin/gnomemeeting-config-tool /usr/bin/gnome-menu-spec-test /usr/bin/gnome-mkstub /usr/bin/gnome-mount /usr/bin/gnome-mouse-properties /usr/bin/gnome-moz-remote /usr/bin/gnome-name-service /usr/bin/gnome-nettool /usr/bin/gnome-network-preferences /usr/bin/gnome-open /usr/bin/gnome-panel /usr/bin/gnome-panel-screenshot /usr/bin/gnome-pilot-make-password /usr/bin/gnome-power-bugreport.sh /usr/bin/gnome-power-cmd.sh /usr/bin/gnome-power-manager /usr/bin/gnome-power-preferences /usr/bin/gnome-power-statistics /usr/bin/gnome-screensaver /usr/bin/gnome-screensaver-command /usr/bin/gnome-screensaver-preferences /usr/bin/gnome-screenshot /usr/bin/gnome-search-tool /usr/bin/gnome_segv /usr/bin/gnome-session /usr/bin/gnome-session-properties /usr/bin/gnome-session-remove /usr/bin/gnome-session-save /usr/bin/gnome-settings-daemon /usr/bin/gnome-sound-properties /usr/bin/gnome-sound-recorder /usr/bin/gnome-system-log /usr/bin/gnome-system-monitor /usr/bin/gnome-terminal /usr/bin/gnome-terminal.wrapper /usr/bin/gnome-text-editor /usr/bin/gnome-theme-thumbnailer /usr/bin/gnome-thumbnail-font /usr/bin/gnome-typing-monitor /usr/bin/gnome-umount /usr/bin/gnomevfs-cat /usr/bin/gnomevfs-copy /usr/bin/gnomevfs-df /usr/bin/gnomevfs-info /usr/bin/gnomevfs-ls /usr/bin/gnomevfs-mkdir /usr/bin/gnomevfs-monitor /usr/bin/gnomevfs-mv /usr/bin/gnomevfs-rm /usr/bin/gnome-video-thumbnailer /usr/bin/gnome-volume-control /usr/bin/gnome-volume-manager /usr/bin/gnome-volume-manager-gthumb /usr/bin/gnome-volume-properties /usr/bin/gnome-window-properties /usr/bin/gnome-wm /usr/bin/gnome-www-browser /usr/bin/gnopernicus /usr/bin/gnopernicus-mag-config /usr/bin/gnumeric /usr/bin/gnuplot /usr/bin/goad-browser /usr/bin/gobject-query /usr/bin/gok /usr/bin/gouldtoppm /usr/bin/gparted /usr/bin/gpasswd /usr/bin/gpdf /usr/bin/gpg /usr/bin/gpg2 /usr/bin/gpg-agent /usr/bin/gpgconf /usr/bin/gpg-connect-agent /usr/bin/gpg-convert-from-106 /usr/bin/gpg-error /usr/bin/gpg-error-config /usr/bin/gpg-key2ps /usr/bin/gpgkey2ssh /usr/bin/gpglist /usr/bin/gpg-mailkeys /usr/bin/gpgp /usr/bin/gpgsigs /usr/bin/gpgsm /usr/bin/gpgsm-gencert.sh /usr/bin/gpgsplit /usr/bin/gpgv /usr/bin/gpgv2 /usr/bin/gpg-zip /usr/bin/gpic /usr/bin/gpilot-applet /usr/bin/gpilotd /usr/bin/gpilotd-control-applet /usr/bin/gpilotd-session-wrapper /usr/bin/gpilot-install-file /usr/bin/gprof /usr/bin/gqcam /usr/bin/grep-aptavail /usr/bin/grep-available /usr/bin/grep-changelog /usr/bin/grep-changelog.emacs21 /usr/bin/grep-dctrl /usr/bin/grepdiff /usr/bin/grep-excuses /usr/bin/grep-status /usr/bin/gretl /usr/bin/gretlcli /usr/bin/gretl_x11 /usr/bin/grip /usr/bin/grn /usr/bin/grodvi /usr/bin/groff /usr/bin/groffer /usr/bin/grog /usr/bin/grolbp /usr/bin/grolj4 /usr/bin/grops /usr/bin/grotty /usr/bin/groups /usr/bin/growisofs /usr/bin/gs /usr/bin/gsbj /usr/bin/gsdj /usr/bin/gsdj500 /usr/bin/gs-esp /usr/bin/gsftopk /usr/bin/gs-gpl /usr/bin/gshell /usr/bin/gslj /usr/bin/gslp /usr/bin/gsnd /usr/bin/gst-complete-0.8 /usr/bin/gst-compprep-0.8 /usr/bin/gst-feedback /usr/bin/gst-feedback-0.10 /usr/bin/gst-feedback-0.8 /usr/bin/gst-inspect /usr/bin/gst-inspect-0.10 /usr/bin/gst-inspect-0.8 /usr/bin/gst-launch /usr/bin/gst-launch-0.10 /usr/bin/gst-launch-0.8 /usr/bin/gst-launch-ext-0.8 /usr/bin/gst-md5sum-0.8 /usr/bin/gstreamer-properties /usr/bin/gst-register-0.8 /usr/bin/gst-typefind /usr/bin/gst-typefind-0.10 /usr/bin/gst-typefind-0.8 /usr/bin/gst-visualise-0.8 /usr/bin/gst-xmlinspect /usr/bin/gst-xmlinspect-0.10 /usr/bin/gst-xmlinspect-0.8 /usr/bin/gst-xmllaunch /usr/bin/gst-xmllaunch-0.10 /usr/bin/gst-xmllaunch-0.8 /usr/bin/gtbl /usr/bin/gtf /usr/bin/gthumb /usr/bin/gtk-builder-convert /usr/bin/gtk-config /usr/bin/gtk-query-immodules-2.0 /usr/bin/gtk-sharp2-examples-list /usr/bin/gtk-update-icon-cache /usr/bin/gtranslator /usr/bin/guards /usr/bin/gucharmap /usr/bin/gv /usr/bin/gxditview /usr/bin/gxine /usr/bin/gxine_client /usr/bin/h2ph /usr/bin/h2xs /usr/bin/hal-device /usr/bin/hal-disable-polling /usr/bin/hal-find-by-capability /usr/bin/hal-find-by-property /usr/bin/hal-get-property /usr/bin/hal-is-caller-locked-out /usr/bin/hal-lock /usr/bin/hal-set-property /usr/bin/hattrib /usr/bin/hbf2gf /usr/bin/hcd /usr/bin/hcopy /usr/bin/hd /usr/bin/hdel /usr/bin/hdir /usr/bin/head /usr/bin/HEAD /usr/bin/help2man /usr/bin/helpztags /usr/bin/hexdump /usr/bin/hfind /usr/bin/hformat /usr/bin/hipstopgm /usr/bin/hls /usr/bin/hman /usr/bin/hmkdir /usr/bin/hmount /usr/bin/host /usr/bin/hostid /usr/bin/hp-align /usr/bin/hp-clean /usr/bin/hp-colorcal /usr/bin/hp-fab /usr/bin/hpftodit /usr/bin/hpijs /usr/bin/hp-info /usr/bin/hp-levels /usr/bin/hp-makecopies /usr/bin/hp-makeuri /usr/bin/hp-print /usr/bin/hp-probe /usr/bin/hp-sendfax /usr/bin/hpset /usr/bin/hp-setup /usr/bin/hp-testpage /usr/bin/hp-timedate /usr/bin/hp-toolbox /usr/bin/hp-unload /usr/bin/hpwd /usr/bin/hrename /usr/bin/hrmdir /usr/bin/hspell /usr/bin/hspell-i /usr/bin/hsqldb-databasemanager /usr/bin/hsqldb-databasemanagerswing /usr/bin/hsqldb-querytool /usr/bin/hsqldb-sqltool /usr/bin/hsqldb-transfer /usr/bin/ht /usr/bin/htdb_dump /usr/bin/htdb_load /usr/bin/htdbm /usr/bin/htdb_stat /usr/bin/htdig /usr/bin/htdigest /usr/bin/htdig-pdfparser /usr/bin/htdump /usr/bin/HtFileType /usr/bin/htfuzzy /usr/bin/htlatex /usr/bin/htload /usr/bin/htmerge /usr/bin/html2png /usr/bin/html2text /usr/bin/HtmlConverter /usr/bin/htmltoc /usr/bin/htnotify /usr/bin/htpasswd /usr/bin/htpurge /usr/bin/htstat /usr/bin/httex /usr/bin/httexi /usr/bin/httpcfg /usr/bin/httpush /usr/bin/humount /usr/bin/hvol /usr/bin/hyperlatex /usr/bin/i2e /usr/bin/i2e-cli /usr/bin/i386 /usr/bin/i386-linux-cpp-3.2 /usr/bin/i386-linux-gcc-3.2 /usr/bin/i486-linux-gnu-cpp /usr/bin/i486-linux-gnu-cpp-3.3 /usr/bin/i486-linux-gnu-cpp-4.0 /usr/bin/i486-linux-gnu-cpp-4.1 /usr/bin/i486-linux-gnu-cpp-4.2 /usr/bin/i486-linux-gnu-g++ /usr/bin/i486-linux-gnu-g++-4.1 /usr/bin/i486-linux-gnu-gcc /usr/bin/i486-linux-gnu-gcc-3.3 /usr/bin/i486-linux-gnu-gcc-4.0 /usr/bin/i486-linux-gnu-gcc-4.1 /usr/bin/i486-linux-gnu-gcc-4.2 /usr/bin/ical2vcal /usr/bin/icat /usr/bin/icat-sleuthkit /usr/bin/iceape /usr/bin/iceauth /usr/bin/icedax /usr/bin/icedove /usr/bin/iceweasel /usr/bin/ico /usr/bin/icombine /usr/bin/icontopbm /usr/bin/iconv /usr/bin/iconx /usr/bin/id /usr/bin/id3tool /usr/bin/ident /usr/bin/identify /usr/bin/idlj /usr/bin/ifind /usr/bin/ifnames /usr/bin/ifnames2.13 /usr/bin/igal /usr/bin/igawk /usr/bin/ijoin /usr/bin/ilasm2 /usr/bin/ilbmtoppm /usr/bin/ils /usr/bin/ils-sleuthkit /usr/bin/im /usr/bin/imagetops /usr/bin/imake /usr/bin/img_cat /usr/bin/imgsize /usr/bin/img_stat /usr/bin/imgtoppm /usr/bin/imlib-config /usr/bin/imlib-config.distrib /usr/bin/import /usr/bin/includeres /usr/bin/indent /usr/bin/indiserver /usr/bin/indxbib /usr/bin/info /usr/bin/infobrowser /usr/bin/infocmp /usr/bin/infokey /usr/bin/infotocap /usr/bin/innochecksum /usr/bin/innotop /usr/bin/install /usr/bin/install-menu /usr/bin/instant /usr/bin/instmodsh /usr/bin/interdiff /usr/bin/intltool-extract /usr/bin/intltoolize /usr/bin/intltool-merge /usr/bin/intltool-prepare /usr/bin/intltool-update /usr/bin/invest-chart /usr/bin/ionice /usr/bin/iostat /usr/bin/ipcalc /usr/bin/ipcrm /usr/bin/ipcs /usr/bin/ipv4calc /usr/bin/irb1.8 /usr/bin/irc /usr/bin/ircII /usr/bin/iselect /usr/bin/isodump /usr/bin/isoinfo /usr/bin/isovfy /usr/bin/ispell /usr/bin/ispell-wrapper /usr/bin/isql /usr/bin/istat /usr/bin/itclsh /usr/bin/itclsh3.1 /usr/bin/iusql /usr/bin/jack_bufsize /usr/bin/jack_connect /usr/bin/jackd /usr/bin/jack_disconnect /usr/bin/jack_freewheel /usr/bin/jack_impulse_grabber /usr/bin/jack_load /usr/bin/jack_lsp /usr/bin/jack_metro /usr/bin/jack_midiseq /usr/bin/jack_midisine /usr/bin/jack_monitor_client /usr/bin/jackrec /usr/bin/jack_showtime /usr/bin/jack_simple_client /usr/bin/jack_unload /usr/bin/jade /usr/bin/jadetex /usr/bin/jailtest /usr/bin/jar /usr/bin/jarsigner /usr/bin/java /usr/bin/javac /usr/bin/javadoc /usr/bin/javah /usr/bin/javap /usr/bin/javaws /usr/bin/jcat /usr/bin/jdb /usr/bin/jhead /usr/bin/jls /usr/bin/jmacs /usr/bin/joe /usr/bin/join /usr/bin/jpegexiforient /usr/bin/jpegtopnm /usr/bin/jpegtran /usr/bin/jpico /usr/bin/jstar /usr/bin/juk /usr/bin/jw /usr/bin/kab2kabc /usr/bin/kabc2mutt /usr/bin/kaddprinterwizard /usr/bin/kaddressbook /usr/bin/kalarm /usr/bin/kalarmd /usr/bin/kalzium /usr/bin/kandy /usr/bin/kandy_client /usr/bin/kappfinder /usr/bin/karbon /usr/bin/karm /usr/bin/kate /usr/bin/kbabel /usr/bin/kbabeldict /usr/bin/kbd-config /usr/bin/kbd_mode /usr/bin/kbruch /usr/bin/kbuildsycoca /usr/bin/kbxutil /usr/bin/kcalc /usr/bin/kcharselect /usr/bin/kchart /usr/bin/kcmshell /usr/bin/kcolorchooser /usr/bin/kcoloredit /usr/bin/kconfig_compiler /usr/bin/kconf_update /usr/bin/kcontroledit /usr/bin/kcookiejar /usr/bin/kcron /usr/bin/kdat /usr/bin/kde-config /usr/bin/kded /usr/bin/kdeinit /usr/bin/kdeinit_shutdown /usr/bin/kdeinit_wrapper /usr/bin/kde-menu /usr/bin/kdesu_stub /usr/bin/kdf /usr/bin/kdict /usr/bin/kdoc /usr/bin/kdontchangethehostname /usr/bin/kdostartupconfig /usr/bin/kdvi /usr/bin/kedit /usr/bin/keylookup /usr/bin/keytool /usr/bin/kfax /usr/bin/kfile /usr/bin/kfilereplace /usr/bin/kfind /usr/bin/kfloppy /usr/bin/kfmexec /usr/bin/kformula /usr/bin/kget /usr/bin/kghostview /usr/bin/kgpg /usr/bin/kgrantpty /usr/bin/khangman /usr/bin/khc_docbookdig.pl /usr/bin/khc_htdig.pl /usr/bin/khc_htsearch.pl /usr/bin/khc_indexbuilder /usr/bin/khc_mansearch.pl /usr/bin/khelpcenter /usr/bin/khexedit /usr/bin/khotnewstuff /usr/bin/kiconedit /usr/bin/kig /usr/bin/killall /usr/bin/kinstalltheme /usr/bin/kioexec /usr/bin/kio_http_cache_cleaner /usr/bin/kioslave /usr/bin/kio_uiserver /usr/bin/kitchensync /usr/bin/kiten /usr/bin/kitengen /usr/bin/kivio /usr/bin/kjots /usr/bin/klaptop_acpi_helper /usr/bin/klaptop_check /usr/bin/klatin /usr/bin/klauncher /usr/bin/klettres /usr/bin/klinkstatus /usr/bin/klipper /usr/bin/kmailservice /usr/bin/kmdr2po /usr/bin/kmdr-editor /usr/bin/kmdr-executor /usr/bin/kmdr-plugins /usr/bin/kmenuedit /usr/bin/kmid /usr/bin/kmix /usr/bin/kmixctrl /usr/bin/kmplot /usr/bin/knode /usr/bin/knotes /usr/bin/koconverter /usr/bin/kodo /usr/bin/koi8rxterm /usr/bin/kolourpaint /usr/bin/kompmgr /usr/bin/konsole /usr/bin/konsolekalendar /usr/bin/kontact /usr/bin/kooka /usr/bin/kopete /usr/bin/kopete_latexconvert.sh /usr/bin/korgac /usr/bin/korganizer /usr/bin/kpac_dhcp_helper /usr/bin/kpackage /usr/bin/kpager /usr/bin/kpalmdoc /usr/bin/kpdf /usr/bin/kpercentage /usr/bin/kpilot /usr/bin/kpilotDaemon /usr/bin/kpm /usr/bin/kpovmodeler /usr/bin/kpseaccess /usr/bin/kpsepath /usr/bin/kpsereadlink /usr/bin/kpsestat /usr/bin/kpsetool /usr/bin/kpsewhere /usr/bin/kpsewhich /usr/bin/kpsexpand /usr/bin/krb5-config /usr/bin/krdc /usr/bin/krec /usr/bin/kregexpeditor /usr/bin/krfb /usr/bin/krfb_httpd /usr/bin/krossrunner /usr/bin/kruler /usr/bin/kscd /usr/bin/ksendbugmail /usr/bin/ksh /usr/bin/kshell /usr/bin/ksig /usr/bin/ksmserver /usr/bin/ksnapshot /usr/bin/kstars /usr/bin/kstartupconfig /usr/bin/ksvgtopng /usr/bin/ksync /usr/bin/ksysguard /usr/bin/ksysguardd /usr/bin/ksysv /usr/bin/ktelnetservice /usr/bin/ktimer /usr/bin/ktip /usr/bin/ktouch /usr/bin/ktradertest /usr/bin/kturtle /usr/bin/ktux /usr/bin/kudesigner /usr/bin/kugar /usr/bin/kuickshow /usr/bin/kunittestmodrunner /usr/bin/kuser /usr/bin/kverbos /usr/bin/kview /usr/bin/kviewshell /usr/bin/kvoctrain /usr/bin/kwalletmanager /usr/bin/kweatherreport /usr/bin/kweatherservice /usr/bin/kwifimanager /usr/bin/kwikdisk /usr/bin/kwin /usr/bin/kwin_killer_helper /usr/bin/kwin_rules_dialog /usr/bin/kwordquiz /usr/bin/kworldclock /usr/bin/kwrapper /usr/bin/kwrite /usr/bin/lame /usr/bin/last /usr/bin/lastb /usr/bin/lastlog /usr/bin/latex /usr/bin/latex2html /usr/bin/lcf /usr/bin/ld /usr/bin/ld86 /usr/bin/ldd /usr/bin/leaftoppm /usr/bin/less /usr/bin/lessecho /usr/bin/lessfile /usr/bin/lesskey /usr/bin/lesspipe /usr/bin/lex /usr/bin/lexgrog /usr/bin/lft /usr/bin/lft.db /usr/bin/lftp /usr/bin/lftpget /usr/bin/libart2-config /usr/bin/libgcrypt-config /usr/bin/libgnutls-config /usr/bin/libgnutls-extra-config /usr/bin/libIDL-config /usr/bin/libnetcfg /usr/bin/libnet-config /usr/bin/libpng12-config /usr/bin/libpng-config /usr/bin/libprelude-config /usr/bin/libtasn1-config /usr/bin/libtool /usr/bin/libtoolize /usr/bin/libusb-config /usr/bin/licensecheck /usr/bin/linda /usr/bin/line /usr/bin/link /usr/bin/linklint /usr/bin/links /usr/bin/links.main /usr/bin/lintian /usr/bin/lintian-info /usr/bin/linux /usr/bin/linux32 /usr/bin/linux64 /usr/bin/linuxdoc /usr/bin/linux_logo /usr/bin/linux.uml /usr/bin/lispmtopgm /usr/bin/list_audio_tracks /usr/bin/listres /usr/bin/list-unreleased /usr/bin/lkbib /usr/bin/llexec /usr/bin/llines /usr/bin/lndir /usr/bin/lnstat /usr/bin/lnusertemp /usr/bin/loadshlib /usr/bin/locale /usr/bin/localedef /usr/bin/locate /usr/bin/lockfile /usr/bin/lockfile-create /usr/bin/lockfile-remove /usr/bin/lockfile-touch /usr/bin/logger /usr/bin/logname /usr/bin/look /usr/bin/lookbib /usr/bin/lorder /usr/bin/lore /usr/bin/lp /usr/bin/lpoptions /usr/bin/lppasswd /usr/bin/lpq /usr/bin/lpr /usr/bin/lprm /usr/bin/lp_solve /usr/bin/lpstat /usr/bin/lrelease /usr/bin/lrelease-qt3 /usr/bin/lsattr /usr/bin/lsb_release /usr/bin/lsdev /usr/bin/lsdev.pl /usr/bin/lsdiff /usr/bin/lshal /usr/bin/lshw /usr/bin/lshw-gtk /usr/bin/lskpatches /usr/bin/lsof /usr/bin/lspci /usr/bin/lspgpot /usr/bin/lss16toppm /usr/bin/lsusb /usr/bin/ltrace /usr/bin/lua /usr/bin/lua50 /usr/bin/luac /usr/bin/luac50 /usr/bin/lua-config /usr/bin/lua-config50 /usr/bin/luit /usr/bin/lupdate /usr/bin/lupdate-qt3 /usr/bin/lwp-download /usr/bin/lwp-mirror /usr/bin/lwp-request /usr/bin/lwp-rget /usr/bin/lx200_16 /usr/bin/lx200autostar /usr/bin/lx200basic /usr/bin/lx200classic /usr/bin/lx200generic /usr/bin/lx200gps /usr/bin/lxterm /usr/bin/lynx /usr/bin/lynx.stable /usr/bin/lz /usr/bin/lzop /usr/bin/m4 /usr/bin/macptopbm /usr/bin/mactime /usr/bin/mactime-sleuthkit /usr/bin/mad /usr/bin/madison-lite /usr/bin/mag /usr/bin/magnifier /usr/bin/mail /usr/bin/Mail /usr/bin/mail-files /usr/bin/mail-lock /usr/bin/mailmail /usr/bin/mailq /usr/bin/mailshar /usr/bin/mailstat /usr/bin/mail-touchlock /usr/bin/mail-unlock /usr/bin/mailx /usr/bin/make /usr/bin/makedepend /usr/bin/make_driver_db_cups /usr/bin/make_driver_db_lpr /usr/bin/makeg /usr/bin/makeindex /usr/bin/makeinfo /usr/bin/makekdedoc /usr/bin/makekdewidgets /usr/bin/make-kpkg /usr/bin/make-memtest86-boot-floppy /usr/bin/makepasswd /usr/bin/makestrs /usr/bin/man /usr/bin/man2html /usr/bin/mandb /usr/bin/manhole /usr/bin/manpage-alert /usr/bin/manpath /usr/bin/mass-bug /usr/bin/mattrib /usr/bin/mawk /usr/bin/mbadblocks /usr/bin/mbchk /usr/bin/mbmon /usr/bin/mbmon-rrd /usr/bin/mc /usr/bin/mcat /usr/bin/mcd /usr/bin/mcedit /usr/bin/mcedit-debian /usr/bin/mcheck /usr/bin/mclasserase /usr/bin/mcmfmt /usr/bin/mcomp /usr/bin/mcookie /usr/bin/mcopidl /usr/bin/mcopy /usr/bin/mcp /usr/bin/mcview /usr/bin/mcview-debian /usr/bin/md5 /usr/bin/md5sum /usr/bin/md5sum.textutils /usr/bin/mdassembler /usr/bin/mdatopbm /usr/bin/mdcs2ecma /usr/bin/mdel /usr/bin/mdeltree /usr/bin/mdetect /usr/bin/mdir /usr/bin/mdnormalizer /usr/bin/mdu /usr/bin/mdvalidater /usr/bin/meade_lpi /usr/bin/meinproc /usr/bin/memtest /usr/bin/merge /usr/bin/mergecap /usr/bin/mergechanges /usr/bin/mergelib /usr/bin/mesg /usr/bin/metaflac /usr/bin/mev /usr/bin/mex /usr/bin/mf /usr/bin/mf-nowin /usr/bin/mformat /usr/bin/mft /usr/bin/mgrtopbm /usr/bin/mguesser /usr/bin/midisend /usr/bin/minfo /usr/bin/minicom /usr/bin/mini-inetd /usr/bin/mirror /usr/bin/mirror-master /usr/bin/mirrors /usr/bin/mk4ht /usr/bin/mkafmmap /usr/bin/mkbimage /usr/bin/mkbundle2 /usr/bin/mkdirhier /usr/bin/mkdiskimage /usr/bin/mkfifo /usr/bin/mkfontdir /usr/bin/mkfontscale /usr/bin/mkhtmlindex /usr/bin/mkhybrid /usr/bin/mkindex /usr/bin/mkisofs /usr/bin/mkls-lR /usr/bin/mkmanifest /usr/bin/mk_modmap /usr/bin/mkocp /usr/bin/mkofm /usr/bin/mkpasswd /usr/bin/mktap /usr/bin/mktexfmt /usr/bin/mktexlsr /usr/bin/mktexmf /usr/bin/mktexpk /usr/bin/mktextfm /usr/bin/mkzftree /usr/bin/mlabel /usr/bin/mln /usr/bin/mmd /usr/bin/mmencode /usr/bin/mmls /usr/bin/mmount /usr/bin/mmove /usr/bin/mmroff /usr/bin/mmstat /usr/bin/mmv /usr/bin/moc /usr/bin/moc-qt3 /usr/bin/mod /usr/bin/mogrify /usr/bin/moniker-test /usr/bin/mono /usr/bin/mono-api-info2 /usr/bin/monodoc /usr/bin/monodocer /usr/bin/monodocs2html /usr/bin/monodocs2slashdoc /usr/bin/monop2 /usr/bin/mono-service2 /usr/bin/montage /usr/bin/movemail /usr/bin/mozilla /usr/bin/mozilla-firefox /usr/bin/mp3-decoder /usr/bin/mp4h /usr/bin/mpack /usr/bin/mpage /usr/bin/mpartition /usr/bin/mpeglibartsplay /usr/bin/mpg123 /usr/bin/mpg321 /usr/bin/mplayer /usr/bin/mpstat /usr/bin/mrd /usr/bin/mren /usr/bin/mrmlsearch /usr/bin/msgattrib /usr/bin/msgcat /usr/bin/msgcmp /usr/bin/msgcomm /usr/bin/msgconv /usr/bin/msgen /usr/bin/msgexec /usr/bin/msgfilter /usr/bin/msgfmt /usr/bin/msggrep /usr/bin/msginit /usr/bin/msgmerge /usr/bin/msgunfmt /usr/bin/msguniq /usr/bin/msguntypot /usr/bin/mshowfat /usr/bin/msql2mysql /usr/bin/mtn /usr/bin/mtools /usr/bin/mtoolstest /usr/bin/mtp-albumart /usr/bin/mtp-albums /usr/bin/mtp-connect /usr/bin/mtp-delfile /usr/bin/mtp-detect /usr/bin/mtp-emptyfolders /usr/bin/mtp-files /usr/bin/mtp-folders /usr/bin/mtp-format /usr/bin/mtp-getfile /usr/bin/mtp-getplaylist /usr/bin/mtp-hotplug /usr/bin/mtp-newfolder /usr/bin/mtp-newplaylist /usr/bin/mtp-playlists /usr/bin/mtp-sendfile /usr/bin/mtp-sendtr /usr/bin/mtp-thumb /usr/bin/mtp-tracks /usr/bin/mtp-trexist /usr/bin/mtr /usr/bin/mtrace /usr/bin/mtvtoppm /usr/bin/mtype /usr/bin/multicd /usr/bin/multispell /usr/bin/munchlist /usr/bin/munpack /usr/bin/mutt /usr/bin/mutt_dotlock /usr/bin/mxtar /usr/bin/myisamchk /usr/bin/myisam_ftdump /usr/bin/myisamlog /usr/bin/myisampack /usr/bin/my_print_defaults /usr/bin/mysql /usr/bin/mysqlaccess /usr/bin/mysqladmin /usr/bin/mysqlbinlog /usr/bin/mysqlbug /usr/bin/mysqlcheck /usr/bin/mysql_client_test /usr/bin/mysql_client_test_embedded /usr/bin/mysql_config /usr/bin/mysql_convert_table_format /usr/bin/mysqld_multi /usr/bin/mysqld_safe /usr/bin/mysqldump /usr/bin/mysqldumpslow /usr/bin/mysql_explain_log /usr/bin/mysql_find_rows /usr/bin/mysql_fix_extensions /usr/bin/mysql_fix_privilege_tables /usr/bin/mysqlhotcopy /usr/bin/mysqlimport /usr/bin/mysql_install_db /usr/bin/mysqlreport /usr/bin/mysql_secure_installation /usr/bin/mysql_setpermission /usr/bin/mysqlshow /usr/bin/mysql_tableinfo /usr/bin/mysqltest /usr/bin/mysqltest_embedded /usr/bin/mysqltestmanager /usr/bin/mysqltestmanagerc /usr/bin/mysqltestmanager-pwgen /usr/bin/mysql_tzinfo_to_sql /usr/bin/mysql_upgrade /usr/bin/mysql_upgrade_shell /usr/bin/mysql_waitpid /usr/bin/mysql_zap /usr/bin/mzip /usr/bin/namei /usr/bin/nano /usr/bin/nasl /usr/bin/nasl-config /usr/bin/native2ascii /usr/bin/nautilus /usr/bin/nautilus-cd-burner /usr/bin/nautilus-connect-server /usr/bin/nautilus-file-management-properties /usr/bin/nawk /usr/bin/ncal /usr/bin/ncftp /usr/bin/ncftp3 /usr/bin/ncftpbatch /usr/bin/ncftpbookmarks /usr/bin/ncftpget /usr/bin/ncftpls /usr/bin/ncftpput /usr/bin/ncftpspooler /usr/bin/ncurses5-config /usr/bin/ncursesw5-config /usr/bin/ndb_config /usr/bin/ndb_delete_all /usr/bin/ndb_desc /usr/bin/ndb_drop_index /usr/bin/ndb_drop_table /usr/bin/ndb_error_reporter /usr/bin/ndb_mgm /usr/bin/ndb_restore /usr/bin/ndb_select_all /usr/bin/ndb_select_count /usr/bin/ndb_show_tables /usr/bin/ndb_size /usr/bin/ndb_test_platform /usr/bin/ndb_waiter /usr/bin/neotoppm /usr/bin/neqn /usr/bin/nessus /usr/bin/nessus-build /usr/bin/nessus-config /usr/bin/nessus-fetch /usr/bin/nessus-mkcert-client /usr/bin/nessus-mkrand /usr/bin/net /usr/bin/netkey-tool /usr/bin/netkit-ftp /usr/bin/netload /usr/bin/netselect /usr/bin/net-snmp-config /usr/bin/network-admin /usr/bin/network-test /usr/bin/newaliases /usr/bin/newgrp /usr/bin/new-object /usr/bin/nex /usr/bin/ngettext /usr/bin/nice /usr/bin/nikto /usr/bin/nikto.pl /usr/bin/nl /usr/bin/nm /usr/bin/nm86 /usr/bin/nmap /usr/bin/nmblookup /usr/bin/nmicmpd /usr/bin/nmtrapd /usr/bin/nmudiff /usr/bin/noatun /usr/bin/noatunsynaescope.bin /usr/bin/noatuntippecanoe.bin /usr/bin/noatuntyler.bin /usr/bin/nodefs /usr/bin/nohup /usr/bin/noindex /usr/bin/noroff /usr/bin/noroots /usr/bin/notangle /usr/bin/nountangle /usr/bin/noweave /usr/bin/noweb /usr/bin/nroff /usr/bin/nsgmls /usr/bin/nslookup /usr/bin/nspluginscan /usr/bin/nspluginviewer /usr/bin/nstat /usr/bin/nsupdate /usr/bin/ntpdc /usr/bin/ntpq /usr/bin/ntpsweep /usr/bin/ntptrace /usr/bin/ntsc-cc /usr/bin/nuweb2noweb /usr/bin/nvi /usr/bin/nview /usr/bin/oaf-client /usr/bin/oafd /usr/bin/oaf-empty-server /usr/bin/oaf-run-query /usr/bin/oaf-slay /usr/bin/oaf-sysconf /usr/bin/objcopy /usr/bin/objdump /usr/bin/objdump86 /usr/bin/ocamlcvs2.byte /usr/bin/ocaml-md5sums /usr/bin/ocamlrun /usr/bin/ocamlweb /usr/bin/oclock /usr/bin/od /usr/bin/odbcinst /usr/bin/ogg123 /usr/bin/oggdec /usr/bin/oggenc /usr/bin/ogginfo /usr/bin/ogonkify /usr/bin/oil-bugreport /usr/bin/oldfuser /usr/bin/on_ac_power /usr/bin/oobase /usr/bin/oodraw /usr/bin/ooffice /usr/bin/oofromtemplate /usr/bin/ooimpress /usr/bin/oomath /usr/bin/ooweb /usr/bin/oowriter /usr/bin/open /usr/bin/opencdk-config /usr/bin/openct-tool /usr/bin/openoffice /usr/bin/opensc-explorer /usr/bin/opensc-tool /usr/bin/openssl /usr/bin/openuniverse /usr/bin/OpenVAS-Client /usr/bin/openvasclient-mkcert /usr/bin/openvasclient-mkrand /usr/bin/openvt /usr/bin/orbit-config /usr/bin/orbit-idl /usr/bin/orca /usr/bin/ovaldi /usr/bin/over /usr/bin/oxdvi /usr/bin/p7zip /usr/bin/pads /usr/bin/pads-report /usr/bin/pager /usr/bin/pal2rgb /usr/bin/palmtopnm /usr/bin/pamcut /usr/bin/pamdeinterlace /usr/bin/pamdice /usr/bin/pamfile /usr/bin/pamoil /usr/bin/pamstack /usr/bin/pamstretch /usr/bin/pamstretch-gen /usr/bin/panel-test-applets /usr/bin/pango-querymodules /usr/bin/pango-view /usr/bin/paperconf /usr/bin/par /usr/bin/parsechangelog /usr/bin/parse-edid /usr/bin/partx /usr/bin/passwd /usr/bin/paste /usr/bin/patch /usr/bin/pathchk /usr/bin/pax /usr/bin/pbmclean /usr/bin/pbmlife /usr/bin/pbmmake /usr/bin/pbmmask /usr/bin/pbmpage /usr/bin/pbmpscale /usr/bin/pbmreduce /usr/bin/pbmtext /usr/bin/pbmtextps /usr/bin/pbmto10x /usr/bin/pbmtoascii /usr/bin/pbmtoatk /usr/bin/pbmtobbnbg /usr/bin/pbmtocmuwm /usr/bin/pbmtoepsi /usr/bin/pbmtoepson /usr/bin/pbmtog3 /usr/bin/pbmtogem /usr/bin/pbmtogo /usr/bin/pbmtoicon /usr/bin/pbmtolj /usr/bin/pbmtomacp /usr/bin/pbmtomda /usr/bin/pbmtomgr /usr/bin/pbmtonokia /usr/bin/pbmtopgm /usr/bin/pbmtopi3 /usr/bin/pbmtoplot /usr/bin/pbmtoppa /usr/bin/pbmtopsg3 /usr/bin/pbmtoptx /usr/bin/pbmtowbmp /usr/bin/pbmtox10bm /usr/bin/pbmtoxbm /usr/bin/pbmtoybm /usr/bin/pbmtozinc /usr/bin/pbmupc /usr/bin/pcimodules /usr/bin/pcre-config /usr/bin/pcretest /usr/bin/pcxtoppm /usr/bin/pdb /usr/bin/pdb2.2 /usr/bin/pdb2.4 /usr/bin/pdb2.5 /usr/bin/pdbedit /usr/bin/pdebuild /usr/bin/pdf2dsc /usr/bin/pdf2ps /usr/bin/pdfcslatex /usr/bin/pdfcsplain /usr/bin/pdfetex /usr/bin/pdffonts /usr/bin/pdfimages /usr/bin/pdfinfo /usr/bin/pdfjadetex /usr/bin/pdflatex /usr/bin/pdfmex /usr/bin/pdfopt /usr/bin/pdftex /usr/bin/pdftoppm /usr/bin/pdftops /usr/bin/pdftotext /usr/bin/pdiff /usr/bin/pear /usr/bin/peardev /usr/bin/pecl /usr/bin/peekfd /usr/bin/perl /usr/bin/perl5.8.8 /usr/bin/perlbug /usr/bin/perlcc /usr/bin/perldoc /usr/bin/perldoc.stub /usr/bin/perlivp /usr/bin/perltex /usr/bin/perror /usr/bin/pf2afm /usr/bin/pfb2pfa /usr/bin/pfbtopfa /usr/bin/pfbtops /usr/bin/pftp /usr/bin/pg /usr/bin/pgawk /usr/bin/pg_config /usr/bin/pg_createcluster /usr/bin/pg_ctlcluster /usr/bin/pg_dropcluster /usr/bin/pg_dump /usr/bin/pg_dumpall /usr/bin/pg_lsclusters /usr/bin/pgmbentley /usr/bin/pgmcrater /usr/bin/pgmedge /usr/bin/pgmenhance /usr/bin/pgmhist /usr/bin/pgmkernel /usr/bin/pgmnoise /usr/bin/pgmnorm /usr/bin/pgmoil /usr/bin/pgmramp /usr/bin/pgmslice /usr/bin/pgmtexture /usr/bin/pgmtofs /usr/bin/pgmtolispm /usr/bin/pgmtopbm /usr/bin/pgmtoppm /usr/bin/pgp /usr/bin/pgp5 /usr/bin/pgp-clean /usr/bin/pgpe /usr/bin/pgp-fixkey /usr/bin/pgpgpg /usr/bin/pgpk /usr/bin/pgps /usr/bin/pgpv /usr/bin/pgrep /usr/bin/pg_restore /usr/bin/pg_upgradecluster /usr/bin/php /usr/bin/php4 /usr/bin/php-config /usr/bin/php-config5 /usr/bin/phpextdist /usr/bin/phpize /usr/bin/phpize5 /usr/bin/pi1toppm /usr/bin/pi3topbm /usr/bin/pia /usr/bin/pic /usr/bin/pic2graph /usr/bin/pic2tpic /usr/bin/pico /usr/bin/piconv /usr/bin/pidgin /usr/bin/pidstat /usr/bin/pike /usr/bin/pike7.2 /usr/bin/pike7.2-config /usr/bin/pilconvert.py /usr/bin/pildriver.py /usr/bin/pilfile.py /usr/bin/pilfont.py /usr/bin/pilot-650foto /usr/bin/pilot-addresses /usr/bin/pilot-clip /usr/bin/pilot-csd /usr/bin/pilot-debugsh /usr/bin/pilot-dedupe /usr/bin/pilot-dlpsh /usr/bin/pilot-file /usr/bin/pilot-foto /usr/bin/pilot-getram /usr/bin/pilot-getrom /usr/bin/pilot-getromtoken /usr/bin/pilot-hinotes /usr/bin/pilot-ietf2datebook /usr/bin/pilot-install-datebook /usr/bin/pilot-install-expenses /usr/bin/pilot-install-hinote /usr/bin/pilot-install-memo /usr/bin/pilot-install-netsync /usr/bin/pilot-install-todo /usr/bin/pilot-install-todos /usr/bin/pilot-install-user /usr/bin/pilot-manager /usr/bin/PilotManager /usr/bin/pilot-memos /usr/bin/pilot-nredir /usr/bin/pilot-read-expenses /usr/bin/pilot-read-ical /usr/bin/pilot-read-notepad /usr/bin/pilot-read-palmpix /usr/bin/pilot-read-screenshot /usr/bin/pilot-read-todos /usr/bin/pilot-read-veo /usr/bin/pilot-reminders /usr/bin/pilot-schlep /usr/bin/pilot-sync-plan /usr/bin/pilot-treofoto /usr/bin/pilot-undelete /usr/bin/pilot-wav /usr/bin/pilot-xfer /usr/bin/pilprint.py /usr/bin/pinentry /usr/bin/pinentry-qt /usr/bin/pinentry-x11 /usr/bin/pinky /usr/bin/pitchplay /usr/bin/piv-tool /usr/bin/pjtoppm /usr/bin/pk2bm /usr/bin/pkcs11-tool /usr/bin/pkcs15-crypt /usr/bin/pkcs15-init /usr/bin/pkcs15-tool /usr/bin/pkfix /usr/bin/pkg-config /usr/bin/pkgs_to_mmin /usr/bin/pkill /usr/bin/pktogf /usr/bin/pktype /usr/bin/pl2pm /usr/bin/planner /usr/bin/play /usr/bin/plog /usr/bin/plotchangelog /usr/bin/pltotf /usr/bin/pmap /usr/bin/pmount /usr/bin/pmount-hal /usr/bin/pngtopnm /usr/bin/pnmalias /usr/bin/pnmarith /usr/bin/pnmcat /usr/bin/pnmcolormap /usr/bin/pnmcomp /usr/bin/pnmconvol /usr/bin/pnmcrop /usr/bin/pnmcut /usr/bin/pnmdepth /usr/bin/pnmenlarge /usr/bin/pnmfile /usr/bin/pnmflip /usr/bin/pnmgamma /usr/bin/pnmhisteq /usr/bin/pnmhistmap /usr/bin/pnmindex /usr/bin/pnminterp /usr/bin/pnminterp-gen /usr/bin/pnminvert /usr/bin/pnmmargin /usr/bin/pnmmontage /usr/bin/pnmnlfilt /usr/bin/pnmnoraw /usr/bin/pnmnorm /usr/bin/pnmpad /usr/bin/pnmpaste /usr/bin/pnmpsnr /usr/bin/pnmquant /usr/bin/pnmremap /usr/bin/pnmrotate /usr/bin/pnmscale /usr/bin/pnmscalefixed /usr/bin/pnmshear /usr/bin/pnmsmooth /usr/bin/pnmsplit /usr/bin/pnmtile /usr/bin/pnmtoddif /usr/bin/pnmtofiasco /usr/bin/pnmtofits /usr/bin/pnmtojpeg /usr/bin/pnmtopalm /usr/bin/pnmtoplainpnm /usr/bin/pnmtopng /usr/bin/pnmtops /usr/bin/pnmtorast /usr/bin/pnmtorle /usr/bin/pnmtosgi /usr/bin/pnmtosir /usr/bin/pnmtotiff /usr/bin/pnmtotiffcmyk /usr/bin/pnmtoxwd /usr/bin/po2debconf /usr/bin/po2xml /usr/bin/po4a /usr/bin/po4a-gettextize /usr/bin/po4aman-display-po /usr/bin/po4a-normalize /usr/bin/po4a-translate /usr/bin/po4a-updatepo /usr/bin/pod2html /usr/bin/pod2latex /usr/bin/pod2man /usr/bin/pod2text /usr/bin/pod2usage /usr/bin/podchecker /usr/bin/podebconf-display-po /usr/bin/podebconf-report-po /usr/bin/podselect /usr/bin/poff /usr/bin/POFileChecker /usr/bin/POFileConsistency /usr/bin/POFileEquiv /usr/bin/POFileFill /usr/bin/POFileSpell /usr/bin/POFileStatus /usr/bin/policytool /usr/bin/pon /usr/bin/popbugs /usr/bin/popclient /usr/bin/POST /usr/bin/poster /usr/bin/post-grohtml /usr/bin/pozilla.sh /usr/bin/pphs /usr/bin/ppm2tiff /usr/bin/ppm3d /usr/bin/ppmbrighten /usr/bin/ppmchange /usr/bin/ppmcie /usr/bin/ppmcolormask /usr/bin/ppmcolors /usr/bin/ppmdim /usr/bin/ppmdist /usr/bin/ppmdither /usr/bin/ppmfade /usr/bin/ppmflash /usr/bin/ppmforge /usr/bin/ppmhist /usr/bin/ppmlabel /usr/bin/ppmmake /usr/bin/ppmmix /usr/bin/ppmnorm /usr/bin/ppmntsc /usr/bin/ppmpat /usr/bin/ppmquant /usr/bin/ppmquantall /usr/bin/ppmqvga /usr/bin/ppmrainbow /usr/bin/ppmrelief /usr/bin/ppmshadow /usr/bin/ppmshift /usr/bin/ppmspread /usr/bin/ppmtoacad /usr/bin/ppmtobmp /usr/bin/ppmtoeyuv /usr/bin/ppmtogif /usr/bin/ppmtoicr /usr/bin/ppmtoilbm /usr/bin/ppmtojpeg /usr/bin/ppmtoleaf /usr/bin/ppmtolj /usr/bin/ppmtolss16 /usr/bin/ppmtomap /usr/bin/ppmtomitsu /usr/bin/ppmtompeg /usr/bin/ppmtoneo /usr/bin/ppmtopcx /usr/bin/ppmtopgm /usr/bin/ppmtopi1 /usr/bin/ppmtopict /usr/bin/ppmtopj /usr/bin/ppmtopuzz /usr/bin/ppmtorgb3 /usr/bin/ppmtosixel /usr/bin/ppmtotga /usr/bin/ppmtouil /usr/bin/ppmtowinicon /usr/bin/ppmtoxpm /usr/bin/ppmtoyuv /usr/bin/ppmtoyuvsplit /usr/bin/ppmtv /usr/bin/pr /usr/bin/precat /usr/bin/pre-grohtml /usr/bin/prelude-adduser /usr/bin/prelude-admin /usr/bin/prename /usr/bin/preparetips /usr/bin/preunzip /usr/bin/prezip /usr/bin/prezip-bin /usr/bin/print /usr/bin/printafm /usr/bin/printenv /usr/bin/printf /usr/bin/printnodetest /usr/bin/procan /usr/bin/procinfo /usr/bin/procmail /usr/bin/profiles /usr/bin/prove /usr/bin/ps2ascii /usr/bin/ps2epsi /usr/bin/ps2image /usr/bin/ps2pdf /usr/bin/ps2pdf12 /usr/bin/ps2pdf13 /usr/bin/ps2pdf14 /usr/bin/ps2pdfwr /usr/bin/ps2pk /usr/bin/ps2ps /usr/bin/ps2ps2 /usr/bin/ps2txt /usr/bin/ps4pdf /usr/bin/psbook /usr/bin/psed /usr/bin/psfaddtable /usr/bin/psfgettable /usr/bin/psfstriptable /usr/bin/psidtopgm /usr/bin/pslatex /usr/bin/psmandup /usr/bin/psmerge /usr/bin/psnup /usr/bin/psql /usr/bin/psresize /usr/bin/psselect /usr/bin/psset /usr/bin/pstoedit /usr/bin/pstoimg /usr/bin/pstopnm /usr/bin/pstops /usr/bin/pstree /usr/bin/pstree.x11 /usr/bin/pstruct /usr/bin/ptar /usr/bin/ptardiff /usr/bin/ptked /usr/bin/ptksh /usr/bin/pts-subscribe /usr/bin/ptx /usr/bin/pumount /usr/bin/purple-remote /usr/bin/purple-send /usr/bin/purple-send-async /usr/bin/purple-url-handler /usr/bin/pwdx /usr/bin/pycentral /usr/bin/py_compilefiles /usr/bin/pydoc /usr/bin/pydoc2.2 /usr/bin/pydoc2.4 /usr/bin/pydoc2.5 /usr/bin/pygettext /usr/bin/pygettext2.2 /usr/bin/pygettext2.4 /usr/bin/pygettext2.5 /usr/bin/pykig.py /usr/bin/pymacs-services /usr/bin/pysupport-movemodules /usr/bin/pysupport-parseversions /usr/bin/python /usr/bin/python2.2 /usr/bin/python2.4 /usr/bin/python2.4-config /usr/bin/python2.5 /usr/bin/python2.5-config /usr/bin/python-config /usr/bin/pyversions /usr/bin/qdbus /usr/bin/qemacs /usr/bin/qembed /usr/bin/qjackctl /usr/bin/qmake /usr/bin/qmake-qt3 /usr/bin/qrttoppm /usr/bin/qt2kdoc /usr/bin/quanta /usr/bin/querybts /usr/bin/quilt /usr/bin/qwordtrans /usr/bin/rainbow /usr/bin/rainbow-ac /usr/bin/rainbow-be /usr/bin/rainbow-pr /usr/bin/rainbow-rank /usr/bin/rainbow-stats /usr/bin/ranlib /usr/bin/rapidsvn /usr/bin/rar /usr/bin/ras2tiff /usr/bin/rasttopnm /usr/bin/raw2tiff /usr/bin/rawtopgm /usr/bin/rawtoppm /usr/bin/rc-alert /usr/bin/rcp /usr/bin/rcs /usr/bin/rcs2log /usr/bin/rcs-checkin /usr/bin/rcs-checkin.emacs21 /usr/bin/rcsclean /usr/bin/rcsdiff /usr/bin/rcsfreeze /usr/bin/rcsmerge /usr/bin/rdesktop /usr/bin/rdjpgcom /usr/bin/re2c /usr/bin/readcd /usr/bin/readelf /usr/bin/readmult /usr/bin/readom /usr/bin/realvncpasswd /usr/bin/realvncpasswd.real /usr/bin/rebox /usr/bin/rec /usr/bin/recode /usr/bin/recode-sr-latin /usr/bin/recountdiff /usr/bin/red /usr/bin/rediff /usr/bin/refer /usr/bin/reindexdb /usr/bin/remsync /usr/bin/rename /usr/bin/rename.ul /usr/bin/renice /usr/bin/rep /usr/bin/replace /usr/bin/report2.byte /usr/bin/report2.gui.byte /usr/bin/reportbug /usr/bin/reportbug-ng /usr/bin/rep-remote /usr/bin/reset /usr/bin/resgen2 /usr/bin/resize /usr/bin/resolveip /usr/bin/resolve_stack_dump /usr/bin/rev /usr/bin/revpath /usr/bin/rgb2ycbcr /usr/bin/rgb3toppm /usr/bin/rgettext /usr/bin/rgrep /usr/bin/rhythmbox /usr/bin/rhythmbox-client /usr/bin/rjoe /usr/bin/rletopnm /usr/bin/rlog /usr/bin/rlogin /usr/bin/rmadison /usr/bin/rmccmt /usr/bin/rmic /usr/bin/rmid /usr/bin/rmiregistry /usr/bin/rmsgfmt /usr/bin/rmsgmerge /usr/bin/rng /usr/bin/rootstrap /usr/bin/rootv /usr/bin/routef /usr/bin/routel /usr/bin/rpcclient /usr/bin/rpcgen /usr/bin/rpcinfo /usr/bin/rpl8 /usr/bin/rpm /usr/bin/rpm2cpio /usr/bin/rpmbuild /usr/bin/rpmdb /usr/bin/rpme /usr/bin/rpmgraph /usr/bin/rpmi /usr/bin/rpmquery /usr/bin/rpmsign /usr/bin/rpmu /usr/bin/rpmverify /usr/bin/rrdcgi /usr/bin/rrdtool /usr/bin/rrdupdate /usr/bin/rsh /usr/bin/rssclient /usr/bin/rss-glx_install /usr/bin/rssservice /usr/bin/rstart /usr/bin/rstartd /usr/bin/rsync /usr/bin/rtf2rtf /usr/bin/rtstat /usr/bin/rubibtex /usr/bin/ruby /usr/bin/ruby1.8 /usr/bin/ruby-glade-create-template /usr/bin/rumakeindex /usr/bin/runcon /usr/bin/rundig /usr/bin/run-mailcap /usr/bin/runscript /usr/bin/run-with-aspell /usr/bin/rview /usr/bin/rvim /usr/bin/s2p /usr/bin/sa-compile /usr/bin/sadf /usr/bin/sa-learn /usr/bin/sane-find-scanner /usr/bin/sar /usr/bin/sar.sysstat /usr/bin/sas_disk_blink /usr/bin/sa-update /usr/bin/savelog /usr/bin/sawfish /usr/bin/sawfish-client /usr/bin/sawfish-ui /usr/bin/sbigccd /usr/bin/sbigtopgm /usr/bin/scanadf /usr/bin/scanimage /usr/bin/scantv /usr/bin/scdaemon /usr/bin/scotty /usr/bin/scotty3.0.0 /usr/bin/scp /usr/bin/scr-bx /usr/bin/screen /usr/bin/screendump /usr/bin/script /usr/bin/scriptreplay /usr/bin/scrollkeeper-config /usr/bin/scrollkeeper-extract /usr/bin/scrollkeeper-gen-seriesid /usr/bin/scrollkeeper-get-cl /usr/bin/scrollkeeper-get-content-list /usr/bin/scrollkeeper-get-extended-content-list /usr/bin/scrollkeeper-get-index-from-docpath /usr/bin/scrollkeeper-get-toc-from-docpath /usr/bin/scrollkeeper-get-toc-from-id /usr/bin/scrollkeeper-install /usr/bin/scrollkeeper-preinstall /usr/bin/scrollkeeper-rebuilddb /usr/bin/scrollkeeper-uninstall /usr/bin/scrollkeeper-update /usr/bin/scsi_logging_level /usr/bin/scsi_mandat /usr/bin/scsi_readcap /usr/bin/scsi_ready /usr/bin/scsi_satl /usr/bin/scsi_start /usr/bin/scsi_stop /usr/bin/scsi_temperature /usr/bin/sdiff /usr/bin/seahorse /usr/bin/seahorse-agent /usr/bin/seahorse-daemon /usr/bin/seahorse-preferences /usr/bin/seahorse-tool /usr/bin/secpolicy /usr/bin/see /usr/bin/select-default-iwrap /usr/bin/sendiso /usr/bin/sensible-browser /usr/bin/sensible-editor /usr/bin/sensible-pager /usr/bin/seq /usr/bin/serialver /usr/bin/services-admin /usr/bin/sessreg /usr/bin/setarch /usr/bin/setfdprm /usr/bin/setkeycodes /usr/bin/set-language-env /usr/bin/setleds /usr/bin/setlogcons /usr/bin/setmetamode /usr/bin/setpci /usr/bin/setsid /usr/bin/setterm /usr/bin/setxkbmap /usr/bin/sfconvert /usr/bin/sfill /usr/bin/sfinfo /usr/bin/sftp /usr/bin/sg /usr/bin/sg_dd /usr/bin/sg_emc_trespass /usr/bin/sgen /usr/bin/sg_format /usr/bin/sg_get_config /usr/bin/sg_ident /usr/bin/sginfo /usr/bin/sg_inq /usr/bin/sgitopnm /usr/bin/sg_logs /usr/bin/sg_luns /usr/bin/sg_map /usr/bin/sg_map26 /usr/bin/sgm_dd /usr/bin/sgml2html /usr/bin/sgml2info /usr/bin/sgml2latex /usr/bin/sgml2lyx /usr/bin/sgml2rtf /usr/bin/sgml2txt /usr/bin/sgml2xml /usr/bin/sgmlcheck /usr/bin/sgmldiff /usr/bin/sgmlnorm /usr/bin/sgmlpre /usr/bin/sgmlsasp /usr/bin/sgmlspl /usr/bin/sgmltools /usr/bin/sgmlwhich /usr/bin/sg_modes /usr/bin/sg_opcodes /usr/bin/sgp_dd /usr/bin/sg_persist /usr/bin/sg_prevent /usr/bin/sg_raw /usr/bin/sg_rbuf /usr/bin/sg_rdac /usr/bin/sg_read /usr/bin/sg_read_buffer /usr/bin/sg_readcap /usr/bin/sg_read_long /usr/bin/sg_reassign /usr/bin/sg_requests /usr/bin/sg_reset /usr/bin/sg_rmsn /usr/bin/sg_rtpg /usr/bin/sg_sat_identify /usr/bin/sg_scan /usr/bin/sg_senddiag /usr/bin/sg_ses /usr/bin/sg_start /usr/bin/sg_sync /usr/bin/sg_test_rwbuf /usr/bin/sg_turs /usr/bin/sg_verify /usr/bin/sg_vpd /usr/bin/sg_write_buffer /usr/bin/sg_write_long /usr/bin/sg_wr_mode /usr/bin/sha1 /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/shar /usr/bin/shares-admin /usr/bin/shcomp /usr/bin/showcfont /usr/bin/showchar /usr/bin/showfont /usr/bin/showkey /usr/bin/showrgb /usr/bin/shred /usr/bin/shtool /usr/bin/shtoolize /usr/bin/sigfind /usr/bin/simpdftex /usr/bin/sirtopnm /usr/bin/size /usr/bin/size86 /usr/bin/skill /usr/bin/skycommander /usr/bin/sl2h /usr/bin/slabtop /usr/bin/sldtoppm /usr/bin/slice /usr/bin/sliceprint /usr/bin/slogin /usr/bin/smbcacls /usr/bin/smbclient /usr/bin/smbcontrol /usr/bin/smbcquotas /usr/bin/smbget /usr/bin/smb-nat /usr/bin/smbpasswd /usr/bin/smbspool /usr/bin/smbstatus /usr/bin/smbtar /usr/bin/smbtree /usr/bin/smem /usr/bin/smime_keys /usr/bin/smproxy /usr/bin/snice /usr/bin/socat /usr/bin/socklist /usr/bin/socklist.pl /usr/bin/sodipodi /usr/bin/soelim /usr/bin/soffice /usr/bin/software-properties /usr/bin/sort /usr/bin/sort-dctrl /usr/bin/sorter /usr/bin/sound-juicer /usr/bin/sox /usr/bin/spacechart /usr/bin/spam /usr/bin/spamassassin /usr/bin/spamc /usr/bin/spctoppm /usr/bin/spent /usr/bin/sperl5.8.8 /usr/bin/spfquery /usr/bin/spfquery.mail-spf-query-perl /usr/bin/spikeproxy /usr/bin/splain /usr/bin/split /usr/bin/split2po /usr/bin/splitdiff /usr/bin/splitfont /usr/bin/spotlight2kvtml /usr/bin/sprof /usr/bin/sputoppm /usr/bin/sq /usr/bin/sqlite /usr/bin/sqlite3 /usr/bin/src2man /usr/bin/srch_strings /usr/bin/srcore /usr/bin/srm /usr/bin/ssconvert /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-argv0 /usr/bin/ssh-copy-id /usr/bin/ssh-keygen /usr/bin/ssh-keyscan /usr/bin/ssindex /usr/bin/sswap /usr/bin/st4topgm /usr/bin/starconvert /usr/bin/starpkg /usr/bin/starplot /usr/bin/startkde /usr/bin/start_kdeinit /usr/bin/start_kdeinit_wrapper /usr/bin/startx /usr/bin/stat /usr/bin/states /usr/bin/statnet /usr/bin/stegbreak /usr/bin/stegcompare /usr/bin/stegdeimage /usr/bin/stegdetect /usr/bin/strace /usr/bin/strfile /usr/bin/strings /usr/bin/strip /usr/bin/strobe /usr/bin/subtitles /usr/bin/sudo /usr/bin/sudoedit /usr/bin/suidperl /usr/bin/sum /usr/bin/superformat /usr/bin/su-to-root /usr/bin/svgdisplay /usr/bin/svn /usr/bin/svn2cl /usr/bin/svnadmin /usr/bin/svn_apply_autoprops /usr/bin/svn-backup-dumps /usr/bin/svn-buildpackage /usr/bin/svn-clean /usr/bin/svndumpfilter /usr/bin/svn-fast-backup /usr/bin/svn-hot-backup /usr/bin/svn-inject /usr/bin/svnlook /usr/bin/svnmerge /usr/bin/svnpath /usr/bin/svnserve /usr/bin/svnsync /usr/bin/svn-upgrade /usr/bin/svnversion /usr/bin/svnwrap /usr/bin/swappo /usr/bin/symcryptrun /usr/bin/symlinks /usr/bin/synclient /usr/bin/syndaemon /usr/bin/syslinux /usr/bin/syslinux2ansi /usr/bin/system-tools-backends /usr/bin/t1asm-freetype /usr/bin/t4ht /usr/bin/tac /usr/bin/tagpending /usr/bin/tail /usr/bin/talk /usr/bin/tap2deb /usr/bin/tap2rpm /usr/bin/tapconvert /usr/bin/tasksel /usr/bin/taskset /usr/bin/tbl /usr/bin/tbl-dctrl /usr/bin/tcdialog /usr/bin/tclsh /usr/bin/tclsh8.3 /usr/bin/tclsh8.4 /usr/bin/tcpbug /usr/bin/tcpconnect /usr/bin/tcpflow /usr/bin/tcplisten /usr/bin/tcpspray /usr/bin/tcpstat /usr/bin/tcptraceroute /usr/bin/tcptraceroute.db /usr/bin/tcsh /usr/bin/tdbbackup /usr/bin/tee /usr/bin/telnet /usr/bin/telnet.netkit /usr/bin/temma /usr/bin/test /usr/bin/testlibraw /usr/bin/testparm /usr/bin/testrb1.8 /usr/bin/tex /usr/bin/tex4ht /usr/bin/texconfig /usr/bin/texconfig-dialog /usr/bin/texconfig-sys /usr/bin/texdoc /usr/bin/texdoctk /usr/bin/texexpand /usr/bin/texhash /usr/bin/texi2dvi /usr/bin/texi2dvi4a2ps /usr/bin/texi2html /usr/bin/texi2pdf /usr/bin/texindex /usr/bin/texlinks /usr/bin/text2pcap /usr/bin/text2wave /usr/bin/tfmtodit /usr/bin/tftopl /usr/bin/tgatoppm /usr/bin/tgz /usr/bin/themus-theme-applier /usr/bin/thinkjettopbm /usr/bin/thumbnail /usr/bin/thumbpdf /usr/bin/tic /usr/bin/tidy /usr/bin/tiff2bw /usr/bin/tiff2pdf /usr/bin/tiff2ps /usr/bin/tiff2rgba /usr/bin/tiffcmp /usr/bin/tiffcp /usr/bin/tiffdither /usr/bin/tiffdump /usr/bin/tiffinfo /usr/bin/tiffmedian /usr/bin/tiffset /usr/bin/tiffsplit /usr/bin/tifftopnm /usr/bin/time /usr/bin/time-admin /usr/bin/tkconch /usr/bin/tkined /usr/bin/tkined1.5.0 /usr/bin/tkjpeg /usr/bin/tklanguage /usr/bin/tload /usr/bin/toc2cddb /usr/bin/toc2cue /usr/bin/todos /usr/bin/toe /usr/bin/tomboy /usr/bin/toolame /usr/bin/top /usr/bin/totem /usr/bin/totem-video-indexer /usr/bin/totem-video-thumbnailer /usr/bin/touch /usr/bin/tp_tagger /usr/bin/tput /usr/bin/tr /usr/bin/traceproto /usr/bin/traceproto.db /usr/bin/traceroute /usr/bin/traceroute6 /usr/bin/traceroute6.db /usr/bin/traceroute.db /usr/bin/traceroute-nanog /usr/bin/traceroute-nanog.db /usr/bin/tracert /usr/bin/tracert.db /usr/bin/transfig /usr/bin/transxx /usr/bin/tree /usr/bin/trial /usr/bin/trm /usr/bin/troff /usr/bin/tryaffix /usr/bin/tsclient /usr/bin/tset /usr/bin/tshark /usr/bin/tsort /usr/bin/ttf2afm /usr/bin/ttf2bdf /usr/bin/ttf2pfb /usr/bin/ttf2pk /usr/bin/ttf2tfm /usr/bin/ttfbanner /usr/bin/tty /usr/bin/tuxpaint /usr/bin/tuxpaint-config /usr/bin/tuxpaint-import /usr/bin/twistd /usr/bin/twm /usr/bin/txt2man /usr/bin/type-handling /usr/bin/tzselect /usr/bin/ucat /usr/bin/ucf /usr/bin/ucfq /usr/bin/ucfr /usr/bin/uclean /usr/bin/ucs2any /usr/bin/udevinfo /usr/bin/udevtest /usr/bin/uic /usr/bin/uic-qt3 /usr/bin/ul /usr/bin/uml_mconsole /usr/bin/uml_mkcow /usr/bin/uml_moo /usr/bin/uml_switch /usr/bin/uml_watchdog /usr/bin/unace /usr/bin/uncompress.real /usr/bin/unexpand /usr/bin/unicode_start /usr/bin/unicode_stop /usr/bin/uniq /usr/bin/unison /usr/bin/unison-2.13 /usr/bin/unison-2.13.16 /usr/bin/unison-2.13.16-gtk /usr/bin/unison-2.13-gtk /usr/bin/unison-2.9.1 /usr/bin/unison-gtk /usr/bin/unison-latest-stable /usr/bin/unison-latest-stable-gtk /usr/bin/unix2dos /usr/bin/unlink /usr/bin/unp /usr/bin/unrar /usr/bin/unshar /usr/bin/unsq /usr/bin/unstr /usr/bin/untex /usr/bin/untrigraph /usr/bin/unwrapdiff /usr/bin/unzip /usr/bin/unzipsfx /usr/bin/updatedb /usr/bin/update-desktop-database /usr/bin/update-fmtutil /usr/bin/update-fontlang /usr/bin/update-language /usr/bin/update-manager /usr/bin/update-menus /usr/bin/update-mime-database /usr/bin/update-notifier /usr/bin/update-pciids /usr/bin/update-perl-sax-parsers /usr/bin/update-updmap /usr/bin/updmap /usr/bin/updmap-sys /usr/bin/uptime /usr/bin/uscan /usr/bin/user-ja-conf /usr/bin/users /usr/bin/users-admin /usr/bin/utf8mex /usr/bin/uudecode /usr/bin/uuencode /usr/bin/uuidgen /usr/bin/uupdate /usr/bin/uxterm /usr/bin/uz /usr/bin/v4l-conf /usr/bin/v4lctl /usr/bin/v4ldriver /usr/bin/v4l-info /usr/bin/v4lphilips /usr/bin/vacation /usr/bin/vacuumdb /usr/bin/vacuumlo /usr/bin/valgrind /usr/bin/valgrind.bin /usr/bin/valgrind-listener /usr/bin/vcut /usr/bin/vftovp /usr/bin/vi /usr/bin/vidcat /usr/bin/view /usr/bin/viewres /usr/bin/vim /usr/bin/vim.basic /usr/bin/vimdiff /usr/bin/vimtutor /usr/bin/vino-preferences /usr/bin/visualinfo /usr/bin/VisualOS /usr/bin/vmstat /usr/bin/vncpasswd /usr/bin/vncviewer /usr/bin/volname /usr/bin/vorbiscomment /usr/bin/vorbistagedit /usr/bin/vptovf /usr/bin/vt-is-UTF8 /usr/bin/vumeter /usr/bin/w /usr/bin/w3m /usr/bin/w3mman /usr/bin/wall /usr/bin/watch /usr/bin/watchgnupg /usr/bin/wbmptopbm /usr/bin/wc /usr/bin/wdiff /usr/bin/wftopfa /usr/bin/wget /usr/bin/whatis /usr/bin/whereis /usr/bin/which /usr/bin/which-pkg-broke /usr/bin/whiptail /usr/bin/who /usr/bin/whoami /usr/bin/whodepends /usr/bin/whois /usr/bin/who-uploads /usr/bin/widget /usr/bin/winicontoppm /usr/bin/wipe /usr/bin/wireshark /usr/bin/wish /usr/bin/wish8.3 /usr/bin/wish8.4 /usr/bin/wmb /usr/bin/wmd /usr/bin/wmk /usr/bin/wml /usr/bin/wmu /usr/bin/wmxmms /usr/bin/wnpp-alert /usr/bin/wodim /usr/bin/word-list-compress /usr/bin/wordtrans /usr/bin/wordview /usr/bin/workman2cddb.pl /usr/bin/w.procps /usr/bin/write /usr/bin/wrjpgcom /usr/bin/wsdl2 /usr/bin/www-browser /usr/bin/X /usr/bin/X11 /usr/bin/x11perf /usr/bin/x11perfcomp /usr/bin/xalan /usr/bin/xargs /usr/bin/xauth /usr/bin/xauth_switch_to_sun-des-1 /usr/bin/xawtv /usr/bin/xawtv.bin /usr/bin/xawtv-remote /usr/bin/xbb /usr/bin/xbiff /usr/bin/xbitchx /usr/bin/xbmtopbm /usr/bin/xbsh /usr/bin/xbuild /usr/bin/xcalc /usr/bin/xcam /usr/bin/xcdroast /usr/bin/xchat /usr/bin/xclipboard /usr/bin/xclips /usr/bin/xclock /usr/bin/xcmsdb /usr/bin/xconsole /usr/bin/xcursorgen /usr/bin/xcutsel /usr/bin/xdbedizzy /usr/bin/xdfcopy /usr/bin/xdfformat /usr/bin/xdg-desktop-icon /usr/bin/xdg-desktop-menu /usr/bin/xdg-email /usr/bin/xdg-icon-resource /usr/bin/xdg-mime /usr/bin/xdg-open /usr/bin/xdg-screensaver /usr/bin/xditview /usr/bin/xdpyinfo /usr/bin/xdriinfo /usr/bin/xdvi /usr/bin/xdvi.bin /usr/bin/xdvi-xaw.bin /usr/bin/xdvizilla /usr/bin/xedit /usr/bin/xemacs /usr/bin/xev /usr/bin/xeyes /usr/bin/xf86gammacfg /usr/bin/xfd /usr/bin/xfig /usr/bin/xfontsel /usr/bin/xfs /usr/bin/xfsinfo /usr/bin/xft-config /usr/bin/xgamma /usr/bin/xgc /usr/bin/xgettext /usr/bin/xhost /usr/bin/ximtoppm /usr/bin/xine /usr/bin/xine-bugreport /usr/bin/xine-check /usr/bin/xine-remote /usr/bin/xinit /usr/bin/xkbbell /usr/bin/xkbcomp /usr/bin/xkbevd /usr/bin/xkbprint /usr/bin/xkbvleds /usr/bin/xkbwatch /usr/bin/xkill /usr/bin/xli /usr/bin/xlito /usr/bin/xload /usr/bin/xlogo /usr/bin/xls2csv /usr/bin/xlsatoms /usr/bin/xlsclients /usr/bin/xlsfonts /usr/bin/xlsview /usr/bin/xmag /usr/bin/xman /usr/bin/xmbmon /usr/bin/xmessage /usr/bin/xminicom /usr/bin/xmkmf /usr/bin/xml2-config /usr/bin/xml2po /usr/bin/xml2pot /usr/bin/xmlcatalog /usr/bin/xmllint /usr/bin/xmlproc_parse.python-xml /usr/bin/xmlproc_val.python-xml /usr/bin/xmms /usr/bin/xmodmap /usr/bin/xmore /usr/bin/xmovie /usr/bin/Xnest /usr/bin/xon /usr/bin/Xorg /usr/bin/xpaint /usr/bin/xpdf /usr/bin/xpdf.bin /usr/bin/xplanet /usr/bin/xpmtoppm /usr/bin/xprop /usr/bin/Xprt /usr/bin/xrandr /usr/bin/xrdb /usr/bin/xrefresh /usr/bin/xsane /usr/bin/xscanimage /usr/bin/xscreensaver /usr/bin/xscreensaver-command /usr/bin/xscreensaver-demo /usr/bin/xscreensaver-getimage /usr/bin/xscreensaver-getimage-file /usr/bin/xscreensaver-getimage-video /usr/bin/xscreensaver-gl-helper /usr/bin/xscreensaver-text /usr/bin/x-session-manager /usr/bin/xset /usr/bin/xsetmode /usr/bin/xsetpointer /usr/bin/xsetroot /usr/bin/xslt-config /usr/bin/xsltproc /usr/bin/xsm /usr/bin/xstdcmap /usr/bin/xsubpp /usr/bin/xterm /usr/bin/x-terminal-emulator /usr/bin/xtightvncviewer /usr/bin/xtrapchar /usr/bin/xtrapin /usr/bin/xtrapinfo /usr/bin/xtrapout /usr/bin/xtrapproto /usr/bin/xtrapreset /usr/bin/xtrapstats /usr/bin/Xvfb /usr/bin/xvfb-run /usr/bin/xvidcap /usr/bin/xvidtune /usr/bin/xvinfo /usr/bin/xvminitoppm /usr/bin/xvncviewer /usr/bin/xwd /usr/bin/xwdtopnm /usr/bin/x-window-manager /usr/bin/xwininfo /usr/bin/xwud /usr/bin/x-www-browser /usr/bin/xxd /usr/bin/yacc /usr/bin/yada /usr/bin/yaf-cdda /usr/bin/yaf-mpgplay /usr/bin/yaf-splay /usr/bin/yaf-tplay /usr/bin/yaf-vorbis /usr/bin/yaf-yuv /usr/bin/ybmtopbm /usr/bin/yelp /usr/bin/yes /usr/bin/ysh /usr/bin/ytalk /usr/bin/yuvsplittoppm /usr/bin/yuvtoppm /usr/bin/yyextract /usr/bin/yyref /usr/bin/zdump /usr/bin/zeisstopnm /usr/bin/zenity /usr/bin/zip /usr/bin/zipcloak /usr/bin/zipgrep /usr/bin/zipinfo /usr/bin/zipnote /usr/bin/zipsplit /usr/bin/zsoelim /usr/bin/zxpdf executables +as owned by `bin', this account will not flag a warning. +

+Linux (notably RedHat) operating environments violate this convention +with printer (lp*) and rpm programs among others. +Changing ownership in this case may be problematic. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path003i]

+No PATH variable could be extracted from the indicated file. This either +indicates that the PATH is not set in the file, or that the file is too +complex to be able to extract it. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path004w]

+The PATH variable from the indicated initialization file for `root' puts `.' +(dot) in the PATH. Having dot in `root's path can allow Trojan horse +programs to be unknowingly executed by root. +

+References: curry/33-34 +garfinkel/151-153 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path005w]

+The PATH variable from the indicated user and initialization file +contains the `.' (dot) directory, but it is not the last component. +This can cause Trojan horse programs to be executed. It is recommended +that `.' not be in the PATH (especially for `root'), but if it is included, +it should be the last directory listed in the PATH variable. +

+References: curry/33-34 +garfinkel/151-153 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path006w]

+The indicated directory from a user's PATH variable is writable. This can +allow commands in this directory to be replaced with Trojan horse programs. +Note that this can be reported even if the directory itself does not have +group or world write permissions. This message is generated if any directory +component of the pathname is writable (the directory itself can be replaced +with a new, writable one if a directory higher up is writable). +

+References: curry/33-34 +garfinkel/151-153 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path007w]

+The indicated directory is in `root's PATH, but is not owned by 'root'. +This can allow Trojan horse programs to be placed into any executables +in this directory. The ownership of the directory should be changed +to `root'. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path008i]

+The indicated setuid program is in root's PATH, but is not owned by +root. Since it is setuid to a user other than root, there usually is +no solution for this. You should be aware of these though, as they +can allow Trojan horse programs or viruses to be planted into these +executables and spread by `root'. Often these executables are owned +by `bin', `uucp' or other system accounts. If these commands are +never used by root, then this is not a problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [path009w]

+An initial setting of the PATH variable should be setup in the default +locations for shell login programs (/etc/profile, /etc/csh.login, etc.). --- tiger-3.2.2.orig/html/pcap.html +++ tiger-3.2.2/html/pcap.html @@ -0,0 +1,78 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for pcap

+

Code [pcap001i]

+The file indicated for a printer control does not exist. This is just +an informational message, though it probably means something in the +print system isn't configured correctly. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pcap002i]

+The indicated file or directory associated with a printer control does not +have secure ownership. This may represent a security vulnerability. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pcap002w]

+The indicated executable associated with a printer control does not have +secure ownership. This may represent a security vulnerability, as it +may be possible to replace the executable. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pcap003i]

+The indicated file or directory associated with a printer control has +group or world write permissions. This may represent a security +vulnerability. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [pcap003w]

+The indicated executable associated with a printer control has +group or world write permissions. This may represent a security +vulnerability, as it may be possible to replace the executable. --- tiger-3.2.2.orig/html/permissions.html +++ tiger-3.2.2/html/permissions.html @@ -0,0 +1,628 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for permissions

+

Code [perm001a]

+The owner of the indicated file is not correct. This is a serious security +problem and may indicate that an intrusion has occurred. The system should +be checked and cleaned. The owner of the file should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm001f]

+The owner of the indicated file is not correct. With the incorrect ownership, +a vulnerability may exist. The owner of the file should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm001w]

+The owner of the indicated file is not what is considered best for security +reasons. Unless you have a specific reason for not changing the ownership, +this should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm002a]

+The group owner of the indicated file is not correct. This is a serious +security problem and may indicate that an intrusion has occurred. The +system should be checked and cleaned. The group owner of the file should be +corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm002f]

+The group owner of the indicated file is not correct. With the incorrect +group ownership, a vulnerability may exist. The group owner of the file +should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm002w]

+The group owner of the indicated file is not what is considered best for +security reasons. Unless you have a specific reason for not changing the +ownership, this should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm003a]

+The access permissions of the indicated file are incorrect. This may +indicate an intrusion has occurred. In any event, it is a serious security +problem and should be corrected immediately. The system should also be +checked for signs of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm003f]

+The access permissions of the indicated file are incorrect. This may +create a vulnerability in the system. This should be corrected immediately. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm003w]

+The access permissions of the indicated file are not what is considered +best for security. Unless you have a reason for not doing so, the permissions +should be corrected. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm004c]

+No file permissions database can be found. This will prevent the +checks of file ownerships to be performed. This likely indicates +that a complete port has not been done for this platform. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm005a]

+The /etc/security directory contains security information that should +not be accessible by non-root users. The owner should be root, and group +and world should have only search access (mode 711). The directory +unfortunately must be search-able because of some library routines which +check for the existence of the security.adjunct file. The files in the +directory should be mode 600. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm006w]

+The configuration files (.login, .profile, etc) should be not be writable +by non-root users. In addition, the .rhosts file should not be readable +or writable by non-root users. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm007f]

+The /etc/aliases, /etc/aliases.dir and /etc/aliases.pag files should not +be writable by non-root users. On SunOS 4 systems, these files are +shipped world writable. The permissions should be 644 on all three +files. If left writable, program aliases can be added which can +allow unauthorized access. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm008w]

+The /etc/exports (or equivalent) file should not be writable by anyone +other than root. If a non-root user can modify the file, unauthorized +privileges can be obtained. There is also no reason for this file +to be readable by anyone other than root. Making it unreadable, reduces +the information available to an intruder attempting to gain privileged +access. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm009f]

+The /etc/group file should not be writable by anyone other than root. +If a non-root user can modify the file, unauthorized privileges can +be obtained. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm010w]

+The /etc/hosts.allow and /etc/hosts.deny files (from Wietse Venema's +tcp_wrapper package) should not be writable by non-root users. If +they are writable, the protection provided by the package can be +bypassed. In addition, if all of the daemons protected by tcp_wrapper +run as `root', then the file does not need to be readable by non-root +users. Making the permissions 600, reduces the information available +to an intruder attempting to gain privileges. If any daemons are +run as non-root users though, this is not possible. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm011w]

+The /etc/hosts.equiv and /etc/hosts.lpd files define trusted hosts. +The hosts.equiv file defines the trusted hosts for the Berkeley 'R' +commands (rsh, rlogin), while the hosts.lpd file defines trusted hosts +for the print system. If the hosts.equiv or hosts.lpd file is writable +by users other than root, then unauthorized privileges or access may +be gained. In addition, there is no reason for non-root users to be +able to read these files. Making them unreadable reduces the information +available to an intruder attempting to gain privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm012w]

+The /etc/inetd.conf file defines the network daemons controlled by +`inetd'. If this file is writable by non-root users, then unauthorized +access can be obtained. In addition, it is not necessary that this file +be readable by non-root users. Making the file unreadable reduces the +information available to an intruder attempting to gain privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm013f]

+The /etc/netgroup file defines network groups which consist of machines +and users. Allowing write access can allow unauthorized access or +privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm014a]

+If /etc/passwd is writable by non-root users, then new login id's +can be added to the system. Unauthorized access or privileges can +easily be obtained. If the file is world writable, this is a possible +indication that the system has been compromised. The system should +be checked for other signs of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm015f]

+The 'rc.*' scripts are executed during system startup. If they are +writable by non-root users, then unauthorized access or privileges can +be obtained. In addition, there is no need for these files to be world +readable. Making them unreadable reduces the information available to +an intruder attempting to gain privileges. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm016w]

+The /etc/resolv.conf file is used to designate where Domain Name +Service is to be obtained. If this file is writable by non-root +users, then unauthorized access or privileges may be obtained. +This file does need to be world readable however. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm017w]

+The /etc/utmp file should not be writable by non-root users. This +is a security vulnerability. Unfortunately, on SunOS 4 systems, the +SunView and OpenWindows 'cmdtool' and 'shelltool' programs do not +function correctly if it is not. If you are not using these tools, +then you should set the permissions to 644. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm018a]

+The root directory should be protected from changes by non-root users. +If the directory is writable by non-root users, unauthorized access +or privileges can be obtained. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm019a]

+The /etc directory should be owned by root and should not be writable +by group or world. As shipped, SunOS 4 systems have the /etc directory +owned by the user `bin'. This is *incorrect*. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm020w]

+The indicated disk device file is world readable, writable or both. This +allows the file access controls to be bypassed. The world permissions +should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm021w]

+The indicated disk device file is group readable, writable or both by the +indicated group. This allows users in this group to bypass the file +access controls. Many systems allow a group such as `operator' to have +read access so that backups can be performed. Group write access is +*not* needed and should be removed. If backups are performed by the +`root' account, then group read permissions are not needed and should +be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm022w]

+The indicated disk device file is not owned by `root'. This allows the +owner of the disk device to bypass the systems file access controls. +The owner should be changed to `root'. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm023a]

+The indicated file has the setuid bit set, but it should not have it. +This should be changed by using 'chmod u-s file' where 'file' is the +indicated file. The system should be checked for signs of intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm024a]

+The indicated file has the setgid (group) bit set, but it should not +have it. This should be changed by using 'chmod g-s file' where 'file' +is the indicated file. The system should be checked for signs of +intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm025w]

+If the 'arp' program is 'setgid', it can be used to read files that a user +normally should not be able to read. On many systems, this includes +/dev/kmem and /dev/mem. Turning the 'setgid' bit off will result in the +loss of 'arp -a' functionality for a normal user account. (On SunOS 5.x +systems, even this functionality isn't lost... there is no reason for +'arp' to be setgid). This is a minor loss of functionality. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm26f]

+The file '/etc/login.access' provides finer control over user +access, it can be modified to allow or disallow remote access +to privileged accounts. If this file is writable by non-root +users, then unauthorized access or privileges may be obtained. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm27f]

+The file '/etc/login.conf' is used by default on some BSD systems, +it can be used to set up user environment and to set policy and +accounting restrictions. Since this file provides control over user +access, if this file is writable by non-root +users, then unauthorized access or privileges may be obtained. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm28f]

+The file '/etc/login.defs' is used by default on some Linux systems, +it can be used to set up user environment and to set policy and +accounting restrictions (such as password aging), as it defines +configuration control definitions for the login package. +Since this file provides control over user access, if this file +is writable by non-root users, then unauthorized access or privileges +may be obtained. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm29f]

+The configuration files for PAM (Pluggable Authentication Modules) +are used by default on many Unix systems, it can be used to set up +the environment for some services and defined the policy for its +access. Since this file provides control over user access, if this file +is writable by non-root users, then unauthorized access or privileges +may be obtained. +

+More information about PAM is available from: +http://www.kernel.org/pub/linux/libs/pam/ +and +http://www.sun.com/solaris/pam/ +

+
+
+
+
+
+
+
+
+
+
+
+

Code [perm30f]

+The configuration files (/etc/ttys, /etc/default/login, /etc/security +or /etc/securetty depending on the operating system) determines +access to users based on what consoles are they logged in. +Since this file provides control over user access, if this file +is writable by non-root users, then unauthorized access or privileges +may be obtained. --- tiger-3.2.2.orig/html/pxt.html +++ tiger-3.2.2/html/pxt.html @@ -0,0 +1,276 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for pxt

+

Code [dev001f]

+Tape devices used for backups should not have world permissions. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [dev002f]

+Devices that have improper (world) permissions might be accessed by +any system user. This might open security holes if these are shared +devices or hold binaries (disks for example). The administrator should +properly set device access (using group configuration to provide +access to a device to multiple users, for example). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [dev003w]

+There is a file in the devices directory which is a common file. Devices +directory should only hold special files although some systems have +directories and shell scripts in /dev. Please check your system's +documentation to determine if that file should be located there. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [boot01]

+The lilo configuration file (/etc/lilo.conf) should have permissions +limiting access to only the owner (usually root). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [boot02]

+The grub configuration file (/boot/grub/grub.conf) should have +permissions limiting access to only the owner (usually root). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [boot03w]

+A boot loader configuration file could not be found. That means +that neither /etc/lilo.conf nor /boot/grub/grub.conf exists. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ptch01f]

+AutoRPM has determined that there are updated packages waiting +to be installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ptch02f]

+apt-get has determined that there are updated packages waiting +to be installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ptch03]

+The machine does not appear to be a RedHat or Debian system. +This test can currently only determine current patch levels +if it can find autorpm or apt-get. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ptch04w]

+No patch management tool could be found on the system. +The scripts looks for autorpm followed by apt-get. If either +one is found it is used to determine if updated packages +are available for your system. This message indicates that +neither program was found on your system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ptch05e]

+If the Tiger tool is not running as root it will probably not be +able to update the package database from the latest sources available. +Some errors might be printed on the output and the security check +will be done only on the current available list of packages (which +might not be up-to-date). Make sure that you are running the tool +as an administrative user. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [osv001f]

+The operating system version appears to be less than RedHat 6.2 +Due to security enhancements and fixes available in recent releases, +running an older version of RedHat is strongly discouraged. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [osv002f]

+The operating system version appears to be less than Debian 3.0 +Due to security enhancements and fixes available in recent releases, +running an older version of Debian is strongly discouraged. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [osv003w]

+The machine does not appear to be a RedHat or Debian system. +This test can not suggest a recommended version number for your +operating system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [osv004w]

+The machine is running an unreleased version of Debian GNU/Linux. +This version is not supported by the security team so it might not +be up-to-date security wise (support is only provided for the latest +release). That is, "run at your own risk". +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sum001f]

+The system does not appear to require a password during single-user +mode boot. Either add a password to your boot loader or add the line: +~~:S:wait:/sbin/sulogin +to your /etc/inittab file. This line should be added immediately before +the line containing "rc 0". +

+
+
+
+
+
+
+
+
+
+
+
+

Code [trip01f]

+Tripwire has detected an inconsistency in the noted file. This file +has been modified in some way since the database was built -- either +upgraded, removed or tampered with. If this modification is legitimate +please refresh the tripwire database by running "tripwire --update" --- tiger-3.2.2.orig/html/references.html +++ tiger-3.2.2/html/references.html @@ -0,0 +1,31 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for references

+

Code [curry]

+David A. Curry, +UNIX System Security - A Guide for Users and System Administrators, +Addison-Wesley, 1992, ISBN 0-201-56327-4 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [garfinkel]

+Simson Garfinkel and Gene Spafford, +Practical UNIX Security +O'Reilly & Associates, Inc., 1991, ISBN 0-937175-72-2 --- tiger-3.2.2.orig/html/rhosts.html +++ tiger-3.2.2/html/rhosts.html @@ -0,0 +1,314 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for rhosts

+

Code [rcmd001f]

+An entry of the form '+ +' in a .rhosts file means that any one on the +the Internet can login as the indicated user without a password. This +should be removed *immediately* and the system checked for signs of an +intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd002f]

+A plus sign (+) in the host field of a .rhosts file means that anyone +with the same login ID as the indicated login ID, anywhere on the Internet, +can login as that user, without a password. Note that all an intruder +has to do is create that login ID on a remote machine that they have +privileged access to. This should be removed *immediately* and the +system checked for signs of an intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd003w]

+The .rhosts file for the indicated user contains an entry for a +host which does not match any of the hosts listed in the RHOST_SITES +variable, defined in the 'tigerrc' file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd004w]

+The .rhosts file for the indicated user contains a '+' in the user +field. This allows any user on the indicated machine to access the +indicated login ID without providing a password. If this is not +a captured account, this should be removed immediately and the +system checked for signs of an intrusion. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd005i]

+The .rhosts file for the indicated user contains an entry which contains +a host name, but no username. The user name will default to the login ID +of the owner of the .rhosts file. The problem with this is that people +often carry around a .rhosts file from host to host, and entries in it +become out dated. By allowing the username to default, access to the +account can be granted which is not obvious. Entries should be complete +with host name and username. They should also be checked and cleaned out +regularly. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd006w]

+The indicated .rhosts file has permissions other than read and write +for the owner of the file. Allowing others to read the .rhosts file +provides information about other "trusted" hosts which may allow them +to compromise this host, the trusted hosts, or both. The permissions +should be at most read and write for the owner of the file. Note that +on some systems, because of network file systems, it is necessary to +have world read access to the .rhosts file so that client machines can +access the .rhosts file. Most systems correctly handle this situation +without the need for the world read access. If yours does not, you +should bring it to the attention of your vendor. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd007w]

+The indicated .rhosts file is a symbolic link. This is not normal +and should be looked at to see why it is like this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd008a]

+The indicated .rhosts file is a directory. This may indicate that +an intrusion has occurred and the .rhosts directory is being used +as a place to store files. This should be examined. The system +should also be checked for signs of intrusion if the contents +of the directory are unusual. The directory should be removed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd009f]

+The /etc/hosts.equiv file contains a '+' entry. This is a major +security hole. It allows anyone to login to the machine as any +user except `root'. This needs to be removed immediately. Note +that SunOS 4.x systems ship with the '+' entry. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd010w]

+The contents of the /etc/hosts.equiv file is listed. The hosts +listed here should be examined for correctness. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd011f]

+CERT Advisory CA-91:12 +

+A vulnerability exists in the trusted host facility such that +the presence of a '-' as the first character of the /etc/hosts.equiv, +/etc/hosts.lpd or .rhosts file may allow unauthorized access to the +system. +

+Rearranging the entries such that the entry with the leading '-' +is not the first line, or deleting it if it is the only line +will solve this problem. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd012f]

+The /etc/hosts.equiv file provides access using a netgroup which +includes a member of the form (,,). This is a wild card entry +which matches any host. This should be corrected immediately. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd013w]

+The /etc/hosts.equiv file and $HOME/.rhosts files do not support +comments. A commented entry is still valid. It simply indicates +a host with the character '#' as the first letter. Since an attempt +to comment out an entry indicates that it is no longer needed, it +could simply be deleted. Note that comments might (potentially) +permit unauthorised access. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd015w]

+The indicated .rhosts file contains invalid characters, not expected +to be found in a .rhosts file. This file should be examined and the +invalid characters removed, as it may contain a typo or possibly a +command. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd016w]

+The user has an .rhosts file. The use of rhosts files is not a recommended +method for secure access to remote hosts, you should consider whether or +not the user needs to have an .rhosts file and, in any case, consider +the use of safer replacement for the 'r' commands including public-key +cryptography programs (such as SSH implementations) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd017a]

+The .rhosts file of a given user does not belong to him, if you are running +the rlogin service this transfers control to what users (and where from) +can access this account to the user that this files belongs to. This is usually +and indication of an intrusion attempt and you should take steps to remove +this file and determine who has accessed to this account using the rlogin +service. +Consider removing the 'r' commands altogether and use safer replacements +commands, including public-key cryptography programs +(such as SSH implementations) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rcmd018a]

+Root has an .rhosts file, you should avoid at all hosts providing +passwordless remote access to the administrator user. +This can also be an indication of a remote intrusion, if so you should +take steps to remove this file and determine who has accessed to +this account using the rlogin service. +Consider removing the 'r' commands altogether and use safer replacements +commands, including public-key cryptography programs +(such as SSH implementations) --- tiger-3.2.2.orig/html/root.html +++ tiger-3.2.2/html/root.html @@ -0,0 +1,47 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for root

+

Code [root001w]

+The indicated file allows remote (i.e., other than system console). +root logins for telnet and other services. For /etc/default/login, +be sure that the line "CONSOLE=/dev/console" exists. For /etc/securetty, +be sure that there are no ttyp entries. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [root002w]

+The indicated /etc/ftpusers file allows remote root ftp logins. The entry +"root" should be added to this file. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [root003w]

+The root user should not have the message capability turned on. This +could lead to inadvertent modification of files with the root user is +logged in. --- tiger-3.2.2.orig/html/rootdir.html +++ tiger-3.2.2/html/rootdir.html @@ -0,0 +1,43 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for rootdir

+

Code [rootdir001f]

+The root directory is not at the beginning of a filesystems. +This usually indicates the output of the Tiger reports might +be suspect. (i.e. Tiger was possibly run inside a chroot, etc). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootdir002f]

+The permissions for the root directory are not secure. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootdir003f]

+The ownership of the root directory is not secure. --- tiger-3.2.2.orig/html/rootkit.html +++ tiger-3.2.2/html/rootkit.html @@ -0,0 +1,109 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for rootkit

+

Code [rootkit001f]

+A test was run on the 'ls' command to determine if it 'sees' +certain pathnames (e.g., '...','bnc','war',etc). Tiger creates +a temporary directory, creates files with known hacker program +names/directories, and attempts an 'ls'. If the 'ls' does not +recognize the file, a FAIL is issued +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootkit002f]

+A test was run on the 'find' command to determine if it 'sees' +certain pathnames (e.g., '...','bnc','war',etc). Tiger creates +a temporary directory, creates files with known hacker program +names/directories, and attempts an 'find'. If the 'find' does +not recognize the file, a FAIL is issued. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootkit003w]

+The 'chkrootkit' program has detected a suspicious directory +which might be an indication of an intrusion. +A full analysis of the system is recommended to determine the +presence of further signs of intrusion since a rootkit might have +been installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootkit004w]

+The 'chkrootkit' program has detected a possible rootkit installation +A full analysis of the system is recommended to determine the +presence of further signs of intrusion since a rootkit might have +been installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootkit005a]

+The 'chkrootkit' program has detected a rootkit installation +A full analysis of the system is recommended to determine the +presence of further signs of intrusion and to determine if the +rootkit is indeed installed. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [rootkit006a]

+A rootkit is installed by intruders in systems which have been +successfully compromised and in which they have obtained full +administrator privileges. The installation of a rootkit is +an indication of a major system compromise. +

+If the installation of a rootkit is confirmed you are encouraged +to power off the system and follow the steps outlined by +Steps for Recovering from a UNIX or NT System Compromise +(http://www.cert.org/tech_tips/root_compromise.html) --- tiger-3.2.2.orig/html/signature.html +++ tiger-3.2.2/html/signature.html @@ -0,0 +1,448 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for signature

+

Code [sig001e]

+No signature database was found. This likely indicates that a complete +port of the security checking system has not been done for this system. +It may also indicate an incorrect configuration of the security checking +system. +

+Because the signature database does not exist, it will not be possible +to perform the checks for altered binaries and installed security +patches. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig002a]

+The signature for the indicated file matches a signature obtained +from a binary known to have been altered. This indicates that the +system has been compromised. The system should be checked for other +signs of intrusion and cleaned up. The indicated binary should be +replaced from distribution media. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig003w]

+The signature for the indicated file is recognized as the signature +from a binary for which either a security patch exists, or a newer +version of the security patch exists. The file is out of date and +should be replaced with one from the indicated patch. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig004w]

+No match was found for the signature of the indicated file. This +indicates either a local modification has been performed, replacing +the binary, or that the file has been altered by an intruder. If +you are not aware of any local modifications, you should check this +carefully. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig005e]

+Something prevented the system from reading the indicated file. This +should not occur if the security system is run from the root account +on a non-MLS system. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig006w]

+CERT Advisory CA-92:11 +

+A vulnerability exists with regard to certain environment variables +used in SunOS 4.x systems. These vulnerabilities can occur in other +setuid executables than the ones checked here (including third party +software). The following patches are available to fix Sun supplied +software. +

+Sun Patch ID 100630 /bin/login, /bin/su, /usr/5bin/su (international) +

+Sun Patch ID 100631 /bin/login, /bin/su, /usr/5bin/su (domestic) +

+Sun Patch ID 100633 /bin/login, /bin/su, /usr/5bin/su (ARM) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig007a]

+The signature for the indicated file matches a signature obtained +from a binary known to have been altered. This indicates that the +system has been compromised. The system should be checked for other +signs of intrusion and cleaned up. The indicated binary should be +replaced from distribution media. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig008w]

+CERT Advisory CA-92:13 +

+A vulnerability exists in the NIS system for SunOS 4.x systems which +may allow NIS maps, including the passwd maps, to be obtained by any +host. Sun Patch ID 100482 provides a fix for this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig009w]

+CERT Advisory CA-92:11 +

+A vulnerability exists with regard to certain environment variables +used in SunOS 4.x systems. These vulnerabilities can occur in other +setuid executables than the ones checked here (including third party +software). The following patch is available to fix Sun supplied +software. +

+Sun Patch ID 100377 /usr/lib/sendmail, /usr/lib/sendmail.mx +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig010w]

+CERT Advisory CA-91:20 +

+A vulnerability exists in the 'rdist' command which can be exploited +to gain unauthorized privileges. This vulnerability exists in most +versions of 'rdist' distributed before 1992. Sun Patch ID 100383 +provides a fix for this. +

+

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig011w]

+CERT Advisory CA-91:10a +

+A vulnerability exists in the print system (lpr, lpc, lpd, etc) on +SunOS 4.x systems which can allow a user to delete files they do +not own. A fix for this vulnerability is provided in Sun Patch ID +100305. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig012w]

+CERT Advisory CA-91:09 +

+A vulnerability exists in the rpc.mountd program which can allow +any host to access NFS exported file systems. This occurs when the +length of the host access list for an entry exceeds 256 characters. +Sun Patch ID 100296 provides a fix for this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig013w]

+A vulnerability exists in the expreserve utility for SunOS 4.1.1 +systems which can be used to gain unauthorized privileges. Expreserve +is used by the 'ex' and 'vi' editors for preserving files when the +editors terminate abnormally. Sun Patch ID 100251 provides a fix +for this. (obsoleted by by Sun Patch ID 101080, [sig014w]) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig014w]

+CERT Advisory CA-93:09a +

+CIAC Advisory D-16 +

+A vulnerability exists in the expreserve utility for SunOS 4.1.1, +4.1.2, 4.1.3, 5.0, 5.1, and 5.2 systems which can be used to gain +unauthorized privileges. Expreserve is used by the 'ex' and 'vi' +editors for preserving files when the editors terminate abnormally. +Fixes for this for SunOS 4.x and 5.x are: +

+Sun Patch ID 101080 -- SunOS 4.x +

+Sun Patch ID 101119 -- SunOS 5.0 +

+Sun Patch ID 101089 -- SunOS 5.1 +

+Sun Patch ID 101090 -- SunOS 5.2 +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig015w]

+CERT Advisory CA-91:01a +

+A vulnerability exists in the /bin/mail and /bin/rmail utility for +SunOS 4.x systems which can be used to gain unauthorized privileges. +These programs are responsible for performing local mail delivery. +Sun Patch ID 100224 provides a fix for this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig016w]

+CERT Advisory CA-93:15 +

+A vulnerability exists in /usr/lib/sendmail which allows a remote +user to gain access to the system. +

+Sun Patch ID 100377-07 provides a fix for SunOS 4.x. +

+Sun Patch ID 100840-03 provides a fix for Solaris 2.1. +

+Sun Patch ID 101077-03 provides a fix for Solaris 2.2. +

+(you should obtain the latest revision of the patch). +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig017w]

+CERT Advisory CA-93:15 +

+A vulnerability exists in the 'tar' utility which causes it to +place information from the passwd file in the archive set. Archives +created with this version of 'tar' should not be distributed. +

+Sun Patch ID 100975-02 provides a fix for Solaris 2.1. +

+Sun Patch ID 101301-01 provides a fix for Solaris 2.2. +

+(you should obtain the latest revision of the patch) +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig018w]

+The /usr/kvm/modload program can be used to gain super-user +privileges. Sun Patch ID 101200 provides a fix for this. The +documentation for the patch indicates that it is for SunOS 4.1.3, but +examination of the SunOS 4.1.2 /usr/kvm/modload indicates it suffers +from the same problem. I do not know whether the modload binary in +101200 will work with SunOS 4.1.2. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig019w]

+This is an additional fix to /usr/5bin/su. See 'sig006w' for +information on the initial fixes. +

+/usr/5bin/su sets the default path with '.' as the first search +directory. This opens the system up to trojan programs. Sun +Patch Id 100630-02 provides a fix for this, in addition to those +discussed in 'sig006w'. Refer to the README provided with the +patch for additional information concerning international sites. +

+Sun Patch ID 100630 /usr/5bin/su +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig020w]

+On SunOS 5.2, the FTP daemon does not correctly verify that the user's +shell is valid. As a result restricted accounts can login via FTP. +

+Sun Patch ID 101037 provides a fix for this. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig021w]

+The remote shell daemon on Linux 0.99.12 from TAMU (and other distributions) +does not understand shadow passwords. If an entry in /etc/passwd (not +/etc/shadow) has a null password field, a remote shell will succeed from +any where to that account. The 'passwd' command does *not* sanity check this +field when changing the password. As a result, the 'root' account has a +null password field, allowing anyone to remote shell in as root. To fix +this problem, place a '*' in the password field in /etc/passwd. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [sig022f]

+The patchdiag.xref files is not available in the configuration directory. This +means that the script cannot proceed further since it does not have any +information of which are the appropriate patches for this system. +

+Please download the patchdiag file from Sunsolve, you can use, for example, +the following link: +http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=patchdiag.xref&method=H +

+Once downloaded, place it in the configuration directory and rerun the script. --- tiger-3.2.2.orig/html/ssh.html +++ tiger-3.2.2/html/ssh.html @@ -0,0 +1,80 @@ +

+
+
+
+
+
+
+
+
+
+

Documents for ssh

+

Code [ssh001w]

+The Protocol directive in the sshd_config file is not in the +allowed protocol list. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ssh002w]

+The PermitRootLogin directive is not in the allowed methods +list. This directive controls how root is allowed to use SSH. +Valid options are: yes, without-password, forced-commands-only, +and no. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ssh003w]

+The RhostsAuthentication directive determines if .rhosts or +/etc/hosts.equiv is sufficient authentication. This option +only applies to protocol version 1 and is generally believed +to be insecure. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ssh004w]

+The PasswordAuthentication directive determines if passwords +are a sufficient authentication. +

+
+
+
+
+
+
+
+
+
+
+
+

Code [ssh005e]

+The variable SSHD_CONFIG is not defined which means that you have +not setup (or the system has been enable to find) your SSH configuration +files. You should setup that variable in your site-`hostname` +configuration file. --- tiger-3.2.2.orig/scripts/check_apache +++ tiger-3.2.2/scripts/check_apache @@ -90,19 +90,23 @@ # First check if Apache is bound to use only an IP address [ -f $APACHECONFDIR/httpd.conf ] && { - $GREP ^Listen $APACHECONFDIR/httpd.conf | - while read listen ipaddr - do - port=`echo $ipaddr | $CUT -f : -d 2` - ipaddr=`echo $ipaddr | $SED -e 's/:.*$//'` - done + listen=`$GREP ^Listen $APACHECONFDIR/httpd.conf | head -1 | $AWK '{print $2}'` + if [ -n "$listen" ]; then + if echo "$listen" | grep -q ':' ; then + port=`echo "$listen" | $CUT -d : -f 2` + ipaddr=`echo "$listen" | $SED -e 's/:.*$//'` + else + port="$listen" + ipaddr="" + fi + fi # TODO: this check should warn only if this is a multihomed host # (we probably need to check this in other places so a utils function # 'amImultihome' might be useful) if [ -z "$port" -o -z "$ipaddr" ]; then - message WARN apa001w "The Apache server is not configured to be bound to an specific IP address." + message WARN apa001w "" "The Apache server is not configured to be bound to an specific IP address." else - message INFO apa001w "The Apache server is configured to listen only on address $ipaddr port $port." + message INFO apa001w "" "The Apache server is configured to listen only on address $ipaddr port $port." fi } # Now check options @@ -130,9 +134,9 @@ # Before reseting check the '/' configuration if [ "$directory" = "/" ] ; then [ $denyfirst -ne 1 -o $alldenied -ne 0 ] && \ - message WARN apa002w "There is no limitation to access filesystem locations (configuration for '/')" + message WARN apa002w "" "There is no limitation to access filesystem locations (configuration for '/')" [ "$options" != "None" -a "$options" != "none" ] && \ - message WARN apa002w "Options flag for the filesystem should be 'None' (configuration for '/')" + message WARN apa002w "" "Options flag for the filesystem should be 'None' (configuration for '/')" fi directory="Any (default)" denyfirst=0 @@ -149,20 +153,20 @@ # followed back to the root dir # Sample: ln -s /etc/passwd if [ ! -z "`echo $options | $GREP -i ifownermatch`" ]; then - message INFO apa003i "$directory directory configuration permits symlink following only if owner of the symlink matches." + message INFO apa003i "" "$directory directory configuration permits symlink following only if owner of the symlink matches." else - message WARN apa004w "$directory directory configuration permits symlink following." + message WARN apa004w "" "$directory directory configuration permits symlink following." fi fi # of followsymlinks # TODO: we could list executable files in the directory if [ ! -z "`echo $options | $GREP -i execcgi`" ]; then - message WARN apa005w "$directory directory can hold executable CGI." + message WARN apa005w "" "$directory directory can hold executable CGI." fi # TODO we could check which directories do not have an index.html file if [ ! -z "`echo $options | $GREP -i indexes`" ]; then - message WARN apa006w "$directory directory will provide content listing if there are no index.html files." + message WARN apa006w "" "$directory directory will provide content listing if there are no index.html files." fi fi # of the options --- tiger-3.2.2.orig/scripts/check_crontabs +++ tiger-3.2.2/scripts/check_crontabs @@ -109,13 +109,12 @@ # while read owner command do - com="`echo \"$command\" | $SED -e 's/[0-9]*>//g' | $TR -d '()\;\`&!|'`" # Can't 'set' this because of shell meta-characters. cmd="`echo \"$com\" | $AWK '{print $1}'`" - base=`$BASENAME "$cmd"` + base=`$BASENAME -- "$cmd"` case "$base" in sh|csh|ksh|tcsh|zsh|bash|if|cd) [ "$2" != "-c" ] && cmd="`echo \"$com\" | $AWK '{print $2}'`";; @@ -189,7 +188,7 @@ $GREP -v "^#" | while read user do - message WARN cron006w "User $user is allowed cron usage." + message WARN cron006w "" "User $user is allowed cron usage." done fi if [ -f "$CRONDENY" ] @@ -198,7 +197,7 @@ $GREP -v "^#" | while read user do - message INFO cron007i "User $user is denied cron usage." + message INFO cron007i "" "User $user is denied cron usage." done fi if [ ! -f "$CRONALLOW" -a ! -f "$CRONDENY" ] --- tiger-3.2.2.orig/scripts/check_xinetd +++ tiger-3.2.2/scripts/check_xinetd @@ -98,9 +98,9 @@ if [ "`$GREP -i 'disable' $xinetd_dir/$file | $AWK '{print $NF}'`" = "no" ] ; then service=`$GREP -w 'server' $file | $GREP '=' | $AWK '{print $NF}'` - message INFO xnet004i "Service $file is enabled using: $service." + message INFO xnet004i "" "Service $file is enabled using: $service." else - message INFO xnet005i "Service $file is disabled." + message INFO xnet005i "" "Service $file is disabled." fi done } @@ -115,13 +115,13 @@ then check_xinetconfig $xinetd_directory else - message ERROR xnet002e "The location included in $XINETDCONF is not a directory" + message ERROR xnet002e "" "The location included in $XINETDCONF is not a directory" fi done else if [ ! -f "$XINETDCONF" ] ; then - message ERROR xnet001e "It appears that xinetd is not installed, cannot find file $XINETDCONF." + message ERROR xnet001e "" "It appears that xinetd is not installed, cannot find file $XINETDCONF." else - message ERROR xnet003e "Cannot read file $XINETDCONF." + message ERROR xnet003e "" "Cannot read file $XINETDCONF." fi fi --- tiger-3.2.2.orig/systems/Linux/2/deb_checkmd5sums +++ tiger-3.2.2/systems/Linux/2/deb_checkmd5sums @@ -105,6 +105,9 @@ haveallcmds MD5SUM CAT CUT SED GREP BASENAME || exit 1 +# Prelink +PRELINK=/usr/sbin/prelink + # From the localepurge binary: LOCALEDIR=/usr/share/locale MANDIR=/usr/share/man @@ -136,6 +139,7 @@ file=`echo $file | sed -e "s/:$//"` case $err in DIFF|FAILED) + # TODO: Use prelink if available # don't check diverted now [ -z "`$GREP -sxF \"$file\" $DIVERSIONS`" ] && # and conffiles should not be checked either --- tiger-3.2.2.orig/systems/Linux/2/debian_advisories +++ tiger-3.2.2/systems/Linux/2/debian_advisories @@ -2446,6 +2446,30 @@ boa 0.94.8.3-1 m68k boa 2000-10-09 boa 0.94.8.3-1 powerpc boa 2000-10-09 boa 0.94.8.3-1 sparc boa 2000-10-09 +quagga-doc 0.98.3-7.5 all DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 alpha DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 amd64 DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 arm DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 hppa DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 i386 DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 ia64 DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 m68k DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 mips DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 mipsel DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 powerpc DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 s390 DSA-1382-1 quagga 2007-10-1 +quagga 0.98.3-7.5 sparc DSA-1382-1 quagga 2007-10-1 +xfs 1.0.1-6 alpha DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 amd64 DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 arm DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 hppa DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 i386 DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 ia64 DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 mips DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 mipsel DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 powerpc DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 s390 DSA-1342-1 xfs 2007-7-30 +xfs 1.0.1-6 sparc DSA-1342-1 xfs 2007-7-30 gtk2-engines-pixbuf 2.6.4-3.2 alpha DSA-1256-1 gtk+2.0 2007-1-31 gtk2-engines-pixbuf 2.6.4-3.2 amd64 DSA-1256-1 gtk+2.0 2007-1-31 gtk2-engines-pixbuf 2.6.4-3.2 arm DSA-1256-1 gtk+2.0 2007-1-31 @@ -2920,6 +2944,37 @@ libmagick6 6.0.6.2-2.9 sparc DSA-1260-1 imagemagick 2007-2-14 libmagick6-dev 6.0.6.2-2.9 sparc DSA-1260-1 imagemagick 2007-2-14 perlmagick 6.0.6.2-2.9 sparc DSA-1260-1 imagemagick 2007-2-14 +phpmyadmin 2.9.1.1-4 all DSA-1370-1 phpmyadmin 2007-9-9 +freetype2-demos 2.1.7-8 amd64 DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 amd64 DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 amd64 DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 arm DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 arm DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 arm DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 hppa DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 hppa DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 hppa DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 i386 DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 i386 DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 i386 DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 ia64 DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 ia64 DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 ia64 DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 m68k DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 m68k DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 m68k DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 mipsel DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 mipsel DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 mipsel DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 powerpc DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 powerpc DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 powerpc DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 s390 DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 s390 DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 s390 DSA-1334-1 freetype 2007-7-18 +libfreetype6-dev 2.1.7-8 sparc DSA-1334-1 freetype 2007-7-18 +freetype2-demos 2.1.7-8 sparc DSA-1334-1 freetype 2007-7-18 +libfreetype6 2.1.7-8 sparc DSA-1334-1 freetype 2007-7-18 php4-pear 4.3.10-19 all DSA-1264-1 php4 2007-3-7 php4 4.3.10-19 all DSA-1264-1 php4 2007-3-7 libapache-mod-php4 4.3.10-19 alpha DSA-1264-1 php4 2007-3-7 @@ -3151,6 +3206,87 @@ php4-sybase 4.3.10-19 sparc DSA-1264-1 php4 2007-3-7 php4-xslt 4.3.10-19 sparc DSA-1264-1 php4 2007-3-7 wordpress 2.0.10-1 all DSA-1285-1 wordpress 2007-5-01 +wesnoth-data 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-ei 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-httt 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-music 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-sotbe 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-tdh 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-trow 0.9.0-6 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 alpha DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 alpha DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 alpha DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 amd64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 amd64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 amd64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 arm DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 arm DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 arm DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 hppa DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 hppa DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 hppa DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 i386 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 i386 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 i386 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 ia64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 ia64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 ia64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 m68k DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 m68k DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 m68k DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 mipsel DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 mipsel DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 mipsel DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 powerpc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 powerpc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 powerpc DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 s390 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 s390 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 s390 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 0.9.0-6 sparc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 0.9.0-6 sparc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 0.9.0-6 sparc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-data 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-ei 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-httt 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-music 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-trow 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-tsg 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-ttb 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth-utbs 1.2-2 all DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 alpha DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 alpha DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 alpha DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 amd64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 amd64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 amd64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 arm DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 arm DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 arm DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 hppa DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 hppa DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 hppa DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 i386 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 i386 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 i386 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 ia64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 ia64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 ia64 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 mips DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 mips DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 mips DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 mipsel DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 mipsel DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 mipsel DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 powerpc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 powerpc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 powerpc DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 s390 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 s390 DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 s390 DSA-1386-1 wesnoth 2007-10-15 +wesnoth 1.2-2 sparc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-editor 1.2-2 sparc DSA-1386-1 wesnoth 2007-10-15 +wesnoth-server 1.2-2 sparc DSA-1386-1 wesnoth 2007-10-15 quagga-doc 0.98.3-7.4 all DSA-1293-1 quagga 2007-5-17 quagga 0.98.3-7.4 alpha DSA-1293-1 quagga 2007-5-17 quagga 0.98.3-7.4 amd64 DSA-1293-1 quagga 2007-5-17 @@ -3164,6 +3300,216 @@ quagga 0.98.3-7.4 powerpc DSA-1293-1 quagga 2007-5-17 quagga 0.98.3-7.4 s390 DSA-1293-1 quagga 2007-5-17 quagga 0.98.3-7.4 sparc DSA-1293-1 quagga 2007-5-17 +xfs 1.0.1-7 alpha DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 amd64 DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 arm DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 hppa DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 i386 DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 ia64 DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 mips DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 mipsel DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 powerpc DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 s390 DSA-1385-1 xfs 2007-10-9 +xfs 1.0.1-7 sparc DSA-1385-1 xfs 2007-10-9 +php4-pear 4.3.10-22 all DSA-1331-1 php4 2007-7-7 +php4 4.3.10-22 all DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 alpha DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 amd64 DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 arm DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 i386 DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 ia64 DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 m68k DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 mipsel DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 s390 DSA-1331-1 php4 2007-7-7 +libapache-mod-php4 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +libapache2-mod-php4 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-cgi 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-cli 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-common 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-curl 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-dev 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-domxml 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-gd 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-imap 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-ldap 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-mcal 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-mhash 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-mysql 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-odbc 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-recode 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-snmp 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-sybase 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +php4-xslt 4.3.10-22 sparc DSA-1331-1 php4 2007-7-7 +xpdf-common 3.00-13.7 all DSA-1347-1 xpdf 2007-8-4 +xpdf 3.00-13.7 all DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 alpha DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 alpha DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 amd64 DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 amd64 DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 arm DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 arm DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.6 hppa DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.6 hppa DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 i386 DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 i386 DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 ia64 DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 ia64 DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 m68k DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 m68k DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 mips DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 mips DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 mipsel DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 mipsel DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 powerpc DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 powerpc DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 s390 DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 s390 DSA-1347-1 xpdf 2007-8-4 +xpdf-reader 3.00-13.7 sparc DSA-1347-1 xpdf 2007-8-4 +xpdf-utils 3.00-13.7 sparc DSA-1347-1 xpdf 2007-8-4 libsane 1.0.7-4 alpha DSA-379-1 sane-backends 2003-9-11 libsane-dev 1.0.7-4 alpha DSA-379-1 sane-backends 2003-9-11 libsane 1.0.7-4 arm DSA-379-1 sane-backends 2003-9-11 --- tiger-3.2.2.orig/systems/Linux/2/gen_cron +++ tiger-3.2.2/systems/Linux/2/gen_cron @@ -77,10 +77,16 @@ $GETUSERHOME "$file" >/dev/null 2>/dev/null if [ $? = 0 ]; then + # Parse the crontab file: + # - Replace '@' commands (Debian-specific), since we don't care on + # times we just replace them with '0 0 0 0 0' + # - Remove variable definitions $SED -e 's/#.*$//' -e '/^$/d' $CRONSPOOL/$name | + $SED -e 's/^@[A-Za-z]*/0 0 0 0 0/' | + $SED -e '/^[A-Za-z]*.*=/d' | while read a b c d e command do - echo "$name $command" + [ -n "$command" ] && echo "$name $command" done >> $outfile else echo "--WARN-- Found cron file for unknown user $file." --- tiger-3.2.2.orig/systems/Linux/2/gen_mounts +++ tiger-3.2.2/systems/Linux/2/gen_mounts @@ -105,6 +105,7 @@ [ "$1" = "auto" ] && LOCAL=0 [ "$1" = "selinuxfs" ] && LOCAL=0 [ "$1" = "fusectl" ] && LOCAL=0 + [ "$1" = "fuse" ] && LOCAL=0 # Filesystems of other OS [ "$1" = "msdos" ] && LOCAL=1 [ "$1" = "umsdos" ] && LOCAL=1 --- tiger-3.2.2.orig/systems/Linux/2/update_advisories.sh +++ tiger-3.2.2/systems/Linux/2/update_advisories.sh @@ -22,7 +22,7 @@ DEB_ADV_DIR=~jfs/debian/www/webwml/english/security/ if [ -d $DEB_ADV_DIR ] then - find $DEB_ADV_DIR -name "*data" -exec cat \{\} \; | perl retrieve-advisories.pl >debian_advisories + find $DEB_ADV_DIR -name "*data" -a -type f -exec cat \{\} \; | perl retrieve-advisories.pl >debian_advisories else echo "Cannot access the $DEB_ADV_DIR directory." echo "Cannot generate the advisories data for Tiger."