--- tiger-3.2.3.orig/tigexp +++ tiger-3.2.3/tigexp @@ -20,6 +20,7 @@ # tigexp - 11/27/2008 - Proper handling of errors and existance (or # lack of) idx file. Also, regenerate the index # file only if running as root. +# tigexp - 04/25/2009 - proper wording for error messages # # This program retrieves information explaining what a given message # (INFO, WARN, ALERT, FAIL or ERROR) given out by Tiger means. @@ -61,7 +62,7 @@ set X $__cmdstr __cmd=$2 if [ ! -n "$__cmdstr" ]; then - echo "--ERROR-- [init001e] Don't have required command $__file." + echo "--ERROR-- [init001e] Don't have a value for required command $__file." __retval=1 elif [ ! -f "$__cmd" ]; then echo "--ERROR-- [init004e] \`$__cmd' is not executable (command $__file)." @@ -79,10 +80,10 @@ do eval __file=\$$__var if [ ! -n "$__file" ]; then - echo "--ERROR-- [init005e] Don't have required file $__var." + echo "--ERROR-- [init005e] Don't have a value for required file or directory $__var." __retval=1 elif [ ! -f "$__file" -a ! -d "$__file" ]; then - echo "--ERROR-- [init006e] \`$__file' does not exist (file $__var)." + echo "--ERROR-- [init006e] \`$__file' does not exist (file or directory $__var)." __retval=1 fi done --- tiger-3.2.3.orig/CHANGES +++ tiger-3.2.3/CHANGES @@ -1,6 +1,41 @@ NOTE: To read changes made to the Debian package (since August 23rd 2001) see the changelog.Debian file +Changes (v 3.2.4) +-------------------- + +- Fixed some bashisms in files: + * systems/default/check_ndd, line 90. + * systems/HPUX/check_passwdspec, lines 101, 108. + +- Fixed a problem in the sh script file scripts/sub/check_suid + finding the owner of files. + +- Fixed warning messages in scripts/sub/check_nousrgrp to make them + easier to ignore and add proper documentation for the warnings + +- Updated mailing lists info in README + +- Fixed a problem in delete() function to remove properly files in loop + in initdef script. + +- Fixed a problem removing a temporary file in scripts/find_file script. + +- scripts/check_known: Fixed problems handling files with spaces or + newline characters in their filename in /*/lost+found/ directories. + +- Added support for recognize simfs as local filesystem. + +- Improve documentation for tiger messages + +- Fixed a bashism problem with logical expression in /systems/HPUX/check_trusted + +- Added support to recognize fuse.ltspfs for ltspfs file system and ltsp-server + in systems/Linux/2/gen_mounts script. + +-...More changes in progress... + + Changes (v 3.2.3) -------------------- --- tiger-3.2.3.orig/README +++ tiger-3.2.3/README @@ -40,15 +40,15 @@ There are now two mailing lists available for the 'tiger' at savannah.gnu.org. These two mailing lists are: -- a user's mailing list: tiger-user@mail.freesoftware.fsf.org +- a user's mailing list: tiger-user@nongnu.org Dedicated to users of the Tiger tool, feel free to ask here any questions on how to run the tool, configure it or adapt it to your system. - http://mail.freesoftware.fsf.org/mailman/listinfo/tiger-user + http://lists.nongnu.org/mailman/listinfo/tiger-user -- a developer's mailing list: tiger-devel@mail.freesoftware.fsf.org +- a developer's mailing list: tiger-devel@nongnu.org If you want to help us improve Tiger this is where all discussion on improvements on the tool take place. - http://mail.freesoftware.fsf.org/mailman/listinfo/tiger-devel + http://lists.nongnu.org/mailman/listinfo/tiger-devel Note that the previous mailing list (at 'majordomo@net.tamu.edu') does no longer work. @@ -113,3 +113,4 @@ First version by Doug.Schales@net.tamu.edu Last update by Javier Fernandez-Sanguino +Last update by Francisco Manuel García Claramonte (11/02/2010) --- tiger-3.2.3.orig/tigerrc +++ tiger-3.2.3/tigerrc @@ -58,7 +58,7 @@ Tiger_Check_NTP=Y # Fast # OS specific checks -# You can comment them if they are not appropiate to your system but +# You can comment them if they are not appropriate to your system but # they will not run if you are running a different OS # - Linux specific Tiger_Check_PATCH=N # Depends on your network connection @@ -375,7 +375,8 @@ # The process list below is just an example (useful for Linux) # change it to suit your needs. You can use either the process name # or the full path name -Tiger_Running_Procs='syslogd cron atd klogd' +Tiger_Running_Procs='rsyslogd cron atd' +# Tiger_Running_Procs='syslogd cron atd klogd' # or # Tiger_Running_Procs='/sbin/syslogd /usr/sbin/atd /usr/sbin/cron /sbin/klogd' # --- tiger-3.2.3.orig/TODO +++ tiger-3.2.3/TODO @@ -20,7 +20,7 @@ . OVAL interpreter and OS-specific OVAL queries (for Debian GNU/Linux, RedHat GNU/Linux and Solaris). . Revision of current checks to add CVE mapping for vulnerabilities - if appropiate. + if appropriate. . Revision of documentation on fixes (tigexp) - Version 3.4 (stable): bug fixes. - Version 3.3 (unstable): --- tiger-3.2.3.orig/tigerrc-hpux +++ tiger-3.2.3/tigerrc-hpux @@ -48,7 +48,7 @@ Tiger_Check_ROOTKIT=Y # Slow if chkrootkit is available Tiger_Check_FTPUSERS=Y # Fast # OS specific checks -# You can comment them if they are not appropiate to your system but +# You can comment them if they are not appropriate to your system but # they will not run if you are running a different OS # - Linux specific Tiger_Check_PATCH=N # Depends on your network connection --- tiger-3.2.3.orig/initdefs +++ tiger-3.2.3/initdefs @@ -16,6 +16,10 @@ # # initdefs - 06/14/93 # +# initdefs - 05/03/2010 - - Fixed the problem with delete() function in +# initdefs which prevented it from deleting multiple files if +# it failed with one of them (Debian bug #544701) +# # initdefs - 01/10/2005 - cslater - Modified ignore function so that # filtering can also be done on msgid and level # initdefs - 08/01/2004 - jfs - Allow removal from LOGDIR so that tiger -e @@ -75,10 +79,10 @@ do eval __file=\$$__var if [ ! -n "$__file" ]; then - echo "--ERROR-- [init005e] Don't have required file $__var." + echo "--ERROR-- [init005e] Don't have a value for file definition $__var." __retval=1 elif [ ! -f "$__file" -a ! -d "$__file" ]; then - echo "--ERROR-- [init006e] \`$__file' does not exist (file $__var)." + echo "--ERROR-- [init006e] \`$__file' does not exist (file definition $__var)." __retval=1 fi done @@ -115,13 +119,13 @@ # delete() { - goahead=1 if [ -z "$RM" ] ; then echo "--ERROR-- [init001e] The variable RM is not defined. Aborting." exit 1 fi for __file do + goahead=1 if [ -n "$LS" ] then if [ -z "`$LS \"$__file\" 2>/dev/null`" ] --- tiger-3.2.3.orig/tigerrc-all +++ tiger-3.2.3/tigerrc-all @@ -48,7 +48,7 @@ Tiger_Check_ROOTKIT=Y # Slow if chkrootkit is available Tiger_Check_FTPUSERS=Y # Fast # OS specific checks -# You can comment them if they are not appropiate to your system but +# You can comment them if they are not appropriate to your system but # they will not run if you are running a different OS # - Linux specific Tiger_Check_PATCH=N # Depends on your network connection --- tiger-3.2.3.orig/tiger +++ tiger-3.2.3/tiger @@ -48,7 +48,8 @@ echo "Tiger UN*X security checking system" echo " Developed by Texas A&M University, 1994" echo " Updated by the Advanced Research Corporation, 1999-2002" -echo " Further updated by Javier Fernandez-Sanguino, 2001-2008" +echo " Further updated by Javier Fernandez-Sanguino, 2001-2010" +echo " Contributions by Francisco Manuel Garcia Claramonte, 2009-2010" echo " Covered by the GNU General Public License (GPL)" echo TigerInstallDir="." --- tiger-3.2.3.orig/config +++ tiger-3.2.3/config @@ -17,6 +17,9 @@ # # config (top level) - 06/14/93 # +# 08/04/2011 jfs Fix setting of CONFIG_DIR when using the default +# 10/06/2010 jfs Do not complain if the working directory is a temporary +# on (Debian bug #589089) # 08/30/2006 jfs Attempt to create working directory if it does not exist # (Debian bug #366919) # 06/22/2005 jfs Abort signature generation if the user does not @@ -287,16 +290,23 @@ # TODO: WORKDIR should be removed on exit if it is located in a temporary # directory if [ ! -d "$WORKDIR" ] ; then - echo "Configured working directory $WORKDIR does not exist" >&2 + # Complain if the workingdirectory is not located in + # a temporary location and it does not exist + case "$WORKDIR" in + /var/run/* | /tmp* | /var/tmp/* ) ;; + *) echo "Configured working directory $WORKDIR does not exist" >&2 ;; + esac if [ "$QUIET" != "Y" ] ; then echo "Creating working directory $WORKDIR" echo fi + # Try to create it... # TODO: -p switch is not portable if ! mkdir -p "$WORKDIR" >/dev/null 2>&1; then echo "Configured working directory $WORKDIR cannot be created (should you use -w?)" >&2 exit 1 fi + # From here on we should have a working WORKDIR fi @@ -348,8 +358,8 @@ [ "$QUIET" != "Y" ] && { echo "--CONFIG-- [con007c] No configuration files for $OS. Using default" echo " configuration files. Not all checks may be performed." - CONFIG_DIR="$CONFIG_LOC/default" } + CONFIG_DIR="$CONFIG_LOC/default" else echo "--ERROR-- [con008e] No configuration files for $OS $REV and can't find the" echo " default configuration files. Terminating." --- tiger-3.2.3.orig/util/genmsgidx +++ tiger-3.2.3/util/genmsgidx @@ -96,10 +96,10 @@ haveallof variables BASEDIR || exit 1 # Clear idx file and detect error -> $BASEDIR/doc/explain.idx && { - echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting" - exit 1 -} +#> $BASEDIR/doc/explain.idx && { +# echo "Error: Cannot write over the index file $BASEDIR/doc/explain.idx. Aborting" +# exit 1 +#} $LS $BASEDIR/doc/*.txt | while read infile --- tiger-3.2.3.orig/man/tiger.8.in +++ tiger-3.2.3/man/tiger.8.in @@ -144,7 +144,7 @@ architecture .B Tiger is running in might result in scripts being run which are not -appropiate to it, and, as a consequence, unexpected (and potentially +appropriate to it, and, as a consequence, unexpected (and potentially dangerous) errors might be generated. When executed .B Tiger will show which operating system, release and architecture thinks it is --- tiger-3.2.3.orig/debian/tiger.links +++ tiger-3.2.3/debian/tiger.links @@ -0,0 +1 @@ +usr/sbin/tigexp usr/lib/tiger/tigexp --- tiger-3.2.3.orig/debian/dirs +++ tiger-3.2.3/debian/dirs @@ -0,0 +1,7 @@ +etc/tiger +etc/tiger/templates +etc/default +usr/sbin +usr/lib/tiger +var/lib/tiger/work +var/log/tiger --- tiger-3.2.3.orig/debian/cron.d +++ tiger-3.2.3/debian/cron.d @@ -0,0 +1,9 @@ +# +# Regular cron jobs for the tiger package +# +# Configuration file +DEFAULT=/etc/default/tiger +# default setting, overriden in the above file +NICETIGER=10 +# +0 * * * * root test -x /usr/sbin/tigercron && { [ -r "$DEFAULT" ] && . "$DEFAULT" ; nice -n$NICETIGER /usr/sbin/tigercron -q ; } --- tiger-3.2.3.orig/debian/tigexp +++ tiger-3.2.3/debian/tigexp @@ -0,0 +1,4 @@ +#!/bin/sh +# Wrapper script for tiger + +cd /usr/lib/tiger && ./tigexp $* --- tiger-3.2.3.orig/debian/tiger.desktop +++ tiger-3.2.3/debian/tiger.desktop @@ -0,0 +1,8 @@ +[Desktop Entry] +Name=Tiger UNIX security tool +Comment=Tiger UNIX security tool (root) +Exec=su-to-root -c '/usr/sbin/tiger' +Terminal=true +Type=Application +Categories=System; +StartupNotify=true --- tiger-3.2.3.orig/debian/tiger.lintian-overrides +++ tiger-3.2.3/debian/tiger.lintian-overrides @@ -0,0 +1,7 @@ +# Lintian override file for Tiger +# We need to warn the users that Tiger requires adapting to the local system +tiger binary: possible-debconf-note-abuse +# There are directories are set with more strict permissions than expected +# since they might contain sensitive information. This +# includes var/lib/tiger/work/ and var/log/tiger/. +tiger binary: non-standard-dir-perm --- tiger-3.2.3.orig/debian/server.ignore +++ tiger-3.2.3/debian/server.ignore @@ -0,0 +1,21 @@ +# Mysql database server +Program mysqld \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /var/log/mysql/mysql\.err\.[[:digit:]]+ \(deleted\) +# Apache web server +Server /usr/sbin/apache \(pid [[:digit:]]+\) is using deleted files +Program apache \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /tmp/session_mm_apache0.sem \(deleted\) +The parent process of server /usr/sbin/apache \(pid [[:digit:]]+\) is using deleted files +# Cupds printer daemon +Server /usr/sbin/cupsd \(pid [[:digit:]]+\) is using deleted files +Program cupsd \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /var/log/cupsd/error_log\..* \(deleted\) +#Mailman list manager +Program python \(pid [[:digit:]]+, parent [[:digit:]]+\) is using a deleted file: .* /var/log/mailman/.* \(deleted\) +# Squid proxy +Server \(squid\) .* \(pid [[:digit:]]+\) is using deleted files +# SSH users accessing remotely with X11 forwarding 'on' +The process `sshd' is listening on socket 6[[:digit:]]+ (TCP on loopback interface) is run by .* +# Identd +The process .identd. is listening on socket 113 \(TCP on every interface\) is run by identd\. +# Avahi daemon +The process .avahi-daemon. is listening on socket [[:digit:]]+ \(UDP on every interface\) is run by avahi\. +# Bind +The process .named. is listening on socket [[:digit:]]+ \(UDP on every interface\) is run by bind\. --- tiger-3.2.3.orig/debian/docs +++ tiger-3.2.3/debian/docs @@ -0,0 +1,19 @@ +USING +BUGS.EXTERN +DESCRIPTION +CREDITS +README +README.1st +README.hostids +README.ignore +README.linux +README.logo +README.signatures +README.sources +README.time +README.unsupported +README.writemodules +TODO +tiger_logo_half.jpg +tiger_logo.jpg +tiger_logo_small.jpg --- tiger-3.2.3.orig/debian/tiger.menu +++ tiger-3.2.3/debian/tiger.menu @@ -0,0 +1,4 @@ +?package(tiger):needs="text" section="Applications/System/Security" \ + title="Tiger UNIX security tool" \ + longtitle="Tiger UNIX security tool (root)" \ + command="su-to-root -c '/usr/sbin/tiger'" --- tiger-3.2.3.orig/debian/postinst +++ tiger-3.2.3/debian/postinst @@ -0,0 +1,68 @@ +#!/bin/sh -e + +# System configuration file: +CONFIG=/etc/tiger/tigerrc +# Package-provided configuration file: +PKGCONFIG=/usr/share/doc/tiger/examples/tigerrc.gz + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see /usr/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +case "$1" in + install) + ;; + upgrade) + ;; + configure) + # Obtain the configured value + . /usr/share/debconf/confmodule + db_get tiger/mail_rcpt || true + MAIL_RCPT="$RET" + + # Create temporary file for use in UCF + tempfile=`tempfile` || { echo "Cannot create temporary file, aborting" >&2; exit 1; } + + # Determine if we are using a compressed configuration file or not + CAT=cat + if echo $PKGCONFIG | grep -q .gz; then + CAT=zcat + fi + if [ ! -e "$PKGCONFIG" ] ; then + echo "ERROR in maintainer script, cannot find package configuration file at $PKGCONFIG" >&2 + exit 1 + fi + $CAT $PKGCONFIG | sed -e "s/^Tiger_Mail_RCPT=.*$/Tiger_Mail_RCPT=\"$MAIL_RCPT\"/" > $tempfile + + # Use UCF to handle file changes + ucf --debconf-ok $tempfile $CONFIG + ucfr tiger $CONFIG + rm -f $tempfile + ;; + abort-upgrade) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + + +#DEBHELPER# + +exit 0 --- tiger-3.2.3.orig/debian/rules +++ tiger-3.2.3/debian/rules @@ -0,0 +1,106 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# We depend on baashisms +SHELL=/bin/bash + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +# export DH_COMPAT=5 + +build: build-stamp +build-stamp: + dh_testdir + autoconf + ./configure --with-tigerhome=/usr/lib/tiger --with-tigerwork=/var/lib/tiger/work --with-tigerlog=/var/log/tiger --with-tigerbin=/usr/sbin --with-tigerconfig=/etc/tiger --prefix=/usr --mandir=/usr/share/man + $(MAKE) all + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + [ -f Makefile ] && $(MAKE) distclean || $(MAKE) -f Makefile.in distclean + dh_clean + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + $(MAKE) install DESTDIR=debian/tiger/ + # This is not needed + -rm -rf debian/tiger/usr/lib/tiger/man/ + # Fix permission of all shell files + egrep -rl "^#\!/bin/.*sh" debian/tiger | \ + while read shell ; do chmod a+x $$shell; done + # Remove CVS directories + -find debian/tiger/ -type d -a -name "CVS" |xargs rm -rf + # Remove the systems that do not apply to the tiger-otheros package + # Currently only Linux and default are kept + # AIX/ default/ HPUX/ IRIX/ Linux/ NeXT/ SunOS/ UNICOS/ UNICOSMK + # TODO: make this for all dirs save for Linux and default (i.e. + # make this 'mv' more generic) + mv debian/tiger/usr/lib/tiger/systems/{AIX,HPUX,IRIX,NeXT,SunOS,UNICOS,UNICOSMK,Tru64,MacOSX} debian/tiger-otheros/usr/lib/tiger/systems/ + # Install configuration files + install -m 600 cronrc debian/tiger/etc/tiger/ + # Note: Do not install tigerrc, it is handled by ucf since it is edited by Debconf prompts: + -rm -f debian/tiger/etc/tiger/tigerrc + install -m 600 debian/tiger.default debian/tiger/etc/default/tiger + install -m 600 debian/debian.ignore debian/tiger/etc/tiger/tiger.ignore + install -m 644 version.h debian/tiger/usr/lib/tiger/ + # Adjust the permissions of directories that might contain confidential information + chmod 0700 debian/tiger/var/lib/tiger/work + chmod 0700 debian/tiger/var/log/tiger + # Create symbolic links for template files + ln -fs ../../../../../etc/tiger/issue debian/tiger/usr/lib/tiger/systems/Linux/issue.net + ln -fs ../../../../../etc/tiger/issue.net debian/tiger/usr/lib/tiger/systems/Linux/issue.net + # Create symbolic link for Linux version 3 + ln -fs 2 debian/tiger/usr/lib/tiger/systems/Linux/3 + # Remove unneeded Makefile files. + rm -f debian/tiger/usr/lib/tiger/doc/Makefile + rm -f debian/tiger/usr/lib/tiger/doc/Makefile.in + # Add Desktop file + mkdir -p $(CURDIR)/debian/tiger/usr/share/applications/ + install -m 0644 $(CURDIR)/debian/tiger.desktop $(CURDIR)/debian/tiger/usr/share/applications/ + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + dh_installexamples tigerrc* site* cronrc debian/server.ignore + dh_installmenu + dh_installcron + dh_installman man/tiger.8 man/tigexp.8 man/tigercron.8 + dh_installinfo + dh_installchangelogs CHANGES + dh_lintian + dh_link + dh_strip -XHPUX -XSunOS -XAIX -XIRIX -XNeXT -XMacOSX + dh_compress + dh_fixperms \ + --exclude var/lib/tiger/work \ + --exclude var/log/tiger + dh_installdeb + dh_shlibdeps -XHPUX -XSunOS -XAIX -XIRIX -XNeXT -XMacOSX + dh_gencontrol + dh_md5sums + dh_builddeb + +update-dsa: +# Updated Debian Security Advisories +# This target should only be run by the Debian maintainer (which needs +# to fix the update_advisories appropriately) + cd systems/Linux/2 && sh update_advisories.sh +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- tiger-3.2.3.orig/debian/tiger-otheros.dirs +++ tiger-3.2.3/debian/tiger-otheros.dirs @@ -0,0 +1 @@ +usr/lib/tiger/systems/ --- tiger-3.2.3.orig/debian/templates +++ tiger-3.2.3/debian/templates @@ -0,0 +1,24 @@ +Template: tiger/mail_rcpt +Type: string +Default: root +_Description: Recipient of the daily mails: + The user you enter below will receive all the emails that 'tiger' sends + during the day when running the cron jobs. This does not mean that when + executing the 'tiger' program standalone this user will receive the + reports. Also note that any administrator will be able to access the + reports since they are available in the /var/log/tiger/ directory. + +Template: tiger/policy_adapt +Type: note +_Description: Take a minute to customize 'tiger' + You should customize the files at /etc/tiger/ to adapt to your local + security policy. Firstly, customizing the kind of checks that will be made + in this system, as well as the information needed for tests in order to + reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at + what times these tests will be executed (in /etc/tiger/cronrc). And + thirdly, since some modules warnings might not be problems regarding your + current security policy, define a given template file at + /etc/tiger/templates/ using runs from each of the modules. Once defined, + all the runs will be checked against each one of the templates available + (one per module) and only new warnings will be issued. + --- tiger-3.2.3.orig/debian/postrm +++ tiger-3.2.3/debian/postrm @@ -0,0 +1,58 @@ +#! /bin/sh +# postrm script for tiger +# +# see: dh_installdeb(1) + +set -e + +CONFIG=/etc/tiger/tigerrc + +case "$1" in + purge) + for dir in /var/log/tiger/ /var/lib/tiger/work /var/lib/tiger/ /var/run/tiger/ + do + [ -d "$dir" ] && { + find "$dir" -type d -o -exec rm -f {} \; + find "$dir" -type d -depth -exec rmdir {} \; + } + done +# Do we have any tigerXX files under /var/log/? if so we should remove +# them. This were created due to bug #164682 ... + find /var/log/ -type f -name "tiger*" | xargs rm -f + + # Clear some other cruft + rm -f /usr/lib/tiger/bin/.bintype || true + + # we mimic dpkg as closely as possible, so we remove configuration + # files with dpkg backup extensions too: + for ext in '~' '%' .bak .ucf-new .ucf-old .ucf-dist; do + rm -f ${CONFIG}${ext} + done + +# Remove configuration files, if they still exist + for conf in /etc/cron.d/tiger /etc/default/tiger \ + /etc/tiger/cronrc /etc/tiger/tiger.ignore \ + /etc/tiger/tigerrc /etc/default/tiger.default ; do + [ -f "$conf" ] && rm -f "$conf" + done + + # Clear config file from the ucf database + if which ucf >/dev/null; then + ucf --purge $CONFIG + fi + if which ucfr >/dev/null; then + ucfr --purge tiger $CONFIG + fi + + + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) +# Do nothing + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 +esac + +#DEBHELPER# --- tiger-3.2.3.orig/debian/copyright +++ tiger-3.2.3/debian/copyright @@ -0,0 +1,46 @@ +This package was debianized by Javier Fernandez-Sanguino Peña + on Thu, 23 Aug 2001 15:07:16 +0200. + +It was downloaded from ftp://sunsite.unc.edu/pub/Linux/system/security +(original site is at http://www.net.tamu.edu/ftp/security/TAMU +more information at http://www.net.tamu.edu/network/tools/tiger.html) + +The TARA version which has been also integrated in this package +(even if the name of the upstream source has not been changed) is +available for download from http://www.arsc.com + + +Upstream Authors: + Douglas Lee Schales + Dave Hess + Khalid Warraich + Dave Safford +[modifications for support of Redhat Linux 2.x. made by] + Robert L. Ziegler (rlz@mediaone.net) +[modifications for NeXT, IRIX, SunOS 5.x, AIX 4, UNICOS systems + as well as a big number of bug fixes and new scripts, made by the + group from Advanced Research Corporation for tara, composed of:] + Liam Forbes + Nathan Bills and + Mike Kienenberger +[new checks for RedHat and Debian GNU/Linux 2.x. made by] + Paul Telford + Bryan Gartner +[modifications for support of Debian GNU/Linux 2.x. made by] + Javier Fernandez-Sanguino Peña + + +Copyright: (c) 1993 Texas A&M University Supercomputer Center + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 1, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + +You can find a copy of the GPL license in your Debian system under +the /usr/share/common-licenses directory. --- tiger-3.2.3.orig/debian/README.Debian +++ tiger-3.2.3/debian/README.Debian @@ -0,0 +1,164 @@ +Tiger for Debian +---------------------- + +PLEASE NOTE: + +Some of the checks do not apply completely to Debian systems +or Debian's defaults are somewhat different. This might lead to +somethings being reported as a security issue when they really +aren't (known in the security field as 'false positives') +In some cases this might be Tiger's problem (of it being an old UNIX +auditing program) or it might be Debian's. If you feel a security report +is not appropriate to your system discuss it in the +debian-security@lists.debian.org mailing list. + +If you really think it's a BUG of Tiger, then send a bug-report +for the package (using either the 'bug' or 'reportbug' programs). +Please make sure you look at current (open) bugs at +http://bugs.debian.org/tiger + +Also, Debian might not ship the most up-to-date system signatures +for other OS (_not_ Debian GNU/Linux), please retrieve them from +http://www.net.tamu.edu/ftp/security/TAMU/tiger-sigs/ + +Changes in behavior: +-------------------- + +First of all make sure to read, understand and customize +/etc/tiger/tigerrc and /etc/tiger/cronrc to adapt to your local security +policy, as the warning on installation says "You cannot expect to tiger to work +fully to your needs without adapting it". Bugs regarding false positives +which can be fixed by the proper configuration and/or use of templates (see below) +will be set to "wishlist", even if the bug submitter thinks they are +"serious". + +All and all, Debian's Tiger works quite fine out-of-the box, even if there's +still room for improvement. + +Using Templates +............... + +Tiger in Debian can compare against "templates" when running through +a cron job. That is, you can take a given log from a previous run +(at /var/log/tiger) rename it with a ".template" instead of a ".[number]" +and place it under /etc/tiger/templates. + +Tiger checks will compare against it. That way Tiger will only report issues +when they changed from the template (if configured in /etc/tiger/tigerrc). +NOTE: Previous to 2.2.4-20 templates could be placed in /var/log/tiger, +this behaviour is preserved but templates at /etc/tiger/ are used +first if available. + +Another (less secure) method is to have Tiger only report changes from previous +runs, please note that in this setup problems will only be reported *once* +in cron jobs, regardless of importance. This is the default behavior, that +is, this will (should, at least from version 2.2.4-22 and above) work +just after installation. + +KNOWN ISSUES +------------- +(these are *not* BUGS) + +- shells on Debian default users. PENDING discussion on debian-security, in +any case it should check if the services are enabled (i.e. the user is useful +here). Maybe Debian policy could ask for ids in /etc/passwd disabled +with /dev/null as shell and enable them when services are installed? (CHANGE +script/check_accounts) + + +- Debian specific checks take quite some time to finish, I have changed the +Cron job to do this only once in a day, and you can optimize the check by +changing the $Tiger_DPKG_Optimize variable in /etc/tiger. In any case +finding packages in Debian takes quite some time... (due to the *very* +large package list) + +Known BUGS in Debian systems: +---------------------------- +(please check bugs.debian.org/tiger also) + +- Debian's /etc/services definition leads to false positives due +to ports being repeated in there. In order to remove them see +the "Using templates" above. This cannot be completely fixed without +extensive revision of the check_services file ("the a3fs vs ircd bug"). + +- signature files are replaced with installed md5sums in /var/lib/ +Tiger could be distributed with predefined signatures (BTW, signatures +should depend on distribution and not on kernel, oh well...) + +- Tiger does not seem to look for CRACK before doing password testing +(this package should Depend: on some password cracker, but note that +the 'john' package already can do password testing run by cron). The +test is disabled from cronrc but it will still give some erros when +the full report is run (using 'tiger') + +- incorrect reports for /etc/cron.hourly (does not exist) + +- should not check /proc dir when checking for tests (this is a virtual dir) + +TODO +---- + +- Possible new checks: + . check all files and see if they are of the same user/group as their root dir + . look for files with no uid in /etc/passwd and gid in /etc/group + +- The Debian security group could update signature files for binaries which + are in the Debian stable release and have been found vulnerable (packages + in stable-updates) so that Tiger can (if not online) check a Debian system + and tell the administrator he *must* upgrade them from security.debian.org + For an example look at information on doc/signatures. Tigexp is very useful + here and could be very informative. + +- (Nice feature) Provide internationalisation support. + +- Compare against checks introduces in TITAN an re-code those that are + appropriate for Tiger (almost all) + (NOTE: I have added some checks, however TITAN seems to not that much + good work - Linux version - after all) + + +TESTING +------- + + . Check for files not in /usr/local and /home + not owned by any package (easy with dpkg -S) (Note: Currently looks only + in binary paths /bin /usr/bin... not in all the filesystem) + . Check for md5sums of files installed by packages by looking into + /var/lib/dpkg/info/*md5sums. The check currently does not include + /usr/share/doc. Should it check /usr/share/locale, and /etc or should they + be removed too? + BTW, I coded it after knowing about debsums which seems to run a bit faster. + (maybe debsums code should be included here or used if it exists) + . users in Debian are assigned to a group and are umask 022 by default + (should not warn due to some files in home having group read if no other + user is in the group). CHANGED script/check_accounts + +DONE +---- + + . Check for non-running processes (a simple software watchdog) + . Check for open TCP/IP sockets and warn when user running the socket is + not root, otherwise inform on open sockets. Works with lsof and netstat + (since its not Debian specific it has been renamed to deb_) + . Check of security advisories taken from the WWW webml sources. The + package version is checked against the one in the advisory. Some checks are + very redundant since users should not have packages older than the released + ones, oh well... + . Understand Linux NFS exports file + + +Known FIXED BUGS: +---------------- +- md5.c is corrupted by default the Tiger binaries will not be recompiled +each time (BTW, IMHO this is not a good idea anyway). Fetched original sources +and replaced them. + +- rhosts # accepted (FIXED scripts/check_rhosts) + +- Tiger now understands and will not give false warnings when "localepurge" has +been installed and a lot of files removed (FIXED scripts/Linux/2/deb_checkmd5sums) + +-- Javier Fernandez-Sanguino Pea +Last updated: Wed, 12 Jun 2002 00:08:59 +0200 + + --- tiger-3.2.3.orig/debian/debian.ignore +++ tiger-3.2.3/debian/debian.ignore @@ -0,0 +1,18 @@ +Login ID nobody is disabled, but still has a valid shell \(/bin/sh\) +Login ID mail's home directory \(/var/mail\) has group `mail' write access\. +Login ID \w+'s parent directory \(/home\) has group `staff' write access\. +Log file /var/log/[uw]tmp permission should be 644 +Log file /var/log/(btmp|loginlog) does not exist +Log file /var/log/messages permission should be 640 +The owner of /var/(log|run)/[uw]tmp should be root \(owned by utmp\)\. +/var/(log|run)/[uw]tmp should not have group write\. +/var/log/XFree86\.0\.log should not have world read\. +/etc/fstab should not have (group|world) read\. +/etc/inetd\.conf should not have (group|world) read\. +/etc/pam\.d/sudo should not have world read\. +The directory /dev/(ataraid|cciss|fd|input|pts|rd|usb|ida) resides in a device directory\. +/dev/(null|ptmx|gpmctl|gpmdata|log) has world permissions +File "\.fetchmail-UIDL-cache" in the mail spool, owned by "fetchmail"\. +/dev/\.udev/.* is a dangling symlink\. +The umask setting in /etc/csh\.login for the init scripts is insecure +There are no umask entries in /etc/csh\.login --- tiger-3.2.3.orig/debian/control +++ tiger-3.2.3/debian/control @@ -0,0 +1,39 @@ +Source: tiger +Section: admin +Priority: optional +Maintainer: Javier Fernandez-Sanguino Pen~a +Uploaders: Francisco Manuel Garcia Claramonte +Build-Depends: debhelper (>= 7), autoconf, po-debconf (>= 0.5.0) +Standards-Version: 3.9.0 +Homepage: http://savannah.nongnu.org/projects/tiger/ + +Package: tiger +Architecture: any +Depends: net-tools, binutils, bsdmainutils, debconf | debconf-2.0, ucf, ${shlibs:Depends}, ${misc:Depends} +Recommends: sendmail | mail-transport-agent, john, chkrootkit +Suggests: lsof +Description: Report system security vulnerabilities + TIGER, or the 'tiger' scripts, is a set of Bourne shell + scripts, C programs and data files which are used to perform + a security audit of UNIX systems. TIGER has one primary goal: + report ways 'root' can be compromised. + . + Debian's TIGER incorporates new checks primarily oriented towards + Debian distribution including: md5sums checks of installed files, + location of files not belonging to packages, check of security + advisories and analysis of local listening processes. + +Package: tiger-otheros +Architecture: any +Depends: tiger, ${misc:Depends} +Description: Scripts to run Tiger in other operating systems + TIGER, or the 'tiger' scripts, is a set of Bourne shell + scripts, C programs and data files which are used to perform + a security audit of UNIX systems. TIGER has one primary goal: + report ways 'root' can be compromised. + . + This package provides all the scripts for operating systems other + than Linux provided for in the Tiger distribution. It is provided + in the hope it will be useful for admins that wish to run tiger + in a distributed environment sharing this files through the network + (e.g. NFS). --- tiger-3.2.3.orig/debian/TODO.Debian +++ tiger-3.2.3/debian/TODO.Debian @@ -0,0 +1,40 @@ + +TODO stuff for Debian's tiger: + +- Make the cron configuration selectable by the user (make it possible to + switch it on/off through Debconf), see #349391 + +- Make the tigercron script print information on when checks where started / + stopped, see #338664 + +- Make Source package=tara and upgrade to 2.4. + ISSUE: tara package did not include properly the Debian directories + and stuff, diff might get garbled (new files were placed in the / directory, + how were the sources patched?) + +- Get access to the ARSC patch (send an email to developers) since the + CHANGES.ARSC details patches that have not (yet) been included in the + package. I could derive some from the description but only a few. + +- Write a manpage for tigerrc + +- Make a transition from templates at /var/log/tiger to /etc/tiger/templates + +- Provide templates for known false positives in tiger + +- Consider providing scripts in new packages + for the different OS (AIX, HP-UX...) so that a Debian system can be used + for host-scanning different OS + ISSUE: provide the compiled C programs for those target platforms + +- Add new scripts based on TITAN's which is, unfortunately, + non-free (even if it is so for a good cause). + +- Add a checklist based on scripts to be used for host hardening. + +- Translate some checks into Bastille plugins + +DONE (previous TODO) + +- Checkout all the changes made by the Tara team, including improved + scripts and fixes for some platforms --- tiger-3.2.3.orig/debian/changelog +++ tiger-3.2.3/debian/changelog @@ -0,0 +1,1517 @@ +tiger (1:3.2.3-8) unstable; urgency=high + + * debian/rules: Symlink systems/Linux/3 to systems/Linux/2 to support + Linux kernel version 3 (Closes: #635450) + * config: Fix bug which prevent it from using the default configuration + file if it did not find a proper configuration + + -- Javier Fernandez-Sanguino Pen~a Thu, 04 Aug 2011 23:25:20 +0200 + +tiger (1:3.2.3-7) unstable; urgency=low + + * debian/control: + - Add Recommends to tripwire | aide + - Review package description + * Update to latest CVS: + - [multiple files] Fix spelling (Closes: #609203) + - systems/Linux/2/config: Add /dev/shm and /lib/init/rw to the writable + filesystems (common tmpfs) (Closes: #603338) + - systems/Linux/2/gen_mounts: Added xenfs as a valid filesystem + (Closes: #615052) + - Apply patch by Timo Lindfors to add support for SHA-512 passwords + (This is the default used in Debian GNU/Linux squeeze and later releases) + (Closes: #581266) + + + -- Javier Fernandez-Sanguino Pen~a Sat, 26 Feb 2011 01:45:50 +0100 + +tiger (1:3.2.3-6) unstable; urgency=low + + * systems/Linux/2/gen_mounts: Fix typo in brtfs (Closes: 598792) + * tigerrc: Use rsyslogd in the Tiger_Running_Procs definition as + it is the default syslog daemon since Lenny (Closes: 544957) + + -- Javier Fernandez-Sanguino Pen~a Mon, 11 Oct 2010 22:29:03 +0200 + +tiger (1:3.2.3-5) unstable; urgency=low + + * system/Linux/2/gen_mounts: Added brtfs (Closes: 598792) + * Updated Danish po-debconf translation provided by Joe Dalton + (Closes: 596151) + * scripts/check_rootdir: Check for inode 2 on ext4 as well as ext2/3. + Thanks to the patch provided by Lorenzo De Liso from Ubuntu. + * debian/postrm: Clean directories correctly when purging. + Thanks to the patch provided by Lorenzo De Liso from Ubuntu. + * config: Do not complain before creating the directory if WORKDIR + does not exist but it is pointing to a temporary location. This + change was prompted by the patch provided by Lorenzo De Liso, but the + change is not exactly the same as the one implemented in Ubuntu (which is + wrong, as it will try to create the directory twice) + (Closes: #589089) + Note: The above bug is considered closed even if the patch + "Use temporary file instead of hardcoded rcfile for temporary work" + is not included as this patch is not accepted. + * Remove RCS directories from the source package. + + -- Javier Fernandez-Sanguino Pen~a Wed, 06 Oct 2010 03:01:20 +0200 + +tiger (1:3.2.3-4) unstable; urgency=low + + * Updated Debian Policy to 3.9.0. + * Pull fixes from upstream SVN: + - Fixed the bashism problem with logical expression in + /systems/HPUX/check_trusted. (Closes: #581140). + - Added support to recognize fuse.ltspfs for ltspfs file system. Thanks to + Alexandre Cavalcante Alencar. (Closes: #587507). + * Added debian/tiger.menu file. + * Added debian/tiger.desktop file. + + -- Francisco Manuel Garcia Claramonte Thu, 14 Jul 2010 21:07:17 +0200 + +tiger (1:3.2.3-3) unstable; urgency=low + + * Pull fixes from upstream SVN: + - Fixed the problem in scripts/check_known checking /*/lost+found/* files + with spaces or newline files in their filename, thanks to Dave Rutherford + for the patch (Closes: #532826). + - Fixed the problem with delete() function in initdefs + script, and fixed the problem with temporary file in scripts/find_files + script. Thanks to Hannes von Haugwitz for the patch (Closes: #544701). + - Added support o detect simfs as local filesystem for OpenVZ systems, + thanks to Raimund Sacherer for the patch (Closes: #571944). + - Clarify use of Tiger_Running_Procs for check_runprocs in the + documentation (Closes: 544957) + - Fix syntax error in scripts/sub/check_nousrgrp + * debian/debian.ignore: Fix unescape patterns (dots and parenthesis) + and decrease processing time by combining and grouping similar rules. + Thanks to Moritz Naumann for the patch (Closes: #550512). + * debian/changelog: wrap long lines + * Lintian fixes to make the package lintian clean + - debian/rules: Adjust executable bit to all shell files instead of just to + one selection of them. + - Add debian/tiger.lintian-overrides to setup overrides for warnings + that are not relevant for the package. + - debian/rules: Add call to dh_lintian. + * Update Debian Advisories + * Debconf translations updated: + + Czech translation, thanks to Miroslav Kure (Closes: #569694). + + Portuguese translation, thanks to the "Portuguese Translation Team" + (Closes: #570456). + + Russian translation, thanks to Yuri Kozlov (Closes: #570540). + + Brazilian Portuguese translation, thanks to Adriano Rafael Gomes + (Closes: #570601). + + Vietnamese translation, thanks to Clytie Siddall (Closes: #572777). + * Debconf translations included: + + Added Slovak Debconf translation, thanks to helix84 (Closes: #570289). + + Added Italian Debconf translation, thanks to Vincenzo Campanella + (Closes: #570747). + + -- Javier Fernandez-Sanguino Pen~a Mon, 05 Apr 2010 19:57:47 +0200 + +tiger (1:3.2.3-2) unstable; urgency=low + + [ Francisco Manuel Garcia Claramonte ] + * Thanks to Stefano Zacchiroli for the NMU 1:3.2.2-11.1 + and close the bug #544113. + * Updated some Debconf translations: + + French translation, thanks to Christian Perrier (Closes: #565321). + + Swedish translation, thanks to Martin Bagge (Closes: #565497). + + Japanese translation, thanks to "Hideki Yamane (Debian-JP)" + (Closes: #565615). + + German translation, thanks to Erik Schanze (Closes: #568175). + + Russian translation, thanks to Yuri Kozlov (Closes: #537918) + * Updated to Debian policy 3.8.4 + * Fixed the Bashisms problem in the files: + + systems/default/check_ndd. Fixed just the problem with the alternative + test command. (Closes: #530205) + + systems/HPUX/check_passwdspec. (Closes: #530204) + * Fixed the problem finding users in scripts/sub/check_suid. (Closes: #438122) + [ Javier Fernandez-Sanguino ] + * Integrate all patches included in the 3.2.2-11 package release which were + missing in 3.2.3-1 and generated regression bugs (Closes: #566893, #567857, + #529041) + + -- Francisco Manuel Garcia Claramonte Mon, 01 Feb 2010 00:09:33 +0100 + +tiger (1:3.2.3-1) unstable; urgency=low + + * New upstream release + * Updated to Debian Policy 3.8.3 + * Updated debhelper dependency version to 7. + * Updated debhelper compatibility to 7. + * Added myself as Comaintainer, + Francisco Manuel Garcia Claramonte + * Removed the Diff depends (Closes: #544113, #544041). + Thanks to Santiago Vila and Karl Ferdinand Ebert for the patch. + * Changes to make the package lintian clean. + + Updated dh_clean call to dh_prep in debian/rules. + + Added ${misc:Depends} to Depends debian/control field of + tiger and tiger-otheros binary packages. + + Adjusted executable permissions to some shell scripts. + * Removed unneeded commands to create symlinks in debian/rules. + * Removed the clear idx file code in util/genmsgidx to allow build the + Debian package. + * Updated template description to avoid make a question, according to Debian + Developer's Reference (6.5.4.2.1). Updated debian/po/* files. + Updated spanish translation. + * Added commands in debian/rules to remove unneeded Makefiles files in Debian + package. + + -- Francisco Manuel Garcia Claramonte Thu, 03 Dec 2009 21:52:06 +0100 + +tiger (1:3.2.2-11) unstable; urgency=low + + * Sort the system/Linux/2/inetd file since 'join' complains about it not + being sorted when used in check_inetd (Closes: #524783) + * Add symbolic links so users can create the issue and issue.net templates + they want to check against when running check_issue in /etc/tiger/ + (Closes: #511970) + * scripts/find_files: Use patch provided by Khalid Shukri in order to + complain from danging symlinks properly so that they can be tiger.ignore'd + (Closes: 434333) + * debian/debian.ignore: + - Add an ignore message to remove the dangling symlinks that are + udev-related. + - Add an ignore message for /dev/log since world-writable permissions for + that file are standard in Debian (Closes: 417939) + * initdefs: Change error message when a file value definition is empty + * systems/Linux/2/check_umask: More extensive umask checks also covering + different analysis for each one of the available shells in order to provide + more meaningful information. + * systems/Linux/2/check_rcumask: Remove shell login umask definitions from + * the file (both bash and csh/tcsh) since these do not apply to the script + (i.e. are not init.d related) and add /etc/init.d/rc handling + (Closes: 443807) + * doc/misc.txt: Add new messages for new umask analysis covered in + check_umask + * doc/filesys.txt: Add a description of the new warning message introduced by + the above patch. + * doc/config.txt: Document that this happens also when the configuration + * system + was not able to define a valid file and set a value for the file definition. + * debian/rules: Adjust the permissions of /var/lib/tiger/work and + /var/log/tiger/ so that they are 0700. (Closes: #512078) + * debian/preinst: Adjust the permissions of /var/lib/tiger/work and + /var/log/tiger/ when upgrading so that they are set to 0700. + + -- Javier Fernandez-Sanguino Pen~a Thu, 21 May 2009 00:26:23 +0200 + +tiger (1:3.2.2-10) unstable; urgency=low + + * Fix bug in scripts/check_perms + + -- Javier Fernandez-Sanguino Pen~a Thu, 07 May 2009 23:55:22 +0200 + +tiger (1:3.2.2-9) unstable; urgency=low + + * Use --debconf-ok when calling ucf (Closes: 517798, 521620, 539188) + * Update check_release to reflect latest Debian release (Closes: 523700) + * Fix systems/Linux/2/config so that it uses /etc/apache2 in Debian if it + exists and /etc/apache otherwise. (Closes: 523699) + * Change the wording of errors in tigerexp when the variable does not have a + value (Closes: 523699) + * Throw away errors from executing 'df -t nfs' in scripts/check_network + (Closes: 511803) + * Linux/2/gen_mounts: Added davfs, fuse and ext4 (Closes: 524722, 498468, 512567) + * Update list of Debian advisories + + -- Javier Fernandez-Sanguino Pen~a Sat, 25 Apr 2009 14:01:26 +0200 + +tiger (1:3.2.2-8) unstable; urgency=low + + * Acknowledge NMU (Closes: #503282) + * Fix Makefiles so that the explanation index file is generated and + distributed properly (Closes: #507028) + * system/Linux/2/gen_mounts: + - Added ecryptfs, used by ecryptfs-utils (Closes: 506512) + - Fix bashism (Closes: #505939, #505939) + * Update Standards-Version to 3.8.0: + - Added a Homepage field in debian/control + * Use debhelper version 5 + * Lintian fix: + - Comment out DH_COMPAT definition in debian/rules + - Fixed debian/watch file used by uscan by adding a version and a proper + location for upstream updates + + -- Javier Fernandez-Sanguino Pen~a Thu, 27 Nov 2008 23:47:16 +0100 + +tiger (1:3.2.2-7.1) unstable; urgency=medium + + * Non-maintainer upload. + * Patched Makefile.in to make clean and distclean targets use + doc/Makefile.in when recursing the clean target. (Closes: #503282) + + -- Jonny Lamb Fri, 24 Oct 2008 16:14:23 +0100 + +tiger (1:3.2.2-7) unstable; urgency=low + + * Fix bashism in check_patches script (Closes: #502672) + + -- Javier Fernandez-Sanguino Pen~a Sun, 19 Oct 2008 12:45:38 +0200 + +tiger (1:3.2.2-6) unstable; urgency=medium + + * Bring changes from CVS to gen_mounts, amongst other fixes: + - Adds definitions for the following filesystems: reiser4, securityfs, + fuse.gvfs-fuse-daemon, fuseblk, fuse.truecrypt, fuse.encfs, debugfs, afs, + configfs, gfs, gfs2, inotifyfs, hugetlb, subfs, futexfs and bind. + (Closes: #498203, #483727, #469685, #490344, #490822, #451879) + (LP: #155211) + - Make it possible to define system-specific local and non-local + filesystems through the use of the Tiger_FSScan_Local and + Tiger_FSScan_NonLocal variables in tigerrc. + - Make it possible to prevent the 'unknown filesystem' warnings through + the use of a new tigerrc variable: Tiger_FSScan_WarnUnknown + * Use prelink to calculate checksums if present (Closes: #445531, #349391) + * Use /var/lib/tiger/work instead of /var/run/tiger/work to be + FHS-compliant. It also avoids spamming people using a tmpfs /var/run + with warning messages every time it creates its directory. (Closes: #486591) + * Use tempfile in the config script to create the RC file if available, the + $$ construct is used in a safe directory (WORKDIR) but this way people + doing a cursory look at the code will not report (or try to fix, as in + Ubuntu) inexistant temp race conditions. + * Add code in Makefile.in and doc/Makefile.in (new file) to make it possible + to build and remove the HTML files generated from the text files so that + we do not distributed autogenerated content. + * Also change Makefile.in to make 'all' actually be useful so that the build + targets builds binaries (binaries were being built on install instead) + * Update list of Debian advisories to current date. + * Add a ignore for Debian to prevent Tiger from complaining about fetchmail + processes. + * Add additional samples for server processes to debian/server.ignore + * Remove double linefeed in debian/changelog + * Use UCF to handle configuration file changes to prevent prompting when + upgrading to tiger versions that change the tigerrc. (Closes: #341595) + * Remove stale left file created in /usr/lib/tiger/bin if it exists on purge + * Lintian fixes: + - Remove coreutils Depends as it is an Essential package + - Remove code in postinst related to an ancient bug and associate + debconf prompts. + - Make the following scripts executable: systems/Linux/1/check, + systems/Linux/1/gendlclients, systems/Linux/1/getdisks, + systems/Linux/2/update_advisories.sh + + -- Javier Fernandez-Sanguino Pen~a Tue, 09 Sep 2008 00:28:35 +0200 + +tiger (1:3.2.2-5) unstable; urgency=low + + * Acknowledge NMU, which was not acknowledged in the previous package + version. + - Fix bashism in 'tigercron' script (Closes: #468700) + - Bump Standards-Version to 3.7.3. + + -- Javier Fernandez-Sanguino Pen~a Sun, 31 Aug 2008 14:47:18 +0200 + +tiger (1:3.2.2-4) unstable; urgency=low + + * Fix a temp race condition in the genmsgidx script if the system + has a tempfile function (Closes: 496415) + + -- Javier Fernandez-Sanguino Pen~a Tue, 26 Aug 2008 12:00:16 +0200 + +tiger (1:3.2.2-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix bashism in 'tigercron' script (Closes: #468700) + * Bump Standards-Version to 3.7.3. + + -- Chris Lamb Sat, 12 Apr 2008 04:35:43 +0100 + +tiger (1:3.2.2-3) unstable; urgency=low + + * Fix encoding of changelog and copyright files (Closes: #454024) + + -- Javier Fernandez-Sanguino Pen~a Mon, 11 Feb 2008 22:28:40 +0100 + +tiger (1:3.2.2-2) unstable; urgency=low + + * Remove all configuration files on purge, including tiger.default if + it exists (which is not a conffile since 1:3.2.1-36 and might be + a leftover) (Closes: #455108) + + -- Javier Fernandez-Sanguino Pen~a Sun, 09 Dec 2007 15:36:44 +0100 + +tiger (1:3.2.2-1) unstable; urgency=low + + * New upstream release + * Remove debian/ dir from upstream's tarball to prevent FTBFS + (Closes: #450479) + * Fix scripts: + - scripts/check_crontabs, scripts/check_apache, scripts/check_xinetd: + Change message calls so that they can be filtered (Closes: #411534) + - scripts/check_apache: Fix the way the configuration file is handled + to obtain the IP address and port (Closes: 436904) + - systems/Linux/2/gen_cron: Handles properly the case when the special + @daily,@reboot, etc. definitions are used instead of real times. Also + fix bug deailing with variables in crontab contents (Closes: 418440) + * Add 'fuse' to the list of valid filesystems (Closes: #449439) + * Add Dependency on bsdmainutils to get the COLUMN command (Closes: 448975) + * Add Portuguese translation, thanks LuA-sa LourenA§o (Closes: 440372) + * Modify update-advisories to skip directories with 'data' in the name + * Update the advisories list + + -- Javier Fernandez-Sanguino Pen~a Thu, 08 Nov 2007 02:20:09 +0100 + +tiger (1:3.2.1-38) unstable; urgency=low + + * systems/Linux/2/gen_mounts, vmblock is now recognised as a non-local FS. + + -- Javier Fernandez-Sanguino Pen~a Wed, 27 Jun 2007 00:46:54 +0200 + +tiger (1:3.2.1-37) unstable; urgency=low + + * systems/Linux/2/check_rcumask: Fix syntax error (Closes: #430224) + + -- Javier Fernandez-Sanguino Pen~a Sat, 23 Jun 2007 15:52:58 +0200 + +tiger (1:3.2.1-36) unstable; urgency=low + + * Fix the location of Tiger's default file (Closes: #426182) + * Updated the Debian advisories listing (as of today, latest DSA is 1316) + * Changed the maintainer's email address + * system/Linux/2/check_lilo: run the boot loader check if on amd64 + (Closes: #412669) + * system/Linux/2/deb_checkmd5sums: Fix the script so that it understands + properly the "new" md5sum format (Closes: #412822) + * Add new suid files to the list of SUIDs at system/Linux/2/suid_list + (Closes: #417330) + * scripts/check_devices: Extend the list of EXPECTEDDIRS for Linux to cover + udev-specific dirs (Closes: #417940, #420488) + * systems/Linux/2/check_rcumask: Skip comment lines defining umask + (Closes: 418531) + * scripts/check_ftpusers: Skip this check if there is no FTP daemon + installed (Closes: #420486) + * scripts/check_printcap: Skip this test if CUPS is installed + (Closes: #420487) + * system/Linux/2/gen_mounts: Added fusectl to the local filesystems + (Closes: #409386) + * Debconf translations: + - Included Dutch translation provided by Bart Cornelis (Closes: #414768) + - Included Portuguese translation provided by Luísa Lourenço + (Closes: #415534) + + -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jun 2007 01:04:17 +0200 + +tiger (1:3.2.1-35) unstable; urgency=low + + * [scripts/check_rootkit] + Send stderr output of chkrootkit to /dev/null to avoid the 'warning, got + bogus unix line' messages that netstat might output (Closes: #223847) + * Update advisories + + -- Javier Fernandez-Sanguino Pen~a Thu, 30 Nov 2006 21:42:23 +0100 + +tiger (1:3.2.1-34) unstable; urgency=low + + * Linux/2/gen_mounts - Added selinuxfs to local FS (Closes: #397832) + * scripts/check_accounts - Redirect find errors in home directories + to /dev/null, prevents root being sent errors when using NFS mounted + home directories with root_squash. Thanks to Matus Harvan for the + patch (Closes: #386163) + * Update Debian advisories lists. + + -- Javier Fernandez-Sanguino Pen~a Fri, 10 Nov 2006 16:01:21 +0100 + +tiger (1:3.2.1-33) unstable; urgency=low + + * Fix typo in check_rootkit script, thanks to Michael Cihar (Closes: #385475) + + -- Javier Fernandez-Sanguino Pen~a Thu, 31 Aug 2006 23:04:43 +0200 + +tiger (1:3.2.1-32) unstable; urgency=low + + * Modify config so that it will attempt to create a working directory if + it does not exist (Closes: #366919) + * [scripts/check_rootkit] Introduce Tiger_CHKROOTKIT_ARGS so that + admins can ajust the behaviour of CHKROOTKIT (defaults to '-q') + (Closes: #320341) + * Include output of chkrootkit when a file is INFECTED (Closes: #277533) + + -- Javier Fernandez-Sanguino Pen~a Wed, 30 Aug 2006 14:13:42 +0200 + +tiger (1:3.2.1-31) unstable; urgency=low + + * systems/Linux/2/deb_checkmd5sums: Fix Ubuntu bug 50611 by excluding dev/ + and lib/udev/devices/ from the md5sum test, thanks to Richard Laager + for the patch (Closes: #383400) + * systems/Linux/2/check_neverlogin: handle users prepended with domains + (DOMAIN\user) properly (Closes: #344890) + * Update advisories from Debian as of today. + * Simplify dependencies (just use coreutils) (Closes: #368713) + + -- Javier Fernandez-Sanguino Pen~a Thu, 17 Aug 2006 07:51:17 +0200 + +tiger (1:3.2.1-30) unstable; urgency=low + + * Fix deb_nopackfiles to kip directories that are symbolic links, this + happens with /usr/X11R6/bin as the latest Xorg package versions just + symlink this to /usr/bin/ (Closes: #367931, #373790) + * Fix deprecated syntax with sort that made the cron job spout warnings. + Thanks to Cyril Chaboisseau and Adam James for providing a patch + (Closes: #369501) + * Fix check_listeningprocs to prevent it from botching when udp6 services + are up (Closes: #375165) + * Updated information of DSAs (should someday include information based + on the DTSA archive but I'd rather use OVAL...) + * Add some more TODOs + + -- Javier Fernandez-Sanguino Pen~a Wed, 5 Jul 2006 02:30:25 +0200 + +tiger (1:3.2.1-29) unstable; urgency=low + + * Fix check_accounts to properly review the contents of .forward files. + Thanks to Rainer Schopf for the fix (Closes: #329610) + * Added cifs to the non local filesystems in gen_mounts (Closes: #329813) + * Use TAIL in Linux scripts conforming to POSIX 1003.2-1992 (Closes: #339090) + * check_accounts: Add quotation marks to Tiger_Admin_Accounts to prevent + errors if empty (Closes: #342181) + * check_devices: Handle the special case of having " in filenames by + quoting the character (Closes: #355096) + * Nice Tigercron by default, users wishing to change the nice can adjust + it in /etc/default/tiger (Closes: #334186, #325257, #339655) + * Disable signature checks in the default tigerrc since those provided are + not updated, debsums is prefered in Debian (Closes: #327486) + * Update the list of advisories in debian_advisories + * Debconf translations: + - Added Vietnamese translation provided by Clytie Siddall (Closes: #322301) + - Added Swedish translation provided by Daniel Nylander (Closes: #343731) + * Use debhelper compatibility version 4 (it was about time!) + * Lintian fix: eliminate duplicate Recommends/Depends on binutils + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Apr 2006 23:05:48 +0200 + +tiger (1:3.2.1-28) unstable; urgency=low + + * Added a dependency on "| debconf-2.0" as requested by Joey Hess + * Use Debhelper compatibility version 4 + * Updated to latest CVS code: + - gen_passwd_sets: Create a src file if using LDAP (Closes: #319815) + + -- Javier Fernandez-Sanguino Pen~a Thu, 4 Aug 2005 19:16:22 +0200 + +tiger (1:3.2.1-27) unstable; urgency=low + + * Updated to latest CVS code, with some new fixes and patches including: + - check_accounts: Check for null $uids before using them in comparisons + (Closes: #312080) + - check_runprocs: Use comm instead of fname (Closes: #308486) + - Linux/gen_mounts: Changed extraction from mount command + so it can cope with whitespaces in mount locations, added sanity + check and fix a bug that mangled $fs (Closes: #315435) + - Makefile.in: install files needed to run tiger -G (Closes: #319468) + * German translation update of debconf templates provided by Erik Schanze + (Closes: #311857) + * Updated to latest batch of Debian advisories + + -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jul 2005 16:50:33 +0200 + +tiger (1:3.2.1-26) unstable; urgency=low + + * Updated to latest CVS code, with some new fixes and patches including: + - check_listeningprocs (generic and Linux versions): Proper check for + processes in loopback (Closes: #307695) + - Linux/check_passwdspec: Better fix for pwd=! (Closes #308141) + - Linux/deb_checkmd5sums: Prevent issues with /usr/bin/[ by adjusting + GREP calls (Closes #305484) + - Linux/gen_mounts: Added auto, udev when using on /dev, + capifs and nfsd. (Closes: #305670 #307802 #307887 #308585) + Note to self: Bug mount manpages since none of these are listed + there... + - Linux/gen_passwd: Add LDAP password support with patch provided by Micha + Kersloot (Closes: #307505) + - Documentation improvements (README.Sources and TODO) + + -- Javier Fernandez-Sanguino Pen~a Sat, 14 May 2005 12:52:09 +0200 + +tiger (1:3.2.1-25) unstable; urgency=low + + * Updated to latest CVS code: + - Add afs as a non-local filesystem, and auto as a local filesystem + (Closes: #305670) + - Improve manpage wording + * Provide a default value for Tiger_Running_Procs instead of leaving + it empty + + -- Javier Fernandez-Sanguino Pen~a Thu, 21 Apr 2005 20:09:45 +0200 + +tiger (1:3.2.1-24) unstable; urgency=medium + + * Updated to CVS code: + - Fixed Linux/2/gen_mounts code which broke with the patches + implemented before the previous upload. + + -- Javier Fernandez-Sanguino Pen~a Mon, 18 Apr 2005 18:23:30 +0200 + +tiger (1:3.2.1-23) unstable; urgency=low + + * Updated to CVS code, this changes: + - gen_mounts now considers valid and non-local many more filesystems + (as described in mount(5)) including devfs (Closes: #304956, #304555, + #304557) + - check_listeningprocs will now check against both fname and comm and + strips the arguments of the command (this is an improvement over the + fix done in #288086) + - check_network_config properly checks ICMP redirects and the message + generation is fixed now it also now checks for local iptables rules + (Closes: #304957) + - several typo fixes in doc/linux.txt + * Updated DSA listing + + -- Javier Fernandez-Sanguino Pen~a Sat, 16 Apr 2005 22:19:50 +0200 + +tiger (1:3.2.1-22) unstable; urgency=low + + * Added some more valid but non-local filesystems ('none', 'binfmt_misc', + 'autofs') to gen_mounts (Closes: #302646) + + -- Javier Fernandez-Sanguino Pen~a Sat, 2 Apr 2005 13:07:07 +0200 + +tiger (1:3.2.1-21) unstable; urgency=low + + * Added the sysfs as a valid (local, but not reviewed) filesystem + (Closes: #302612) + + -- Javier Fernandez-Sanguino Pen~a Sat, 2 Apr 2005 01:52:34 +0200 + +tiger (1:3.2.1-20) unstable; urgency=low + + * Upgraded to latest CVS sources: + - Depend on binutils (Closes: #301451) + - (check_rootdir) Do not warn on the inode if the root filesystem is not + ext2|3 (Closes: #298305) + - (check_runprocs) Use comm instead of fname so that the names of the + processes are not truncated (Closes: #288086) + - (check_lilo) Only run if running on the x86 architecture (Closes: #288737) + - (check_single) Only run if running on the x86 architecture (Closes: #288737) + - (check_passwdspec) Fixed password aging check. Separate all checks + so that they prevent bugs if pwd="!" (Closes: #297889) + - (deb_checkmd5sums) Do not warn if the md5 file is not present in the + list file (Closes: #299935) + - (deb_nopackfiles) Remove uneeded {} (Closes: #297889) + - Also fixes a number of documentation typos fixed by Nicolas Francois + * Updated advisories + + -- Javier Fernandez-Sanguino Pen~a Thu, 31 Mar 2005 17:14:50 +0200 + +tiger (1:3.2.1-19) unstable; urgency=low + + * tigercron + - Fixed invalid From: header based on Robert Loomans' patch. This bug + was introduced by the previous release. (Closes: #287780) + + -- Javier Fernandez-Sanguino Pen~a Thu, 30 Dec 2004 09:00:19 +0100 + +tiger (1:3.2.1-18) unstable; urgency=low + + * systems/Linux/2/check_lilo: + - Fixed grub.conf naming (Closes: #286641) + * scripts/check_passwd: + - Delete temporary passwd files only on exit (Closes: #284899) + * debian/server.ignore: + - Added a sample ignore line for users accessing a remote server + with X11Forwarding set to 'on' (Closes: #284220) + * scripts/check_passwdformat: + - Maximum user and group length set to 32 (Closes: #283446) + (probably needs to be moved to systems/Linux/2/ since it's + Debian-specific) + * tigercron, tigerrc: + - Added Tiger_Mail_FROM feature (Closes: #243517) + * Disabling signature checks since they cannot be relied on (use + Tripwire, Aide, Samhain, Integrit, bsign or any other intecrity checker + instead), moreover deb_checkmd5sums already does it for Debian... + (Closes: #274625) + * Added Czech debconf translation provided by Miroslav Kure (Closes: #287301) + + -- Javier Fernandez-Sanguino Pen~a Mon, 27 Dec 2004 19:18:53 +0100 + +tiger (1:3.2.1-17) unstable; urgency=low + + * Quoted homedir uses in check_rhosts and check_netrc (Closes: #282211) + + -- Javier Fernandez-Sanguino Pen~a Sun, 21 Nov 2004 11:56:57 +0100 + +tiger (1:3.2.1-16) unstable; urgency=low + + * Updated advisories + * Fixed gen_group_sets to work properly in NIS environments for Linux + and Tru64 (Closes: #281608) + * Fixed eval in check_accounts so that find is _only_ executed for users + which are not part of Tiger_Admin_Accounts, this prevents Tiger from + going and using remote filesystems (i.e. /var/autofs/ because in + Debian 'operator' has /var as his home dir). It also should speed + up this check a lot. This shows why Tiger_Admin_Accounts is a bad + idea and Tiger_Accounts_Trust should be used instead (or add a + Tiger_Accounts_Admin) (Closes: #280653, #280654) + + -- Javier Fernandez-Sanguino Pen~a Wed, 17 Nov 2004 15:15:21 +0100 + +tiger (1:3.2.1-15) unstable; urgency=low + + * Lintian fixes: + - Updated Standards-Version + - Removed cvs conflict copy files + - Changelog is now UTF-8 + * Use C locales to avoid scripts/check_system from breaking up (Close: #270108) + * deb_checkmd5sums's regexep now excludes usr/share/doc/ (Closes: #264111) + + -- Javier Fernandez-Sanguino Pen~a Mon, 13 Sep 2004 11:12:08 +0200 + +tiger (1:3.2.1-14) unstable; urgency=low + + [ as suggested by Tilman Koschnick ] + * Allow delete() to remove files from LOGDIR so that reports generated + by tiger -e are removed proplerly (Closes: #262523) + * Symlink /usr/lib/tiger/tigexp to /sbin/tigexp so that tiger -e works + (Closes: #262518) + + -- Javier Fernandez-Sanguino Pen~a Sun, 1 Aug 2004 18:19:18 +0200 + +tiger (1:3.2.1-13) unstable; urgency=low + + * Updated to CVS changes which fix a problem in the gen_passwd_sets + script which would make duplicates appear in the passwd files. + Thus generating a lot of false positives (in the check_passwd script) + Also removes some other duplicates in the check_passwdformat script + and updates the Debian advisories listing. + + -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jun 2004 21:25:27 +0200 + +tiger (1:3.2.1-12) unstable; urgency=low + + * Updated to latest CVS code fixing: + - [check_known] Do not call LS directly with all files but use a for loop + (Closes: #246600) + - [deb_nopackfiles] Made the dirlist variable so that directories which + do not exist are not checked for (Closes: #254574) + + -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jun 2004 13:58:24 +0200 + +tiger (1:3.2.1-11) unstable; urgency=low + + * Updated to latest CVS code which fixes: + - [check_accounts] Try to avoid eval problems if user/shells/directories + contain non-empty (but invalid) characters (such as space) + (Similar changes in some other scripts to avoid breakage in similar + situations) + (Closes: #246987) + - [check_passwd] Define Tiger_Passwd_Hashes if not defined + (Closes: #246885) + - [deb_checkmd5sums] Fixed patch provided by Chung-chieh Shan + (Closes: #234811) + + * Remove check_finddeleted from the default configuration since it + is prone to a lot of false positives, also, it depends on LSOF + (which is only recommended). I will reenable this sometime in + the future and (maybe) provide a Debian-specific script to just + monitor for daemons that are using outdated libraries + (Closes: #249331) + * Send filesystem scans error output to /dev/null (need to fix this + in scripts/find_files by not following symbolic links that point + nowhere, this is an interim fix) + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 May 2004 09:31:23 +0200 + +tiger (1:3.2.1-10) unstable; urgency=low + + * Removed evals from tigerrc and make proper sourcing in + Tiger_PATH_OK_Group_Write (Closes: #236419) + + -- Javier Fernandez-Sanguino Pen~a Sat, 6 Mar 2004 11:00:55 +0100 + +tiger (1:3.2.1-9) unstable; urgency=medium + + * Added Danish debconf translation (Closes: #235066) + * Fixed errors in check_finddeleted (Closes: #235951) + * Added some more common servers to the server.ignore example + * Fix error in deb_checkmd5sums with patch from Chung-chieh Shan + which avoids failure on packages whose names contain "." (Closes: #234811) + * Minor change in check_passwd to detect if no shell is defined for + a given user (as suggested by raoul bhatia) + + -- Javier Fernandez-Sanguino Pen~a Wed, 3 Mar 2004 13:13:05 +0100 + +tiger (1:3.2.1-8) unstable; urgency=low + + * check_rcumask: Proper warning if no umask settings are defined + (Closes: #234661) + + -- Javier Fernandez-Sanguino Pen~a Wed, 25 Feb 2004 20:39:16 +0100 + +tiger (1:3.2.1-7) unstable; urgency=low + + * Updated from CVS which includes a number of improvements including + the following (relevant to Debian bugs): + - Added more information on check_finddeleted regarding + how to use it and remove spurious errors. This script + will not give false positives any longer on some special + characterr) files like /dev/console or /dev/null and has + reduced its output to something more managable (there is + only one message per deleted file now) + (Closes: #232704,#231148, #225112) + - Fixed password definitions adding the 'g-Z' 'A-Z' and + '.' sets (Closes: #227596) + - Many scripts now controls YPCAT errors to printing errors in + hosts that are not properly configured. + (i.e. nsswitch.conf is defined to use NIS but there's no NIS + host) Errors are redirected to /dev/null when YPCAT is not + required as many systems do not include it, specially in Debian. + (Closes: #225910) + - Check_crontab will only warn if neither cron.allow + or cron.deny exist (Debian bug #226362) + * Default cronrc no longer runs check_finddeleted as often since it's + prone to false positives (even if it can be customised through the + ignore mechanism, see /usr/share/doc/tiger/examples/server.ignore) + * Added French template translation provided by Christian Perrier + (Closes: #226883, #224700) + * Fully translated the spanish template. + * Updated to include latest Debian advisories. + * debian/rules now uses mandir (/usr/share/man/) in configure call. + + -- Javier Fernandez-Sanguino Pen~a Tue, 24 Feb 2004 21:21:19 +0100 + +tiger (1:3.2.1-6) unstable; urgency=low + + * The cron.d taks will only run if tigercron is executable, this avoids + cron.d from running tiger if it has been removed but not purged + (thanks to Thomas Lange for noticing this mistake) + * Included patch from Nicholas François which makes Tiger not warn + on manpage files purged through localepurge (Closes: #219728) + * Added To: line in tigercron (Closes: #218363) + * Added Japanese translation contributed by Hideki Yamane (Closes: #224185) + + -- Javier Fernandez-Sanguino Pen~a Sat, 20 Dec 2003 13:49:38 +0100 + +tiger (1:3.2.1-5) unstable; urgency=low + + * Updated from CVS to fix reported bugs: + * fixed typo in check_lilo (Closes: #221470) + * This update also provides a number of fixes/enhancements which + will be available in the next release: + * check_crontabs adds more information in messages + * check_inetd does not report the services as not protected if + TCP wrappers are undefined + * per interface promiscuous detection with 'ip' for more accurate + results in check_known + * check_passwd message fix + * shadow password check is no longer in check_passwdformat (move to + account checks) + * check_rootdir checks ownership + * check_services will not misreport for services not defined + * check_ssh needs to run through bash + * check_xinetd fixes syntax error + * YP -> YPCAT in all operating systems + * Proper definitions for AIX + * HPUX fixes + * Tiger now runs check_xinetd or check_inetd depending on which + configuration file is available. + + -- Javier Fernandez-Sanguino Pen~a Sat, 6 Dec 2003 22:10:02 +0100 + +tiger (1:3.2.1-4) unstable; urgency=low + + * Updated from CVS sources to fix reported bugs + * Updated check_root so mesg check is not done when running + in cron (Closes: #218056, #220924) + * Updated check_lilo now locates grub file properly (Closes: #218771) + * Updated check_passwd fixes syntax error (Closes: #219086) + * deb_checkmd5sums detect local diversions and avoid problems with + duplicate conffiles (Closes: #219727, #220325) + * check_release fixed typeset bashism (Closes: #219764) + * deb_checkmd5sums now uses -F to avoid warning on /usr/bin/[ + (Closes: #220946) + * config add sendmail_cf location + * Updated advisories list. + + -- Javier Fernandez-Sanguino Pen~a Sun, 16 Nov 2003 13:10:08 +0100 + +tiger (1:3.2.1-3) unstable; urgency=low + + * Updated from CVS sources to latest Tiger changes including: + - Check_rootkit no longer complains if chkrootkit is not installed + (Closes: #215885) + - Fixes check_network_config return values (Closes: #215891) + - Fixes inittab's false positives (Closes: #215872) + - Fixes bashisms ini scripts (Closes: #215896) + - Fixes initdefs delete() in order for check_chkrootkit removal to work + properly (Closes: #215882) + * Debian/rules now sets SHELL=/bin/bash (Closes: #198856) + * Updated to latest advisories + * Now depends also on coreutils (X | corerutils) (Closes: #215487) + * Added device baseline to debian.ignore (Closes: #194956) + * Removed check_sendmail from check.tbl so that it does not get run by + check_system (Closes: #2158739) + + -- Javier Fernandez-Sanguino Pen~a Sun, 19 Oct 2003 23:56:50 +0200 + +tiger (1:3.2.1-2) unstable; urgency=low + + * The "Happy Birthday! (to me)" Release, now uploaded to unstable. + * New upstream version, which includes is fully integrated with + TARA 3.0.3 and provides quite a number of bugfixes, checks and new + documentation. + * Changes relevant to reported Debian bugs include: + - Adds support for diversions and conffiles in deb_checkmd5sums + (Closes: #211329, #162589) + - Provides documentation for check_logfiles (Closes: #195192) + - Adds support for HP-UX in several scripts (Closes: #195200, #197220) + - Changes gen_passwd_sets under Linux to identify des or md5 + (Closes: #197221) + - Removes debug messages from check_rootdir (Closes: #197219) + - Added tigercron.8 manpage (Closes: #148291) + - OS-specific scripts are run before generic ones, since the Linux + version of check_listeningprocs is different than the generic one + it will be prefered and run (Closes: #200778) + - Deb_nopackfiles no longer uses long arguments in the grep call + and has been speed-optimized (Closes: #201577) + - Deb_nopackfiles also now sends FIND errors to void since they + are not used and might confuse users who do not have X + installed (Closes: #207904) + - check_path now uses -L to follow symlinks (Closes: #161993) + - Adds new password check for empty passwords (Closes: #197228) + - Fixed typo in accounts.txt spotted by Philipp Weis (Closes: #211793) + - check_passwdformat provides an improved message and allows daemon + in uid 1 (Closes: #211328) + - also, check_passwdformat now will not warn on lenght issues for + locked users. (Closes: #211327) + * Added -XMacOSX to exclude the new OS provided upstream. + * Modified debian/rules to move the MacOSX and Tru64 directories to + tiger-otheros + * Added patch for new po-debconf format (Closes: #186800) + * (but changed it so that the 'root' user is not translatable) + * Updated to latest Debian advisories. + * Forced to start using epochs due to how I messed the experimental + packages (3.2.1rcX > 3.2.1!) + + -- Javier Fernandez-Sanguino Pen~a Fri, 10 Oct 2003 19:19:36 +0200 + +tiger (3.2.1-1) experimental; urgency=low + + * New upstream version, which includes is fully integrated with + TARA 3.0.3 and provides quite a number of bugfixes, checks and new + documentation. + * Changes relevant to reported Debian bugs include: + - Adds support for diversions and conffiles in deb_checkmd5sums + (Closes: #211329, #162589) + - Provides documentation for check_logfiles (Closes: #195192) + - Adds support for HP-UX in several scripts (Closes: #195200, #197220) + - Changes gen_passwd_sets under Linux to identify des or md5 + (Closes: #197221) + - Removes debug messages from check_rootdir (Closes: #197219) + - Added tigercron.8 manpage (Closes: #148291) + - OS-specific scripts are run before generic ones, since the Linux + version of check_listeningprocs is different than the generic one + it will be prefered and run (Closes: #200778) + - Deb_nopackfiles no longer uses long arguments in the grep call + and has been speed-optimized (Closes: #201577) + - Deb_nopackfiles also now sends FIND errors to void since they + are not used and might confuse users who do not have X + installed (Closes: #207904) + - check_path now uses -L to follow symlinks (Closes: #161993) + - Adds new password check for empty passwords (Closes: #197228) + * Added -XMacOSX to exclude the new OS provided upstream. + * Added patch for new po-debconf format (Closes: #186800) + + -- Javier Fernandez-Sanguino Pen~a Fri, 19 Sep 2003 02:33:00 +0200 + +tiger (3.2-4) unstable; urgency=low + + * Updated to latest debian advisories + * Modified postinst so it does not break when a user enters an e-mail + address which includes a @ by using sed instead of Perl (Closes: #194955) + * Included a check to only ask the debconf tiger/mess question if + there is any cruft from previous versions. + * Fixed check_logfiles including some of the things provided by Ryan + Bradetich and some other fixes to make it output less false positives + on Debian GNU/Linux (Closes: #195199) + * Fixed regular expression in Linux's config to support some older versions + of fileutils (Closes: #197218) + + -- Javier Fernandez-Sanguino Pen~a Fri, 20 Jun 2003 21:16:02 +0200 + +tiger (3.2-3) unstable; urgency=low + + * Modified util/difflogs to sort files in order to not report + spurious differentes. + * Fixed tigercron (again), since the previous fix was not done + ok. + + -- Javier Fernandez-Sanguino Pen~a Mon, 12 May 2003 22:52:15 +0200 + +tiger (3.2-2) unstable; urgency=low + + * Fix tigercron which was broken upstream (when the echo + was removed). This broke the IDS functionality since + tigercron never checked for changes! + + -- Javier Fernandez-Sanguino Pen~a Sun, 11 May 2003 21:26:04 +0200 + +tiger (3.2-1) unstable; urgency=low + + * New upstream version + - False positives in services fixed (Closes: #132278) + - Check_exports produces proper output (Closes: #162453) + - Checks have been separated, now each check file prints it's + comment (Closes: #165766) + - Using the new ignore mechanism (better than the differential + mechanism) this package now provides a baseline for Debian GNU/Linux, + hopefully this will make Matt test again this package :-) + (Closes: #164308, #172375) + - The new ignore mechanism can now be used to avoid false positives, + please customize as needed and read the notes on the + check_listeningprocs script (Closes: #136991) + - Tigexp now gets modified by the Makefile (Closes: #189864) + * Fixed dh_make boilerplate + * Changed debian/rules to 'mv' the systems to tiger-otheros + * Added tiger.ignore to conffiles + * Modified Makefile so that it installs scripts with proper (fixed) + permissions + * Updated Debian advisories (with update-advisories) + * Fixed syntax error in check_issue (thanks to lintian!) + * Added logo to the docs (!) + * Fixed error in IRIX script + + -- Javier Fernandez-Sanguino Pen~a Sat, 10 May 2003 00:47:51 +0200 + +tiger (3.2rc3-3) experimental; urgency=low + + * Added -q option to be used when running tigercron + + -- Javier Fernandez-Sanguino Pen~a Sat, 26 Apr 2003 13:41:35 +0200 + +tiger (3.2rc3-2) experimental; urgency=low + + * Fixed cron to tigercon in the cron.d file + + -- Javier Fernandez-Sanguino Pen~a Wed, 23 Apr 2003 22:02:07 +0200 + +tiger (3.2rc3-1) experimental; urgency=low + + * New release candidate. + + -- Javier Fernandez-Sanguino Pen~a Wed, 23 Apr 2003 13:30:32 +0200 + +tiger (3.2rc2-1) experimental; urgency=low + + * Experimental version, fixes bugs but might introduce new ones. + + -- Javier Fernandez-Sanguino Pen~a Mon, 21 Apr 2003 17:57:40 +0200 + +tiger (3.2rc1-1) experimental; urgency=low + * New upstream version + - False positives in services fixed (Closes: #132278) + - Check_exports produces proper output (Closes: #162453) + - Checks have been separated, now each check file prints it's + comment (Closes: #165766) + - Using the new ignore mechanism (better than the differential + mechanism) this package now provides a baseline for Debian GNU/Linux, + hopefully this will make Matt test again this package :-) + (Closes: #164308, #172375) + - The new ignore mechanism can now be used to avoid false positives, + please customize as needed and read the notes on the + check_listeningprocs script (Closes: #136991) + - Tigexp now gets modified by the Makefile (Closes: #189864) + + -- Javier Fernandez-Sanguino Pen~a Wed, 16 Apr 2003 00:29:45 +0200 + +tiger (3.1-5) unstable; urgency=low + + * Included some of the changes that will be in the next Tiger release + * Config now sets the locale to POSIX (just in case it breaks some tests) + * Check_listeningprocs now works with multiple program names (Closes: #164898) + * Recovered the fixes from 3.0-2 which has made an old bug surface + (Closes: #164307, #166176, #166744) + * Updated to latest advisories + * Removed debugging output from systems/Linux/2/check_neverlogin + + -- Javier Fernandez-Sanguino Pen~a Mon, 28 Oct 2002 17:51:03 +0100 + +tiger (3.1-4) unstable; urgency=medium + + * Fixed LOGDIR in tigercron.in which was making templates not work. + * Remove all the /var/log/tiger* files.. sorry for the mess :( + * Added a new configuration note in order to ask the user for the + removal of the previous files instead of removing them without asking. + + -- Javier Fernandez-Sanguino Pen~a Mon, 14 Oct 2002 15:30:03 +0200 + +tiger (3.1-3) unstable; urgency=low + + * Removed DSA update in the package build (Closes: #164216) + * Updated to latest DSAs + + -- Javier Fernandez-Sanguino Pen~a Fri, 11 Oct 2002 09:09:43 +0200 + +tiger (3.1-2) unstable; urgency=low + + * Added Build-Depends on autoconf since it's the only new thing + for building that has been included upstream. (Closes: #163969) + + -- Javier Fernandez-Sanguino Pen~a Thu, 10 Oct 2002 12:48:25 +0200 + +tiger (3.1-1) unstable; urgency=low + + * New upstream release which includes some fixes for Debian bugs + such as the "don't regenerate index" (Closes: #162590) + * Made debian/rules update automatically the advisories file (which + is now named debian_advisories so the previous chmod -x is not needed) + * Automatically remove CVS dirs from the package (Closes: #154343) + * Fixed bashisms in check_rcumask (Closes: #159444) + * Changed check_passwd to not send false positives in Debian, it should + be fixed, however to support PAM too (Closes: #162593) + * Updated DSAs are now available + + -- Javier Fernandez-Sanguino Pen~a Thu, 25 Jul 2002 19:37:41 +0200 + +tiger (3.0-3) unstable; urgency=low + + * Updated to latest advisories. + + -- Javier Fernandez-Sanguino Pen~a Wed, 7 Aug 2002 10:33:47 +0200 + +tiger (3.0-2) unstable; urgency=low + + * Changed Linux' config file so that it sets LSGROUPS to nothing + Due to a change in fileutils-4.1.1 which changed the standard + behavior from "showing groups (but really doing nothing)" to + "not showing the owner" ! (Closes: #155588) + * Modified config to set the environment properly (this was the + first workaround I tried for the previous bug, didn't fix it but + it seems better to leave the locale's environment, just in case...) + + -- Javier Fernandez-Sanguino Pen~a Tue, 6 Aug 2002 17:06:01 +0200 + +tiger (3.0-1) unstable; urgency=low + + * New upstream release (based on savannah sources) + * Fix in order for deb_checkmd5sums to work with all sources (it was + limited due to a stupid bug) + * Included latest DSA advisories + * The new package provides a *very* short diff since changes regarding + Debian are added to the upstream sources too. + + -- Javier Fernandez-Sanguino Pen~a Tue, 18 Jun 2002 13:28:18 +0200 + +tiger (2.2.4p2-5) unstable; urgency=low + + * Added a GPL header to all the important scripts/files used by the + program (this means /, /scripts and /systems/{default,Linux}. + This was a requirement for adding tiger as a new project to the + savannah site. + (probably next upstream version and Debian diff file will be + reduced since I intend to make the current Debian codebase + upstream's 2.2.4p3) + * Added a new check scripts/check_runprocs (not currently configured to + run since it needs sysadmin to configure tigerrc properly to determine + which processes should be checked for) + * Added some more information to the README.Debian file and rewrote + some paragraphs. + * Written some notes on how to use Tiger as a host IDS. + * Chmod'ed many scripts in order to avoid lintian warnings. + * Changed tiger so it first reads tigerrc in the local directory + (useful for testing the package without installing or to use the tar.gz + in other environments) + * Fixed the scripts/check_anon in order to test if ftphome/etc/passwd + exists before grep'ing it. + + -- Javier Fernandez-Sanguino Pen~a Tue, 11 Jun 2002 23:02:12 +0200 + +tiger (2.2.4p2-4) unstable; urgency=low + + * Incorporated TARA changes including: + - Changed acc006 from FAIL to WARN (scripts/check_accounts). + - Added -H option for HTML output. + - Fixed scripts/check_cron for problems in entries. + - Fixed scripts/check_exports to avoid false positives. + - Fixed scripts/check_path due to problems with parse_csh. + - Change scripts/check_perm to not warn when owner is bin and + changed calls of echo to message(). + - Made some of the changes provided by ARC in scripts/check_inetd + (save for the SORT and JOIN changes which do not seem to work) + - Changed scripts/sub/check_devs to work with IRIX 6.5 + - Changed GROUPS to GROUPSS as ARC team does since it (might) + be a readonly variable in some shells (see bash(1)). Even though + it is not used in any script. + + * Created a new package to provide all the scripts for other operating + systems (Warning: you still need to compile the C programs: getpermit, + md5, realpath, snefru and testsuid in those platforms for tiger to work + fully). + * Added Tiger_Check_SYSTEM to the distributed tigerrc + * Added some Linux specific checks (gdm, xdm) in scripts/check_root + * Created (new) systems/Linux/2/check_inittab script (for ctraltdel issue + from Bastille). + * Created (new) systems/Linux/2/check_rcumask script to check umask settings + for the RC boot scripts. + * Created (new) scripts/check_ftpusers script to check for administrative + users that are allowed access in the FTP server. + * Created (new) scripts/check_tcpd script to check for changes in the + way inetd services are being protected through the use of tcp_wrappers. + This script has been written based on check_inetd. + * Modified scripts/check_sendmail to check for sendmail.cf's banner + * Note. This new scripts have not been added to the cron entry. They will + only be run when running the 'tiger' script. + + * Written some README files: howto write modules (README.writemodules),. + how much time does it take for scripts to run (README.time), and + information on making signatures (README.signatures) + + * Changed tigexp to work if issued -F with no second argument + + -- Javier Fernandez-Sanguino Pen~a Sun, 26 May 2002 01:58:53 +0200 + +tiger (2.2.4p2-3) unstable; urgency=low + + * Fixed typo in spanish template description. + + -- Javier Fernandez-Sanguino Pen~a Tue, 14 May 2002 13:49:33 +0200 + +tiger (2.2.4p2-2) unstable; urgency=low + + * Fixed filesystem permissions (execution bit) for Linux specific + scripts + * Changed scripts/check_anon to avoid error when checking for + $ftphome/etc/passwd. + * Updated security advisories. + + -- Javier Fernandez-Sanguino Pen~a Fri, 10 May 2002 09:55:41 +0200 + +tiger (2.2.4p2-1) unstable; urgency=low + + * This is the "I finally merged with Bryan Gartner's tarball" release + * Cosmetic upgrade in version number due to too many changes in the + sytem specific checks (AIX, Solaris et al.) derivated from tara sources. + (thus this release might be labeled "new upstream", avoid 2.2.4p1 since + it is used in TAMU's distribution) + * Updated to latest debian DSAs. + * Next release will have a new package to provide all the scripts for + other Operating systems so that a central Debian server can be used + with network filesystems as a single point of script distribution. + * Included tara's new check and scripts checks: devices, issue, + lilo, logfiles, network, patches, release, root, rootdir, single and + tripwire_run (this last one is deactivated in Debian since + the package, if installed, will do the checks) + * Included the following systems without changes: AIX-4, IRIX-{4,5,6}, + Linux-1, Next-3, UNICOS, UNICOSMK + * Instead of cp'ing all the SunOS files I ln -s all directories that + were equal in order to reduce space in the source package (and diff) + * Included the two new utils to convert into HTML + * Changed realpath.c, snefru.c as described in CHANGES.ARSC + * Merged patches from ASCR in files: check_accounts, check_cron, check_group, + check_inetd, check_passwd, check_sendmail, systems/Linux/2/gen_mounts, + tiger. + * Updated scripts (not changed in Debian): check_path + * Fixed Linux's gen_cron to include CRONSPOOL and fixed + systems/Linux/2/config to properly configure it (was set to /usr + instead of /var) since it was not used this was not detected until now. + * Updated the tiger configuration file (tigerrc) + * Updated the manpage tiger.8 + * Moved check_listening from Linux-specific to all the generic location + (since it will work in any UNIX system with NETSAT). + Changed tigerrc accordingly adding Tiger_Check_LISTENING variable + and renaming the previous variables for this check. + * De-activated RedHat's specific (and written in Perl) check_network + script. TODO: rewrite it in shell script and remove RedHat-specific + stuff. + * Moved the Linux specific checks provided by Paul Telford to + systems/Linux/2/ since they are not appropiate to other systems + (for consistency) + * Fixed check_release as provided by Paul Telford (some typos and not + correctly programmed) + * Applied some of the changes described in the Changes.ARSC. It seems these + were not included in the TARA distribution (for some reason). + REMINDER: ask for these to the ARSC team. + * Fixed check_sendmail's pattern matching (wrong reports on dates) and made + it properly Y2k. + * Fixed (again) the postinst... let's see if I get it right this time... + * Moved the FQDN check from 'tiger' to 'config' (since it is used by both + tiger and tigercron) + + -- Javier Fernandez-Sanguino Pen~a Tue, 30 Apr 2002 16:16:31 +0200 + +tiger (2.2.4-22) unstable; urgency=low + + * This is the "Yes, I was on vacation fixing bugs release (I)" + * Applied patch Marcel that fixes some long-standing issues, did not change + BASEDIR to basedir since it should work that way but *did* change typo + which made diff's against previous run not to work (Closes: #139221) + * Fixed Linux/2/gen_export_sets tpo (Closes: #139667) + * Modified Linux/2/config so that findcmd() looks first for binaries generated + by Tiger, including realpath (Closes: #139669) + * Modified deb_checkmd5sum to "understand" locale.nopurge configuration. + Currently experimental, but seems to work fine. Admins that fixed this + through templates will, however, have to remake them (Closes: #123891) + * Since realpath's Linux does not work as tiger's realpath -d, removed it + from the Recommends: (use tiger's instead) + * Added -u option in gen_listeningprocs (UDP sockets are not shown if using + netstat, this was an unreported bug) + * Added warning to the tigerrc regarding user's Tiger_ListeningProc (will + not work if using NETSTAT and not LSOF) + * Added the Tiger_Check_EVERYLISTENING option which will report if a + service is listening on *all* interfaces, default is Y, if set to 'N' + only processes run by users different from Tiger_ListeningProcs will be + reported. Changed gen_listeningprocs for this to work (Closes: #138855) + * Changed the name of gen_listeningprocs to check_listeningprocs (more + proper and consistent) + * Provided some more documentation in the tiger.8 manpage detailing which + modules are available + * Check_listeningprocs has been modified to allow it to not warn on + processes when using the Tiger_Listening_ValidProc variable in + /etc/tigerrc this allows admins to remove processes which can dynamically + change TCP/IP port (Closes: #134085) + * Changed Tiger_Listening_Proc to Tiger_Listening_ValidUser (more precise). + WARNING: Postinst will not change this from the config file! + * The changes introduced in check_listeningprocs as well as the + check-against-template behavior configuration will (hopefully) reduce greatly + false positives if properly configured (Closes: #126635) + * Set Tiger_Check_CRACK to 'N' by default and removed cron job since this + feature does not work. Added 'john' Recommends: since the Debian package + does provide that feature by itself. + * Added check_sendmail to SCRIPTS in the Makefile (it was not being + installed, unreported bug) + + -- Javier Fernandez-Sanguino Pen~a Wed, 27 Mar 2002 14:31:14 +0100 + +tiger (2.2.4-21) unstable; urgency=low + + * Changed deb_nopackfile so it also checks the diversions file + (Closes: #129343) + * Fixed deb_md5sums to work with files with namespaces by using + quotes properly (Closes: #129339) + * Updated Debian Advisories (cvs, xsane...) + + -- Javier Fernandez-Sanguino Pen~a Mon, 4 Mar 2002 21:15:25 +0100 + +tiger (2.2.4-20) unstable; urgency=low + + * Fixed check_known's grep which did not work on Solaris boxes... + * Fixed systems/SunOS/ so that it can find the CUT command too + * Changed scripts/check_known to use HEAD instead of TAIL in the + mail spool checks (Closes: #135202) + * Changed scripts/check_anon to check if the ftp user is in the + system's passwords (Closes: #135205) + * Added proper dependecies (based on systems/Linux/2/config) + (Closes: #128796) + * Added an Tiger_Output_FQDN option so that it uses hostname -f + as the system name for reports (Closes: #129526) + * Added version.h to the package in order for tiger to determine + the current Tiger version. + * Fixed debconf note (Closes: #136298) + * Added an alternative (and better) template location: /etc/tiger/templates + * Updated Debian DSA's + + -- Javier Fernandez-Sanguino Pen~a Fri, 1 Mar 2002 09:50:19 +0100 + +tiger (2.2.4-19) unstable; urgency=medium + + * Fixed gen_listeningprocs typo and added SORT to reduce output + + -- Javier Fernandez-Sanguino Pen~a Wed, 9 Jan 2002 19:20:19 +0100 + +tiger (2.2.4-18) unstable; urgency=low + + * Fixed the deb_nopackfiles so it uses -x -F and will not be confused by + strange file names (i.e. [) this also avoids filenames being interpreted + as regular expressions (Closes: #126569) + * Fixed deb_md5sums so it does not follow symlinks (sometimes they get + followed to unexistant files) + * Modified check_accounts so that it does not give warnings for accounts + of uid < 999 (system accounts in Debian GNU/Linux) by introducing a new + tigerrc variable (Tiger_Accounts_Trust) + * Added tiger-2.2.3p1-patch from TAMU + * Added some more info to the debian/copyright file + * Added the fix_tiger_GROUPS.sh script to a "contrib" area + * Added -p option to netstat and reduced output with grep -v STREAM :) + * Improved gen_listeningprocs so only uniq processes are shown listening + to the same socket, also, UDP sockets are now listed too with lsof and + netstat + * Fixed check_inetd so it does not do a 'set' when an empty line is found + * Modified difflogs intensively since it was not working properly, added + a new feature and varialbes in tigerrc so that cron jobs can be compared + against "template" (policy-compliant?) runs. This can reduce false positives + even if they cannot be reduced in a given module. + * Added configurable Tiger_Listening_Procs for gen_listeningprocs to + customize for local security policy (Closes: #126635) + * Added debconf note (borrowed from snort) to configure mails receiver + (Closes: #122256) + * Added debconf note to warn the user to adapt to security policy + * Fixed lintian errors. + * Update DSAs + + -- Javier Fernandez-Sanguino Pen~a Wed, 26 Dec 2001 13:48:13 +0100 + +tiger (2.2.4-17) unstable; urgency=high + + * Fixed typo in systems/Linux/2/gen_passwds_setgs (aggggh!! introduced + when nisplus was commented out) + + -- Javier Fernandez-Sanguino Pen~a Wed, 26 Dec 2001 10:18:53 +0100 + +tiger (2.2.4-16) unstable; urgency=medium + + * Added -rf to prerm script when purging. + * Commented nisplus from the gen_passwd_sets since there is no NISCAT in + Linux + * Fixed scripts/check_known so it works properly in NIS environments. + now uses the passwd_set properly instead of passwd_source + + -- Javier Fernandez-Sanguino Pen~a Fri, 21 Dec 2001 09:57:28 +0100 + +tiger (2.2.4-15) unstable; urgency=low + + * Changed gen_passwd_sets for Linux so it now recognises NIS/NISPLUS and + does not depend on shadow passwords being installed (Closes: #113132, + #125792) + * /etc/cron.d/tiger now listed in conffiles (Closes: #124142) + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Dec 2001 10:33:16 +0100 + +tiger (2.2.4-14) unstable; urgency=high + + * Updated the services file and modified the check_inetd scripts so now it + only warns if several services share port numbers (the check was + originally made to only handle one service per port) (Closes: #123730) + + -- Javier Fernandez-Sanguino Pen~a Thu, 13 Dec 2001 10:36:37 +0100 + +tiger (2.2.4-13) unstable; urgency=low + + * Fixed tigercron shell problem which made it not work properly + (Closes: #123116) + * Setup tigerrrc so that Tiger_DPKG_Optimize defaults to 'Y' + + -- Javier Fernandez-Sanguino Pen~a Mon, 10 Dec 2001 11:34:06 +0100 + +tiger (2.2.4-12) unstable; urgency=high + + * Fixed cronrc so CPU consuming tasks are run once a day + (Closes: #122378) + * Fixed check_passwd so that uids and usernames are looked for correctly + (Closes: #122391) + * Updated services file (Closes: #122338) + * Fixed file control list (Closes: #122337) + * Updated Debian Security Advisories + * Provided new (untested) method to bypass DPKG in some tests through + the $Tiger_DPKG_Optimize variable in tigerrc (default N) (Closes: #122678) + * Changed deb_nopackfiles and deb_checkadvisories to work in optimize and + non-optimize method (using grep, cut, et al in the /var/lib/dpkg area) + * Fixed Debian specific scripts (==) + * Fixed Linux's gen_export_sets (nobody yelled yet, but it did not work + in the previous release) + * Fixed deb_checkadvisories so it correctly located the list of packages + (Note: takes too much time currently to finish) + + -- Javier Fernandez-Sanguino Pen~a Fri, 7 Dec 2001 10:12:36 +0100 + +tiger (2.2.4-11) unstable; urgency=medium + + * Changed file_access_list for Linux so /etc/aliases can be world readable (Closes: #112159) + * Fixed getuserhome command so it does not return directories beginning + with ~. This fixes tiger from incorrectly guessing the ftp directory + (Closes: #121800, #114008) + * Fixed /var/run/utmp file permissions to follow Debian standards (Closes: #121501, #112217) + * Fixed config.tbl since Debian-specific scripts were not being run. + * Fixed gen_passwd_sets so it now understands MD5 passwds (Closes: #112170, #117342) + * Fixed disk device checks in check_perm so that it does not complain + for /dev/hd* which belong to group 'disk' (Closes: #112218) + * Changed the postrm script so all files are removed on purge (Closes: #116267) + * Changed MAILER from mail to sendmail so we can send 'Subject' and 'From' + (Closes: #120679, #121681) + * Fixed tigercron so mails get sent properly with a From line, since the + information is now sent to the mailer and not to the Tiger log no + mails should be sent out if they do not include useful information + (tiger takes care of diffing out reports) (Closes: #114334, #113588) + * Added Recommends on mail transport agent since it's used for cron reporting. + * Fixed gen_export_sets for Linux so it properly warns when using + Linux's /etc/exports + * Added a tag in tigerrc to disable reporting when nothing important + happens (Closes: #113588) + * Changed check_passwd so it now says how many times uids or usernames + appear repeated (Closes: #117117) + + -- Javier Fernandez-Sanguino Pen~a Sun, 2 Dec 2001 16:21:16 +0100 + +tiger (2.2.4-10) unstable; urgency=low + + * Updated the Debian Security Advisories checked for. + * Removed non-Linux systems (Closes: #111038) + * SCRH line of findcmd is now fixed (Closes: #112216) + * Fixed services file for Linux (Closes: #115031, #114033) + + -- Javier Fernandez-Sanguino Pen~a Sun, 2 Dec 2001 16:21:16 +0100 + +tiger (2.2.4-9) unstable; urgency=low + + * Added From: header to the tiger cron output + + -- Javier Fernandez-Sanguino Pen~a Wed, 26 Sep 2001 01:11:06 +0200 + +tiger (2.2.4-8) unstable; urgency=low + + * Fixed tigercron so that it includes the hostname in the mail subject (Closes: #113462) + + -- Javier Fernandez-Sanguino Pen~a Tue, 25 Sep 2001 15:19:30 +0200 + +tiger (2.2.4-7) unstable; urgency=low + + * Fixed script/check_rhosts so it does not warn about comments + * Added some new issues in Debian systems which tiger does not + check properly + * Really fixed SRCH line (Closes: #112870) + * Added some more info regarding false positives in Debian in the README.Debian file + + -- Javier Fernandez-Sanguino Pen~a Sun, 23 Sep 2001 00:55:42 +0200 + +tiger (2.2.4-6) unstable; urgency=low + + * Fixed Linux/2/config not being able to find SNEFRU, by adding + /usr/lib/tiger/bin to the SRCH line (Closes: #112870) + * Fixed Linux/2/config not finding CUT since it was not exported (Closes: #112871) + * Updated data from Debian Advisories from the WML sources + + -- Javier Fernandez-Sanguino Pen~a Thu, 20 Sep 2001 10:46:58 +0200 + +tiger (2.2.4-5) unstable; urgency=low + + * Fixed debian/control file (Closes: #112532) + + -- Javier Fernandez-Sanguino Pen~a Mon, 17 Sep 2001 18:09:35 +0200 + +tiger (2.2.4-4) unstable; urgency=low + + * Added subjet to tiger's cron report (Closes: #112222, #112161) + * Fixed mail check in order to compare against uid and not username + (hopefully it will work with Debian and other Unices but I'm not sure + ls -n is available there) (Closes: #112162) + * Binaries now get compiled at build time + * Removed ./c from Makefile + * Subsituted corrupted .c files on c/ (md5.c and snefru.c) (Closes: #112216) + * Modified scripts/check_know so it checks on uids and not on names (Closes: #112162) + + -- Javier Fernandez-Sanguino Pen~a Fri, 14 Sep 2001 20:34:30 +0200 + +tiger (2.2.4-3) unstable; urgency=high + + * Fixed cron entry (Closes: #111795) + + -- Javier Fernandez-Sanguino Pen~a Mon, 10 Sep 2001 18:27:21 +0200 + +tiger (2.2.4-2) unstable; urgency=low + + * Removed tigerrc(8) reference in manpage (Closes: #110528) + * Installed tigexp in sbin (Closes: #110535) + * Updated the services file for Linux with a new script that updates it + from the system /etc/services. Should close some of the false positives + regarding #110531 + + -- Javier Fernandez-Sanguino Pen~a Wed, 29 Aug 2001 16:03:29 +0200 + +tiger (2.2.4-1) unstable; urgency=low + + * Initial Release. + * Changed GROUPS variable to GROUPC since it seems to conflict with bash + * Modified Makefile so it installs correctly + * Provided a new check for open sockets and Debian specific checks for + md5sums of installed files and package associatons of installed files. + + -- Javier Fernandez-Sanguino Pen~a Thu, 23 Aug 2001 15:07:16 +0200 + --- tiger-3.2.3.orig/debian/watch +++ tiger-3.2.3/debian/watch @@ -0,0 +1,7 @@ +# Watch control file for uscan for Tiger +version=3 +# Savannah site +http://download.savannah.gnu.org/releases/tiger/tiger-(.*)\.tar\.gz +# +# Old site, no longer available and no longer upstream +# ftp://www.net.tamu.edu/pub/security/TAMU/tiger-(.*)\.tar\.gz --- tiger-3.2.3.orig/debian/preinst +++ tiger-3.2.3/debian/preinst @@ -0,0 +1,23 @@ +#!/bin/sh -e + +case "$1" in + install) + ;; + upgrade) + for dir in /var/log/tiger/ /var/lib/tiger/work + do + [ -d "$dir" ] && chmod 0700 $dir + done + ;; + abort-upgrade) + ;; + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + + +#DEBHELPER# + +exit 0 --- tiger-3.2.3.orig/debian/compat +++ tiger-3.2.3/debian/compat @@ -0,0 +1 @@ +7 --- tiger-3.2.3.orig/debian/config +++ tiger-3.2.3/debian/config @@ -0,0 +1,9 @@ +#!/bin/sh -e + +. /usr/share/debconf/confmodule + +db_input medium tiger/mail_rcpt || true +db_input medium tiger/policy_adapt || true +db_go || true + +exit 0 --- tiger-3.2.3.orig/debian/tiger.default +++ tiger-3.2.3/debian/tiger.default @@ -0,0 +1,6 @@ +# +# Default settings for /etc/cron.d/tiger +# + +# Nice level to use for Tiger when running through cron +NICETIGER=10 --- tiger-3.2.3.orig/debian/po/es.po +++ tiger-3.2.3/debian/po/es.po @@ -0,0 +1,103 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 3.2.1-7\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2008-09-09 03:34+0200\n" +"PO-Revision-Date: 2004-02-42 21:52+0200\n" +"Last-Translator: Javier Fernandez-Sanguino \n" +"Language-Team: Debian-Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "Destinatario de los correos diarios:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"El usuario que introduzca abajo recibir todos los correos que 'tiger' enve " +"a lo largo del da durante la ejecucin de las tareas programadas en el " +"cron. Esto no significa que cuando se ejecute 'tiger' de forma independiente " +"vaya a recibir los informes. Tambin tome nota de que cualquier " +"administrador podr acceder a los informes dado que estn disponibles en el " +"directorio /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Tomese un momento para configurar 'tiger'" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Debera configurar los ficheros en /etc/tiger/ para adaptarlos a su poltica " +"de seguridad local. En primer lugar, adapte el tipo de pruebas que se " +"realizarn en su sistema, as como la informacin que stos necesitan para " +"reducir falsos positivos (en /etc/tiger/tigerrc). En segundo lugar, ajuste " +"los momentos en los que se realizarn los tests (en /etc/tiger/cronrc). Y en " +"ltimo lugar, dado que los errores que tiger considera pueden no serlos en " +"funcin de su poltica de seguridad actual, defina una plantilla en /etc/" +"tiger/templates/ utilizando ejecuciones previas para los mdulos. Una vez la " +"defina, todas las ejecuciones subsiguientes se comprobarn contra las " +"plantillas disponibles (una por mdulo) y slo se indicarn los nuevos " +"errores." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Eliminar plantillas de versiones rotas de 'tiger'" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Se distribuy una versin de Debian Tiger 3.1 que tena una errata que " +#~ "haca que se crearan plantillas bajo /var/log en lugar de bajo /var/log/" +#~ "tiger. Para funcionar correctamente, las plantillas deben estar bajo /" +#~ "var/log/tiger y por tanto las plantillas antiguas no son tiles para " +#~ "versiones ms modernas de Tiger. Puede que quiera guardar una copia de " +#~ "stas o moverlas de forma manual a su nueva ubacin. Este paquete no " +#~ "realizar esta operacin de forma automtica para evitar la eliminacin " +#~ "de las plantillas ya existentes.Debera borrar estos ficheros si los " +#~ "encuentro?" --- tiger-3.2.3.orig/debian/po/pt.po +++ tiger-3.2.3/debian/po/pt.po @@ -0,0 +1,93 @@ +# Portuguese translation of tiger's debconf messages. +# Copyright (C) 2007 Javier Fernandez-Sanguino +# This file is distributed under the same license as the tiger package. +# Luísa Lourenço , 2007-2010 +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.1-35\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-18 23:18+0000\n" +"Last-Translator: Luísa Lourenço \n" +"Language-Team: Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Destinatário dos mails diários:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"O utilizador que inserir abaixo irá receber todos os emails que o 'tiger' " +"envia durante o dia quando executa as tarefas cron. Isto não significa que " +"quando executa o programa isolado 'tiger', este utilizador irá receber os " +"relatórios. Note também que qualquer administrador poderá aceder a estes " +"relatórios visto estarem disponíveis na directoria /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Tire um minuto para personalizar o 'tiger'" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Deve personalizar os ficheiros em /etc/tiger/ para adoptarem a sua politica " +"de segurança local. Primeiro, personalize o tipo de verificações que irão " +"ser feitas neste sistema, assim como a informação necessária para testes " +"para reduzir falsos positivos (em /etc/tiger/tigerrc). Segundo, personalize " +"as alturas a quedevem estes testes ser executados (em /etc/tiger/cronrc). E " +"em terceiro, visto que alguns avisos de módulos podem não ser problemas " +"acerca da sua politica de segurança actual, defina um ficheiro modelo em /" +"etc/tiger/templates/ usando execuções em cada um dos módulos. Assim que " +"definidos, todas as execuções serão verificadas para cada modelo disponível " +"(um por módulo) e só alguns novos avisos aparecerão." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Remover modelos em versões do 'tiger' com bugs" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Inicialmente as versões do Debian 3.1 do tiger eram distribuídas com um " +#~ "bug que causava modelos serem criados sobre o /var/log/ em vez do /var/" +#~ "log/tiger/. Operações normais assumem que os modelos estão em /var/log/" +#~ "tiger/ e estes modelos não irão ser úteis em novas versões do Tiger. " +#~ "Poderá querer preservar uma cópia desses modelos (para usar como modelos) " +#~ "e move-los manualmente sobre a sua localização apropriada. O pacote não " +#~ "irá fazer isto automaticamente para evitar remover modelos anteriores. " +#~ "Devem estes ficheiros ser removidos caso sejam encontrados?" --- tiger-3.2.3.orig/debian/po/nl.po +++ tiger-3.2.3/debian/po/nl.po @@ -0,0 +1,94 @@ +# Dutch po-debconf translation of Tiger +# Copyright (C) 2007 Javier Fernandez-Sanguino +# This file is distributed under the same license as the Tiger package. +# Bart Cornelis +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2007-03-06 18:07+0100\n" +"Last-Translator: Bart Cornelis \n" +"Language-Team: debian-l10n-dutch \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +#, fuzzy +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Wie moet de dagelijkse e-mails ontvangen?" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"De hier aangegeven gebruiker zal alle e-mails ontvangen die tiger verstuurt " +"wanneer deze wordt aangeroepen door cron. Dit geldt dus niet voor berichten " +"die tiger genereert als het expliciet aangeroepen wordt. Overigens kan de " +"beheerder de rapporten altijd inkijken in de map /var/log/tiger." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Gelieve de tijd te nemen op 'tiger' aan uw wensen aan te passen." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"U kunt de bestanden in /etc/tiger/ best aanpassen aan uw lokale " +"beveiligingsbeleid. U kunt eerst de soorten checks die op dit systeem " +"uitgevoerd dienen te worden in te stellen, alsmede de informatie die deze " +"testen nodig hebben om het aantal valse positieven te verminderen (in /etc/" +"tiger/tigerrc). Daarnaast kunt u de tijdstippen waarop deze tests uitgevoerd " +"worden aanpassen (in /etc/tiger/cronrc). Tenslotte kunt u template-bestanden " +"aangeven (in /etc/tiger/templates) via de resultaten van uitgevoerde tests, " +"eens een template gedefiniëerd is zal tiger de gegenereerde " +"waarschuwingingen vergelijken met deze in de beschikbare templates (1 per " +"module) en worden enkel nieuwe waarschuwingen aangegeven. Dit laat toe om " +"waarschuwingen die geen probleem zijn voor uw beveiligingsbeleid te negeren." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Templates in problematische 'tiger'-versies verwijderen." + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Debian's 3.1 versie van het 'tiger'-pakket is oorspronkelijk uitgegeven " +#~ "met een fout de templates aanmaakte in /var/log i.p.v. /var/log/tiger/ . " +#~ "Normale operatie neemt aan dat de templates zich in /var/log/tiger " +#~ "bevinden, en deze templates worden niet gebruikt in de nieuwere versies " +#~ "van tiger. Omdat u mogelijk een kopie hiervan wilt bewaren (om als " +#~ "templates te gebruiken), of deze handmatig naar de juiste locatie wilt " +#~ "verplaatsen, verwijdert dit pakket de vorige templates niet automatisch. " +#~ "Wilt u dat deze bestanden verwijderd worden indien aanwezig?" --- tiger-3.2.3.orig/debian/po/vi.po +++ tiger-3.2.3/debian/po/vi.po @@ -0,0 +1,47 @@ +# Vietnamese translation for Tiger. +# Copyright © 2010 Free Software Foundation, Inc. +# Clytie Siddall , 2005-2010. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.3-1.1\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-03-07 00:36+0930\n" +"Last-Translator: Clytie Siddall \n" +"Language-Team: Vietnamese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.8\n" + +#. Type: string +#. Description +#: ../templates:1001 +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Người nhận thư hằng ngày:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "The user you enter below will receive all the emails that 'tiger' sends during the day when running the cron jobs. This does not mean that when executing the 'tiger' program standalone this user will receive the reports. Also note that any administrator will be able to access the reports since they are available in the /var/log/tiger/ directory." +msgstr "Người dùng được nhập dưới đây thì nhận mỗi thư được « tiger » gửi khi chạy công việc định thời (cron). Thiết lập này chỉ áp dụng cho công việc định thời: người dùng này sẽ không nhận thư khi chương trình « tiger » được chạy độc lập. Quản trị cũng có quyền truy cập đến các thư thông báo vì có sẵn trong thư mục « /var/log/tiger/ »." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Hãy mất một chút để tùy chỉnh « tiger »" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "You should customize the files at /etc/tiger/ to adapt to your local security policy. Firstly, customizing the kind of checks that will be made in this system, as well as the information needed for tests in order to reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, since some modules warnings might not be problems regarding your current security policy, define a given template file at /etc/tiger/templates/ using runs from each of the modules. Once defined, all the runs will be checked against each one of the templates available (one per module) and only new warnings will be issued." +msgstr "" +"Có nên tùy chỉnh các tập tin trong thư mục « /etc/tiger » để thích hợp với chính sách bảo mật cục bộ.\n" +" 1. Cấu hình các hàm kiểm tra hệ thống, cũng như thông tin cần thiết cho hàm kiểm tra để giảm kết quả dương giả (trong « /etc/tiger/tigerrc »).\n" +" 2. Đặt giờ nào cần chạy mỗi hàm kiểm tra (trong « /etc/tiger/cronrc »).\n" +" 3. Vì một số cảnh báo mô-đun nào đó có thể không phải là vấn đề về chính sách bảo mật hiện thời, hãy xác định một tập tin mẫu nào đó ở « /etc/tiger/templates/ », dùng cuộc chạy từ mỗi mô-đun. Một khi xác định được, mọi cuộc chạy đều được kiểm tra so với mỗi mẫu sẵn sàng (mỗi mô-đun một mẫu) và chỉ cảnh báo mới được xuất." + --- tiger-3.2.3.orig/debian/po/de.po +++ tiger-3.2.3/debian/po/de.po @@ -0,0 +1,85 @@ +# translation of tiger_1:3.2.3-1_de.po to German +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Erik Schanze , 2005-2010. +msgid "" +msgstr "" +"Project-Id-Version: tiger_1:3.2.3-1_de\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-02 22:14+0100\n" +"Last-Translator: Erik Schanze \n" +"Language-Team: German \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "Empfänger der täglichen E-Mails:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Der Benutzer, den Sie unten eingeben, wird alle von »Tiger« versandten " +"E-Mails erhalten, wenn die Cron-Jobs laufen. Das bedeutet nicht, " +"dass der Benutzer Berichte erhält, wenn Sie »Tiger« als einzelnes " +"Programm aufrufen. " +"Beachten Sie auch, dass jeder Administrator auf die Berichte " +"zugreifen kann, weil sie im Verzeichnis /var/log/tiger/ " +"verfügbar sind." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Nehmen Sie sich die Zeit, »Tiger« einzurichten." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Sie sollten die Dateien im Verzeichnis /etc/tiger/ an Ihre " +"Sicherheitsrichtlinie anpassen. Zuerst sollten Sie die Tests " +"einrichten, die auf Ihrem System durchgeführt werden und die Daten " +"für die Tests (in der Datei /etc/tiger/tigerrc) bereitstellen, " +"um Falschmeldungen zu vermeiden. Dann sollten Sie (in der " +"Datei /etc/tiger/cronrc) einstellen, zu welchen Zeiten die " +"Tests gemacht werden. Danach sollten Sie aus den Durchläufen " +"der Module Schablonen (im Verzeichnis /etc/tiger/templates/) " +"erstellen, wenn Module Warnungen ausgeben, die für Ihre " +"Sicherheitsrichtlinie nicht problematisch sind. Sind " +"die Schablonen erstellt, wird jeder Durchlauf mit den " +"verfügbaren Schablonen (eine pro Modul) verglichen und es " +"werden nur neue Warnungen angezeigt." + --- tiger-3.2.3.orig/debian/po/it.po +++ tiger-3.2.3/debian/po/it.po @@ -0,0 +1,74 @@ +# ITALIAN TRANSLATION OF TIGER'S PO-DEBCONF FILE. +# COPYRIGHT (C) 2010 THE TIGER'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tiger package. +# Vincenzo Campanella , 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-13 11:25+0100\n" +"Last-Translator: Vincenzo Campanella \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "Destinatario delle email quotidiane:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"L'utente che si inserisce qui sotto riceverà tutte le email che «tiger» " +"invierà durante il giorno, all'esecuzione dei job di cron. Questo non " +"significa che l'utente riceverà i rapporti durante l'esecuzione di «tiger» " +"come programma a sé stante. Notare anche che qualsiasi amministratore sarà " +"in grado di accedere ai rapporti, che sono disponibili nella directory " +"«/var/log/tiger»." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Prendersi un minuto per personalizzare «tiger»" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Si dovrebbero personalizzare i file in «/etc/tiger» per adattarli alle " +"politiche locali di sicurezza. Prima di tutto, si consiglia la " +"personalizzazione del tipo di controlli che verrà effettuato in questo " +"sistema, come pure le informazioni necessarie per le verifiche al fine di " +"ridurre i falsi positivi (in «/etc/tiger/tigerrc»). In seconda istanza, si " +"dovrebbero personalizzare gli orari in cui questi controlli verranno " +"eseguiti (in «/etc/tiger/cronrc»). Terzo punto, poiché gli avvisi di alcuni " +"programmi potrebbero non essere problemi rispetto alle politiche locali di " +"sicurezza, si dovrebbe definire un modello in «/etc/tiger/templates» " +"utilizzando le esecuzioni di ogni modulo. Dopo di questo, tutte le " +"esecuzioni verranno verificate sulla base di ogni modello disponibile (uno " +"per ogni modulo) e verranno emessi solo i nuovi avvisi." + --- tiger-3.2.3.orig/debian/po/ru.po +++ tiger-3.2.3/debian/po/ru.po @@ -0,0 +1,73 @@ +# translation of tiger_1:3.2.3-2_ru.po to Russian +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Yuri Kozlov , 2009, 2010. +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.3-2\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-19 20:25+0300\n" +"Last-Translator: Yuri Kozlov \n" +"Language-Team: Russian \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../templates:1001 +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Получатель ежедневной почты:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Указанный вами пользователь будет получать всю почту, которую tiger " +"отправляет в течение дня при выполнении заданий cron. Это не значит, что " +"данный пользователь получит отчёты при непосредственном запуске программы " +"tiger. Также заметим, что любой администратор может получить доступ к " +"отчётам, так как они доступны в каталоге /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Уделите время для дополнительной настройки tiger" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Измените файлы в /etc/tiger/ согласно вашей политике безопасности. Во-" +"первых, настройте нужные типы проверок, выполняемых в данной системе, а " +"также тестовую информацию для сокращения ложных срабатываний (в /etc/tiger/" +"tigerrc). Во-вторых, задайте время выполнения тестов (в /etc/tiger/cronrc). " +"И в третьих, так как некоторые предупреждения от модулей могут не считаться " +"проблемой согласно вашей текущей политике безопасности, определите нужный " +"файл шаблона в /etc/tiger/templates/, используемый для каждого модуля. После " +"указания, во всех прогонах будет проверяться каждый из доступных шаблонов " +"(один на модуль) и будут выдаваться только новые предупреждения." + --- tiger-3.2.3.orig/debian/po/templates.pot +++ tiger-3.2.3/debian/po/templates.pot @@ -0,0 +1,56 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" --- tiger-3.2.3.orig/debian/po/fr.po +++ tiger-3.2.3/debian/po/fr.po @@ -0,0 +1,95 @@ +# Translation of tiger debconf templates to French +# Copyright (C) 2003 Debian french l10n team +# This file is distributed under the same license as the tiger package. +# +# Contributors to this translation work: +# Nicolas Bertolissio , 2003 +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.1-2\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2003-10-31 15:51+0100\n" +"Last-Translator: Nicolas Bertolissio \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "Destinataire des courriels quotidiens :" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"L'utilisateur que vous indiquerez recevra tous les courriels envoyés par " +"« tiger » lors de l'exécution des tâches périodiques. Cet utilisateur ne " +"recevra pas les rapports lors de l'exécution directe du programme « tiger ». " +"Veuillez aussi noter que tout administrateur pourra accéder aux rapports " +"puisqu'ils seront disponibles dans le répertoire /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Prenez le temps de personnaliser « tiger »" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Vous devriez personnaliser les fichiers dans /etc/tiger/ pour les adapter à " +"votre politique de sécurité locale. Commencez par personnaliser (dans /etc/" +"tiger/tigerrc) les vérifications qui sont faites sur le système, ainsi que " +"les informations nécessaires aux tests. Cela permettra de réduire le nombre " +"de faux positifs. Ensuite, personnalisez (dans /etc/tiger/cronrc) l'heure à " +"laquelle ces tests sont exécutés. Puis, si les avertissements de certains " +"modules peuvent être ignorés au regard de votre politique de sécurité " +"actuelle, définissez un fichier de modèle dans /etc/tiger/templates/ après " +"avoir utilisé chaque module. Par la suite, après chaque exécution, le " +"résultat sera comparé à ces fichiers de modèles et seuls les nouveaux " +"avertissements seront signalés." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Supprimer les modèles des versions boguées de « tiger » ?" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Les versions 3.1 de Tiger initialement distribuées dans Debian créaient " +#~ "les modèles dans /var/log/ au lieu de /var/log/tiger/. Le fonctionnement " +#~ "normal suppose que les modèles sont dans /var/log/tiger/. Les modèles " +#~ "situés dans /var/log ne seront pas utilisés par les versions de Tiger " +#~ "plus récentes. Vous pouvez souhaiter en conserver une copie (pour servir " +#~ "de référence) et les déplacer manuellement au bon endroit. Cela ne sera " +#~ "pas effectué automatiquement pour éviter de supprimer les modèles " +#~ "précédents. Cette option permet de supprimer ces anciens fichiers s'ils " +#~ "existent." --- tiger-3.2.3.orig/debian/po/sk.po +++ tiger-3.2.3/debian/po/sk.po @@ -0,0 +1,42 @@ +# Slovak translation of tiger. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tiger package. +# Ivan Masár , 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-17 23:09+0100\n" +"Last-Translator: Ivan Masár \n" +"Language-Team: Slovak \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=((n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2);\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "Príjemca denných emailov:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "The user you enter below will receive all the emails that 'tiger' sends during the day when running the cron jobs. This does not mean that when executing the 'tiger' program standalone this user will receive the reports. Also note that any administrator will be able to access the reports since they are available in the /var/log/tiger/ directory." +msgstr "Používateľ, ktorého uvediete nižšie bude dostávať všetky správy, ktoré „tiger“ počas dňa pošle pri spúšťaní úloh cronu. To neznamená, že používateľ dostane správy pri spustení samostatného programu „tiger“. Tiež pamätajte, že ktorýkoľvek správca bude mať prístup k správam, pretože sú dostupné v adresári /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Venujte chvíľku prispôsobeniu konfigurácie „tiger“" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "You should customize the files at /etc/tiger/ to adapt to your local security policy. Firstly, customizing the kind of checks that will be made in this system, as well as the information needed for tests in order to reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, since some modules warnings might not be problems regarding your current security policy, define a given template file at /etc/tiger/templates/ using runs from each of the modules. Once defined, all the runs will be checked against each one of the templates available (one per module) and only new warnings will be issued." +msgstr "Mali by ste si prispôsobiť konfiguračné súbory v /etc/tiger/ v súlade s vašou bezpečnostnou politikou. Za prvé, prispôsobte druhy kontrol, ktoré sa na tomto systéme budú vykonávať ako aj informácie potrebné na zníženie počtu falošných pozitív (v /etc/tiger/tigerrc). Za druhé, prispôsobte časy spúšťania týchto testov (v /etc/tiger/cronrc). A za tretie, pretože hlásenia o niektorých moduloch nemusia byť problémom v kontexte vašej aktuálnej bezpečnostnej politiky, definujte súbory šablón v /etc/tiger/templates/ spustením každého z modulov. Po definícii budú všetky spustenia kontrolované voči jednej z dostupných šablón (pre každý modul jedna) a budú ohlásené iba nové upozornenia." + --- tiger-3.2.3.orig/debian/po/pt_BR.po +++ tiger-3.2.3/debian/po/pt_BR.po @@ -0,0 +1,100 @@ +# Debconf translations for tiger. +# Copyright (C) 2010 THE tiger'S COPYRIGHT HOLDER +# This file is distributed under the same license as the tiger package. +# André Luís Lopes , 2003. +# Adriano Rafael Gomes , 2010. + +msgid "" +msgstr "pt_BR utf-8\n" +"Project-Id-Version: tiger 1:3.2.3-1\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-13 13:12-0200\n" +"Last-Translator: Adriano Rafael Gomes \n" +"Language-Team: Brazilian Portuguese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Destinatário dos e-mails diários:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"O usuário informado abaixo receberá todos os e-mails que o 'tiger' " +"enviar durante o dia quando executa os jobs do cron. Isto não significa que " +"quando o programa 'tiger' é executado em modo standalone (não através de " +"jobs do cron) este usuário irá receber os relatórios. Note também que " +"qualquer administrador será capaz de acessar os relatórios uma vez que " +"os mesmos estarão disponíveis no diretório /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Reserve um minuto para personalizar o 'tiger'" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Você deverá personalizar os arquivos em /etc/tiger/ e adaptá-los para sua " +"política local de segurança. Primeiro, personalizando os tipos de checagens " +"que serão feitas neste sistema, bem como a informação necessária para os " +"testes de modo a reduzir a possibilidade de falsos positivos (em /etc/tiger/" +"tigerrc). Segundo, personalizando quando esses testes deverão ser executados " +"(em /etc/tiger/cronrc). E terceiro, uma vez que alguns avisos (warnings) de " +"módulos podem na verdade não ser problemas relacionados a sua política atual " +"de segurança local, definir um dado arquivo de modelo (template) em /etc/" +"tiger/templates/ usando execuções de cada um dos módulos. Uma vez definidas, " +"todas as execuções serão checadas contra cada um dos modelos disponíveis (um " +"por módulo) e somente novos avisos serão gerados." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Remover modelos em versões com erros do 'tiger'" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Inicialmente as versões do Debian 3.1 do tiger foram distribuídas com um " +#~ "bug que fazia com que os modelos fossem criados sob /var/log ao invés de " +#~ "sob /var/log/tiger. Operações normais assumem que os modelos estejam sob /" +#~ "var/log/tiger/ e esses modelos não serão úteis em novas versões do Tiger. " +#~ "Você pode desejar preservar uma copia deles (para usar como modelos) e " +#~ "movê-los manualmente sob sua própria localização. O pacote não irá fazer " +#~ "isso automaticamente para evitar remover modelos anteriores. Esses " +#~ "arquivos devem ser removidos caso sejam encontrados ?" + +#~ msgid "root" +#~ msgstr "root" --- tiger-3.2.3.orig/debian/po/sv.po +++ tiger-3.2.3/debian/po/sv.po @@ -0,0 +1,96 @@ +# Translation of tiger debconf template to Swedish +# Copyright (C) 2010 Martin Bagge +# This file is distributed under the same license as the tiger package. +# +# Daniel Nylander , 2005 +# Martin Bagge , 2010 +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.1-28\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-01-16 13:40+0100\n" +"Last-Translator: Martin Bagge \n" +"Language-Team: Swedish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Swedish\n" +"X-Poedit-Country: Sweden\n" + +#. Type: string +#. Description +#: ../templates:1001 +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Mottagare av dagliga e-postmeddelanden?" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Användaren du anger nedan kommer att ta emot all e-post som \"tiger\" " +"skickar under dagen vid körning av cron-jobb. Detta betyder inte att denna " +"användaren tar emot rapporter vid fristående körningar av programmet \"tiger" +"\". Notera även att alla administratörer kommer att ha möjligheten att " +"tillåt rapporter eftersom de är tillgängliga i katalogen /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Lägg någon minut på att anpassa \"tiger\"" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Du bör anpassa filerna i /etc/tiger för att passa din lokala " +"säkerhetspolicy. Anpassa först den typ av kontroll som ska göras i systemet, " +"såväl den information som behövs för tester för att eliminera falska-" +"positiva (i /etc/tiger/tigerrc). För det andra, anpassa vilka tider dessa " +"tester ska köras (i /etc/tiger/cronrc) och för det tredje, eftersom vissa " +"varningar från moduler kanske inte är problem i din nuvarande " +"säkerhetspolicy, definiera en angiven mallfil i /etc/tiger/templates/ med " +"körningar från varje modul. När de är definierade kommer alla körningar att " +"kontrolleras mot en av de tillgängliga mallarna (en per modul) och endast " +"nya varningar kommer att visas." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Ta bort mallar i buggiga versioner av \"tiger" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Initialt sett var tiger-versionerna i Debian 3.1 utsända med en bugg som " +#~ "kunde orsaka att mallar skapades under /var/log/ istället för i /var/log/" +#~ "tiger/. Normal körning antar att mallarna finns under /var/log/tiger/ och " +#~ "dessa mallar kommer inte vara användbara i senare versioner av Tiger. Du " +#~ "kanske vill behålla en kopia av dessa (för att använda som nya mallar) " +#~ "och flytta dom manuellt under deras korrekta plats. Paketet kommer inte " +#~ "att göra detta automatiskt för att undvika att ta bort föregående mallar. " +#~ "Ska vi ta bort dessa filer om de påträffas?" --- tiger-3.2.3.orig/debian/po/POTFILES.in +++ tiger-3.2.3/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- tiger-3.2.3.orig/debian/po/da.po +++ tiger-3.2.3/debian/po/da.po @@ -0,0 +1,75 @@ +# Danish translation tiger. +# Copyright (C) 2010 tiger & nedenstående oversættere. +# This file is distributed under the same license as the tiger package. +# Claus Hindsgaul , 2004. +# Joe Hansen , 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-09-08 23:51+0200\n" +"Last-Translator: Joe Hansen \n" +"Language-Team: Danish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "Modtager af de daglige breve:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Den bruger, du angiver herunder, vil modtage alle de breve, 'tiger' sender i " +"løbet af dagen, når den kører sine cron-jobs. Dette vil ikke betyde at " +"brugeren vil modtage rapporter hver gang 'tiger'-programmet bliver kørt af " +"andre. Bemærk også at enhver administrator vil have adgang til rapporterne, " +"da de ligger i mappen /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Brug et øjeblik på at sætte 'tiger' op" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Du bør redigere filerne i /etc/tiger/, så de modsvarer din lokale " +"sikkerhedspolitik. For det første bør du justere hvilke slags tjek, der skal " +"udføres på dette system, ligesom du bør give de nødvendige oplysninger til " +"at reducere antallet af falske positive (i /etc/tiger/tigerrc). For det " +"andet bør du angive hvornår tjekkene skal udføres (i /etc/tiger/cronrc). For " +"det tredje bør du definere en given skabelonfil i /etc/tiger/templates ud " +"fra kørsler med hvert af modulerne, da visse moduler advarer om ting, der " +"ikke nødvendigvis anses for problematiske i forhold til netop din " +"sikkerhedspolitik. Så snart de er defineret, vil alle kørsler blive holdt op " +"med hver enkelt af de tilgængelige skabeloner (en for hvert modul), og kun " +"nye advarsler vil blive udsendt." + + --- tiger-3.2.3.orig/debian/po/cs.po +++ tiger-3.2.3/debian/po/cs.po @@ -0,0 +1,97 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-02-13 15:24+0100\n" +"Last-Translator: Miroslav Kure \n" +"Language-Team: Czech \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +#| msgid "Who should receive the daily mails?" +msgid "Recipient of the daily mails:" +msgstr "Příjemce každodenních emailů:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"Zadaný uživatel bude dostávat všechny emaily, které „tygr“ během dne vytvoří. " +"To se však týká pouze spuštění „tygra“ z cronu - při ručním spuštění uživatel " +"mail nedostane. K těmto zprávám bude mít přístup i správce, protože se jejich " +"kopie ukládají do adresáře /var/log/tiger/." + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "Najděte si chvilku na přizpůsobení „tygra“" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"Soubory v adresáři /etc/tiger/ byste si měli přizpůsobit své místní " +"bezpečnostní politice. V prvé řadě se jedná o /etc/tiger/tigerrc, kde " +"nastavíte testy, které se budou spouštět, spolu s dalšími informacemi, " +"kterými omezíte falešné poplachy. Ve druhé řadě je potřeba v souboru /etc/" +"tiger/cronrc nastavit, kdy se mají testy spouštět. Za třetí, protože podle " +"vaší politiky nemusí být varování některých modulů důležité, můžete v /etc/" +"tiger/templates/ nadefinovat příslušnou šablonu. Při samotném spuštění bude " +"výstup kontrolován oproti nadefinovaným šablonám (vždy jedna šablona pro " +"jeden modul) a budou hlášena pouze nová varování." + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "Odstranit šablony z chybových verzí „tygra“" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "Původní verze balíku tiger z Debianu 3.1 obsahovaly chybu, díky které se " +#~ "šablony místo ve /var/log/tiger/ vytvářely ve /var/log/. S tím ovšem " +#~ "program nepočítá a šablony se nepoužijí. Tyto soubory můžete zachovat, " +#~ "použít jako šablony a přesunout je na správné místo ručně. Balík to " +#~ "neprovede automaticky, aby omylem nesmazal exisující šablony. Pokud " +#~ "naleznu takto špatně umístěné soubory, mám je odstranit?" --- tiger-3.2.3.orig/debian/po/ja.po +++ tiger-3.2.3/debian/po/ja.po @@ -0,0 +1,97 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: tiger 1:3.2.3-1\n" +"Report-Msgid-Bugs-To: tiger@packages.debian.org\n" +"POT-Creation-Date: 2010-01-02 01:05+0100\n" +"PO-Revision-Date: 2010-01-17 18:27+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "Recipient of the daily mails:" +msgstr "日次レポートメールの受信者:" + +#. Type: string +#. Description +#: ../templates:1001 +msgid "" +"The user you enter below will receive all the emails that 'tiger' sends " +"during the day when running the cron jobs. This does not mean that when " +"executing the 'tiger' program standalone this user will receive the reports. " +"Also note that any administrator will be able to access the reports since " +"they are available in the /var/log/tiger/ directory." +msgstr "" +"cronjob が動いている間 'tiger' が送るメールを受け取るユーザを以下で入力してく" +"ださい。 'tiger' プログラムが単独で実行された場合にこのユーザがレポートを受け" +"取るという意味ではありません。管理者であれば /var/log/tiger/ ディレクトリにア" +"クセスできるのでレポートを読めるということにも注意してください。" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "Take a minute to customize 'tiger'" +msgstr "'tiger' のカスタマイズには多少時間がかかります" + +#. Type: note +#. Description +#: ../templates:2001 +msgid "" +"You should customize the files at /etc/tiger/ to adapt to your local " +"security policy. Firstly, customizing the kind of checks that will be made " +"in this system, as well as the information needed for tests in order to " +"reduce false positives (in /etc/tiger/tigerrc). Secondly, customizing at " +"what times these tests will be executed (in /etc/tiger/cronrc). And thirdly, " +"since some modules warnings might not be problems regarding your current " +"security policy, define a given template file at /etc/tiger/templates/ using " +"runs from each of the modules. Once defined, all the runs will be checked " +"against each one of the templates available (one per module) and only new " +"warnings will be issued." +msgstr "" +"ローカルのセキュリティポリシーに適合させるためには /etc/tiger/ 以下のファイル" +"をカスタマイズしなければなりません。まず始めに false positive を減らすため、" +"テストに必要となる情報のカスタマイズはもちろんのこと、このシステムで行われる" +"チェックの種類自体も選択します (/etc/tiger/tigerrc) 。2番目に、これらのテスト" +"が何回実行されるか (/etc/tiger/cronrc) 。3番目に、モジュールが発する警告の幾" +"つかは、現在のセキュリティポリシーに照らすと問題とはならないので、それぞれの" +"モジュールが実行する /etc/tiger/templates/ にあるテンプレートファイルを定義し" +"ます。一度定義すると (モジュールごとに) 利用可能なテンプレートそれぞれに対し" +"てチェックが行われ、新しい警告だけが取り上げられます。" + +#~ msgid "Remove templates in buggy 'tiger' versions" +#~ msgstr "バグの多いバージョンの 'tiger' のテンプレートを削除します" + +#~ msgid "" +#~ "Initially Debian's 3.1 tiger versions were distributed with a bug that " +#~ "would cause templates to be created under /var/log/ instead of /var/log/" +#~ "tiger/. Normal operation assumes templates are under /var/log/tiger/ and " +#~ "these templates will not be useful in newer Tiger versions. You might " +#~ "want to preserve a copy of them (to use as templates) and move them " +#~ "manually under their proper location. The package will not do this " +#~ "automatically in order to avoid removing previous templates. Should we " +#~ "remove these files if any are found?" +#~ msgstr "" +#~ "最初に配布された Debian の tiger バージョン 3.1 ではテンプレートが /var/" +#~ "log/tiger/ ではなく /var/log/ に作られるというバグがあります。通常は /var/" +#~ "log/tiger/ 以下にテンプレートがあると仮定しているので、これらのテンプレー" +#~ "トは新しい tiger では利用されません。これらのコピーを (テンプレートとして" +#~ "使うために) 保存しおき、後ほど手動で正しい位置へ移動しておきたいと思うかも" +#~ "しれません。パッケージは以前のテンプレートが削除されるのを避けるため、この" +#~ "作業を自動的には実行しません。どうしてもこれらのファイルを削除しますか?" --- tiger-3.2.3.orig/doc/config.txt +++ tiger-3.2.3/doc/config.txt @@ -98,7 +98,9 @@ %init005e The indicated variable, which should contain the pathname to an input file or work directory does not have a value. This indicates -that either full support is not available for this platform, +that either full support is not available for this platform, that +the system tried to find a valid file to set a value for the variable +but was not able to or that there is a configuration error. %init006e An input file required for performing a test is not available. This --- tiger-3.2.3.orig/doc/misc.txt +++ tiger-3.2.3/doc/misc.txt @@ -231,6 +231,9 @@ %misc020f Tiger checked the process table and was not able to find a process which it was configured to look for. + +If the process is not part of the system processes consider adjusting +the Tiger_Running_Procs definition in your tigerrc configuration file. %misc021w There are no umask entries in the configuration file. It is recommended that there are umask entries set in the configuration file. --- tiger-3.2.3.orig/doc/filesys.txt +++ tiger-3.2.3/doc/filesys.txt @@ -67,7 +67,36 @@ %fsys011a The listed programs are setgid, but are not in the database of setgid programs which appear in the OS distribution. -%fsys0012w +%fsys012w The listed program is not owned by an administrative user. The majority of SUID programs should probably be owned by an administrative user. +%fsys013w +The symbolic link points to a file that does not exist in the filesystem. +In itself, the link is not dangerous, but you should be aware of its +presence, as it might be related to an abnormal situation or +system misconfiguration. +You can safely ignore this information if it is related to a remotely +mounted filesystem (e.g. NFS) since symlinks in remote filesystems +might be valid only on the system that exports it. +%fsys014w +The file does not belong to any user. It is owned by a numeric UID which is +not defined in the system. This might have happened due to a user being +removed from the system and the files that were owned by this user have not +been removed. In this case, if a new user is created in the system matching +this user ID he will inmediately own the orphaned files. + +This circumstance might also show up if the user database is not fully defined +locally (i.e. some of it is in an external repository such as an LDAP). If +this is the case you can safely ignore this warning. +%fsys015w +The file does not belong to any group. It is owned by a group UID which is +not defined in the system. This might have happened due to a group being +removed from the system and the files that were owned by this group +have not been removed. In this case, if a new group is created in the system +matching this group ID, the users belonging to this group will inmediately own +the orphaned files. + +This circumstance might also show up if the group database is not fully +defined locally (i.e. some of it is in an external repository such as an +LDAP). If this is the case you can safely ignore this warning. --- tiger-3.2.3.orig/scripts/check_known +++ tiger-3.2.3/scripts/check_known @@ -16,6 +16,19 @@ # Please see the file `COPYING' for the complete copyright notice. # # check_known - 06/14/93 +# +# 04/05/2010 jfs Use WC instead of wc and avoid bashisms in script +# Also, improve the fix introduced in previous version to handle +# also newlines in files. Reducing the number of printed bad files to 100 +# +# 02/26/2010 fgclaramonte Prevent error messages if there are files +# under /lost+found or /*/lost+found containinng +# spaces in their name. +# Also add support in the expressions of ReiserFS-style +# fsck filenames (nnnn_nnnn) to the more common (#nnnn) type, but +# not in the case of HP-UX as presumably it lacks Reiser support. +# (Debian bug 532826) +# # 05/20/2006 jfs Use TAIL properly (POSIX 1003.2-1992) # 06/15/2004 jfs Do not call LS directly with all files but use a for loop # (Debian bug #246600) @@ -88,7 +101,7 @@ # elements are set. # [ "$Tiger_TESTMODE" = 'Y' ] && { - haveallcmds AWK CAT EGREP FIND GET_MOUNTS LS SED SGREP STRINGS TR TAIL HEAD CUT OUTPUTMETHOD RM GEN_INETD_SETS || exit 1 + haveallcmds AWK CAT EGREP FIND GET_MOUNTS LS SED SGREP STRINGS TR TAIL HEAD CUT OUTPUTMETHOD RM GEN_INETD_SETS WC || exit 1 haveallfiles BASEDIR WORKDIR || exit 1 haveallvars TESTLINK HOSTNAME @@ -100,7 +113,7 @@ echo echo "# Checking for known intrusion signs..." -haveallcmds AWK CAT EGREP FIND GET_MOUNTS LS SED SGREP STRINGS TR TAIL HEAD CUT OUTPUTMETHOD RM GEN_INETD_SETS || exit 1 +haveallcmds AWK CAT EGREP FIND GET_MOUNTS LS SED SGREP STRINGS TR TAIL HEAD CUT OUTPUTMETHOD RM GEN_INETD_SETS WC || exit 1 haveallfiles BASEDIR WORKDIR || exit 1 safe_temp "$WORKDIR/login.str.$$" "$WORKDIR/pass.list.$$" @@ -186,7 +199,7 @@ done } - haveallcmds GET_MOUNTS AWK FIND SED TR && { + haveallcmds GET_MOUNTS AWK FIND SED WC TR && { $GET_MOUNTS local | $AWK '{ if($1 == "/") @@ -198,23 +211,34 @@ do [ -d "$dir" -a -r "$dir" ] && { cd "$dir" - files=`$FIND . -print | $SED -e 's%^./%%' -e '/^.$/d' -e '/^..$/d'` + # List files we have to alert on. + # Be careful to handle strange files (with spaces or newline + # characters). To do this: + # We first list them, then convert newlines to '~' and then + # 1) remove the first './', replace '~./' with newlines and + # replace the last '~' with a newline. Remaining newlines are located + # within the file name and are left as '~' + alertfiles="`$FIND . -name . -fprintf /dev/null '' -o \( -name '#[0-9]*' -o -name '[0-9]*_[0-9]*' \) -prune -o -print | $TR '\n' '~' | $SED 's%^./%%; s%~./%\n%g; s%~$%\n%'`" # On HP-UX change to: - #files=`$FIND . -print | $SED -e 's%^./%%' -e '/^.$/d' -e '/^..$/d' -e '/^[.]fsadm$/d'` - alertfiles=`echo "$files" | - $TR ' ' '\012' | - $SED -e 's%^#\{1\}[0-9][0-9.]*$%%g' - ` + #alertfiles="`$FIND . \( -name . -o -name .fsadm \) -fprintf /dev/null '' -o -name '#[0-9]*' -prune -o -print | $TR '\n' '~' | $SED 's%^./%%; s%~./%\n%g; s%~$%\n%'`"s%^./%%'`" if [ -n "$alertfiles" ]; then message WARN kis004w "" "$dir contains possible non-fsck files:" - # TODO: Consider not listing the files and just providing - # the raw numbers if the number of non-fsck files is very high. - for file in $alertfiles ; do - $LS -alR $file - done + # If there are very many non-fsck files, don't list them + # and just provide the raw count. + filecount="`echo "$alertfiles" | $WC -l`" + if [ $filecount -lt 100 ]; then + echo "$alertfiles" | while read file; do + $LS -ld "$file" + done + else + echo "($filecount files)" + fi echo - elif [ -n "$files" ]; then - message WARN kis004w "Files: $alertfiles" "$dir is not empty:" + else + filecount="`$LS -a | $WC -l`" + if [ $filecount -gt 2 ]; then + message WARN kis004w "Files: ${filecount} file(s)" "$dir is not empty:" + fi fi } done --- tiger-3.2.3.orig/scripts/check_issue +++ tiger-3.2.3/scripts/check_issue @@ -18,7 +18,7 @@ # check_issue - jfs - 11/10/2001 # # Checks the /etc/issue and /etc/issue.net file to determine if they -# contain the appropiate content (this is defined in the ISSUEFILE and +# contain the appropriate content (this is defined in the ISSUEFILE and # ISSUENETFILE) # # check_issue - 05/27/2002 - jfs --- tiger-3.2.3.orig/scripts/check_passwd +++ tiger-3.2.3/scripts/check_passwd @@ -129,7 +129,7 @@ do # Check the password hash. - [ -z "$Tiger_Passwd_Hashes" ] && Tiger_Passwd_Hashes='crypt3|md5|xxxxxxxxxxxxx' + [ -z "$Tiger_Passwd_Hashes" ] && Tiger_Passwd_Hashes='crypt3|md5|sha512|xxxxxxxxxxxxx' eval "case \"$hash\" in \"\") message FAIL pass011f \"\" \"Username \\\`$login' has an empty password field.\" --- tiger-3.2.3.orig/scripts/check_network +++ tiger-3.2.3/scripts/check_network @@ -542,7 +542,7 @@ sub check_nfs_client { # if NFS client is bad too.... - open(IN,"/bin/df -t nfs|"); + open(IN,"/bin/df -t nfs 2>/dev/null|"); ; # toss header my $bad = 0; while() { --- tiger-3.2.3.orig/scripts/find_files +++ tiger-3.2.3/scripts/find_files @@ -17,6 +17,12 @@ # # find_files - 06/14/93 # +# 02/26/2010 fgclaramonte Properly remove the temporary mountlist file +# generated by the script +# +# 05/21/2009 jfs Complain about symlinks that point nowhere in such a way +# that they can be tiger.ignore'd +# # 08/09/2008 jfs Have GET_MOUNTS use local like getdisks does and do not warn # for non-local filesystems # @@ -304,7 +310,11 @@ # being used in the find options. Commented out --mlk # cd / eval nice -5 $FIND "$mountpt" $findpruneopt $findopt -print 2>/dev/null - done | nice -6 $output + done | nice -6 $output 2>&1 | + sed -e '/No such file/s/^.*:[[:space:]]\(.*\):[[:space:]].*$/\1/' | + while read symlink ; do + message WARN fsys013w "" "$symlink is a dangling symlink." + done } & echo $! >> $pidlist counter=`$EXPR $counter + 1` @@ -385,7 +395,7 @@ [ -s "$file" ] && $CAT $file done -delete $pidlist ${outfile}* +delete $pidlist $mountlist ${outfile}* delete $WORKDIR/suid.msgs.$$ $WORKDIR/sgid.msgs.$$ \ $WORKDIR/other.msgs.$$ $WORKDIR/devs.msgs.$$ \ $WORKDIR/link.msgs.$$ $WORKDIR/wdir.msgs.$$ $WORKDIR/noowner.msgs.$$ --- tiger-3.2.3.orig/scripts/check_rootdir +++ tiger-3.2.3/scripts/check_rootdir @@ -90,7 +90,7 @@ # Checking to see if the root directory is on the correct INODE number inode=`$LS -di / | $AWK '{print $1}'` fstype=`$GETFS | $GREP " / " | $AWK -F " " '{ print $5;}'` -[ $inode != 2 ] && [ "$fstype" = "ext2" -o "$fstype" = "ext3" ] && +[ $inode != 2 ] && [ "$fstype" = "ext2" -o "$fstype" = "ext3" -o "$fstype" = "ext4" ] && message FAIL rootdir001f "" "Root directory on incorrect inode" --- tiger-3.2.3.orig/scripts/sub/check_nousrgrp +++ tiger-3.2.3/scripts/sub/check_nousrgrp @@ -17,6 +17,9 @@ # # sub/check_nousrgrp - 06/14/93 # +# 13/02/2010 jfs Proper generation of messages using the message() function. +# +# #----------------------------------------------------------------------------- # This script is not runnable directly. # @@ -49,13 +52,13 @@ haveallvars WORKDIR || exit 1 [ -s "$nouserfile" ] && { - echo '--WARN-- [xxxxx] The following files are unowned:' + message WARN fsys014w "" "The following files are unowned:" $SORT "$nouserfile" echo } [ -s "$nogroupfile" ] && { - echo '--WARN-- [xxxxx] The following files have undefined groups ownership:' + message WARN fsys015w "" "The following files do not have an defined groups ownership:" $SORT "$nogroupfile" echo } --- tiger-3.2.3.orig/scripts/sub/check_suid +++ tiger-3.2.3/scripts/sub/check_suid @@ -73,7 +73,7 @@ while read _file owner group ur uw ux gr gw gx or ow ox suid sgid stk do eval "case \"$owner\" in - \"$Tiger_Admin_Accounts\"|root) + $Tiger_Admin_Accounts|root) ;; *) message FAIL fsys0012w \"\" \"File $file is not owned by an administrative user.\" --- tiger-3.2.3.orig/systems/SunOS/5/check_patches +++ tiger-3.2.3/systems/SunOS/5/check_patches @@ -33,7 +33,7 @@ # - retrieve the description of the package # # This script could retrieve the patchdiag.xref file itself from the -# appropiate location if it's not available. +# appropriate location if it's not available. #----------------------------------------------------------------------------- # # This is the directory Tiger is installed on --- tiger-3.2.3.orig/systems/SunOS/5/5.8/check_patches +++ tiger-3.2.3/systems/SunOS/5/5.8/check_patches @@ -33,7 +33,7 @@ # - retrieve the description of the package # # This script could retrieve the patchdiag.xref file itself from the -# appropiate location if it's not available. +# appropriate location if it's not available. #----------------------------------------------------------------------------- # # This is the directory Tiger is installed on --- tiger-3.2.3.orig/systems/HPUX/genpasswd +++ tiger-3.2.3/systems/HPUX/genpasswd @@ -17,6 +17,7 @@ # # HPUX/genpasswd - 06/14/93 # HPUX/genpasswd - 06/26/2003 - jfs - Patch to identify password hashes +# HPUX/genpasswd - 06/04/2010 - jfs - Fix shell script syntax errors # #----------------------------------------------------------------------------- # @@ -41,22 +42,19 @@ passwd=`$AWK -F: '/u_pwd=/ { print substr($2, 7) }' $tcbfile` fi - case $passwd in - # bigcrypt passwords used in trusted mode. (13 + (x * 11)) - [a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./]+([a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./])) +# Do not print out the password hashes since we do not need them, instead +# print out the type of hash + if echo $passwd | $EGREP -q "^[a-zA-Z0-9\./]{24}" ; then +# bigcrypt passwords used in trusted mode. (13 + (x * 11)), with at least 24 chars passwd="bigcrypt" - ;; - # Normal UNIX passwds (13 chars) - [a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./]?(,[a-zA-Zo-9\.]+)) + elif echo $passwd | $EGREP -q "^[a-zA-Z0-9\./]{13}" ; then +# Normal UNIX passwds (13 chars) passwd="crypt3" - ;; - "") - passwd="" - ;; - *) - passwd="*" - ;; - esac + elif ! [ -z "$passwd" ] && [ "$passwd" != "*" ] ; then + passwd="unknown_format" + fi + + echo "$user:$passwd:$rest" done } --- tiger-3.2.3.orig/systems/HPUX/check_passwdspec +++ tiger-3.2.3/systems/HPUX/check_passwdspec @@ -18,6 +18,7 @@ # check_passwdspec: Perform system specific password checks here like # password aging checks, etc. # +# 06/04/2010 jfs - Fix shell script syntax errors # 11/19/2003 jfs - Patch from Ryan Bradetich changing acc016w to pass19w # 08/09/2003 jfs - Included in the Tiger release but changed its name to # check_passwdspec. Added safer temporary file creation. @@ -60,14 +61,14 @@ # [ "$Tiger_TESTMODE" = 'Y' ] && { haveallfiles BASEDIR WORKDIR || exit 1 - haveallcmds AWK GEN_PASSWD_SETS || exit 1 + haveallcmds AWK GEN_PASSWD_SETS EGREP || exit 1 echo "--CONFIG-- [init003c] $0: Configuration ok..." exit 0 } #------------------------------------------------------------------------ haveallfiles BASEDIR WORKDIR || exit 1 -haveallcmds AWK GEN_PASSWD_SETS || exit 1 +haveallcmds AWK GEN_PASSWD_SETS EGREP || exit 1 echo echo "# Verifying system specific password checks..." @@ -90,25 +91,25 @@ # Ignore password aging check if the shell is /bin/false. [ "$shell" = /bin/false ] && continue - # Get the age and password field from the tcbfile if it exists. + # Review the password expiration date + # TODO: Alternative it would be better to retrieve the + # age using '/usr/lbin/getprpw -r -m exptm $login' tcbfile="/tcb/files/auth/${login%${login#?}}/$login" - [ -f $tcbfile ] && { + if [ -f $tcbfile ] ; then + # We are in a trusted system get the age and password field + # from the tcbfile age=`$AWK -F: '/u_exp\#[0-9]/ {print $0}' $tcbfile` [ -n "$age" ] && continue # Make sure the password hash only contains valid characters. hash=`$AWK -F: '/u_pwd=/ { print substr($2,7) }' $tcbfile` - [[ "$hash" != +([a-zA-Z0-9\./]) ]] && continue + ( echo "$hash" | $EGREP -q "^[a-zA-Z0-9\./]+$" ) && continue # Valid password hash without an password expiration date. message WARN pass19w "" "Login ID $login does not have password aging enabled." continue - } + fi - [[ "$hash" != [a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./],+([a-zA-Z0-9\./]) ]] && { - # Valid password hash without an password expiration date. - message WARN pass19w "" "Login ID $login does not have password aging enabled." - } done done < $WORKDIR/pass.list.$$ --- tiger-3.2.3.orig/systems/HPUX/check_trusted +++ tiger-3.2.3/systems/HPUX/check_trusted @@ -25,6 +25,8 @@ # available. # 08/09/2003 jfs - Patch from Ryan Bradetich which adds a check to determine # system will lock accounts after a number of failed attempts. +# 23/05/2010 Francisco G. Claramonte - Fixed a bashism problem with +# logical expression, added '$' in '((..))' expression. # #----------------------------------------------------------------------------- # TODO: @@ -92,7 +94,7 @@ # Verify the number of login attempts are limited. num=`$GETPRDEF -m umaxlntr` -( [ -z "$num" ] || (( ${num#umaxlntr=} < 1 ))) && { +( [ -z "$num" ] || $(( ${num#umaxlntr=} < 1 ))) && { message WARN trust002w "" "The system is not configured to limit the number of login attempts." } --- tiger-3.2.3.orig/systems/Linux/2/gen_passwd_sets +++ tiger-3.2.3/systems/Linux/2/gen_passwd_sets @@ -47,6 +47,10 @@ # (Debian bug #307505) # Linux/2/gen_passwd_sets - 08/4/2005 - jfs # Generate LDAP source file if using LDAP passwords +# Linux/2/gen_passwd_sets - 02/26/2011 - jfs +# Apply patch by Timo Lindfors to add support for SHA-512 passwords +# (This is the default used in Debian GNU/Linux squeeze and later releases) +# Corresponds to patch #7186 # #----------------------------------------------------------------------------- # @@ -96,6 +100,10 @@ \$1\$[a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./]\$[a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./]) passwd="md5" ;; +# For SHA512 passwds (98 chars) starting with $6$ (Linux) + \$6\$[a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./][a-zA-Z0-9\./]) + passwd="sha512" + ;; " ") passwd="" ;; *|!!) --- tiger-3.2.3.orig/systems/Linux/2/inetd +++ tiger-3.2.3/systems/Linux/2/inetd @@ -1,29 +1,29 @@ -echo stream tcp nowait root internal -echo dgram udp wait root internal -discard stream tcp nowait root internal -discard dgram udp wait root internal -daytime stream tcp nowait root internal -daytime dgram udp wait root internal -chargen stream tcp nowait root internal +auth stream tcp wait nobody /usr/sbin/tcpd in.identd -w -l -e -o -t120 +bootps dgram udp wait root /usr/sbin/tcpd bootpd chargen dgram udp wait root internal +chargen stream tcp nowait root internal +daytime dgram udp wait root internal +daytime stream tcp nowait root internal +discard dgram udp wait root internal +discard stream tcp nowait root internal +echo dgram udp wait root internal +echo stream tcp nowait root internal +exec stream tcp nowait root /usr/sbin/tcpd in.rexecd +finger stream tcp nowait root /usr/sbin/tcpd in.fingerd ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a -i -o -telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -nntp stream tcp nowait root /usr/sbin/tcpd in.nntpd -shell stream tcp nowait root /usr/sbin/tcpd in.rshd +imap stream tcp nowait root /usr/sbin/tcpd imapd +linuxconf stream tcp wait root /usr/sbin/tcpd linuxconf --http login stream tcp nowait root /usr/sbin/tcpd in.rlogind -exec stream tcp nowait root /usr/sbin/tcpd in.rexecd -talk dgram udp wait root /usr/sbin/tcpd in.talkd +netstat stream tcp nowait guest /usr/sbin/tcpd /bin/netstat -f inet +nntp stream tcp nowait root /usr/sbin/tcpd in.nntpd ntalk dgram udp wait root /usr/sbin/tcpd in.ntalkd pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d -imap stream tcp nowait root /usr/sbin/tcpd imapd -uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l -tftp dgram udp wait root /usr/sbin/tcpd in.tftpd -bootps dgram udp wait root /usr/sbin/tcpd bootpd -finger stream tcp nowait root /usr/sbin/tcpd in.fingerd +shell stream tcp nowait root /usr/sbin/tcpd in.rshd systat stream tcp nowait guest /usr/sbin/tcpd /bin/ps auwwx -netstat stream tcp nowait guest /usr/sbin/tcpd /bin/netstat -f inet -time stream tcp nowait nobody /usr/sbin/tcpd in.timed +talk dgram udp wait root /usr/sbin/tcpd in.talkd +telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd +tftp dgram udp wait root /usr/sbin/tcpd in.tftpd time dgram udp wait nobody /usr/sbin/tcpd timed -auth stream tcp wait nobody /usr/sbin/tcpd in.identd -w -l -e -o -t120 -linuxconf stream tcp wait root /usr/sbin/tcpd linuxconf --http +time stream tcp nowait nobody /usr/sbin/tcpd in.timed +uucp stream tcp nowait uucp /usr/sbin/tcpd /usr/lib/uucp/uucico -l --- tiger-3.2.3.orig/systems/Linux/2/check_release +++ tiger-3.2.3/systems/Linux/2/check_release @@ -25,6 +25,7 @@ # 01/15/2004 jfs Updated RedHat version (now it's 9 or greater), but # added a note regarding Progeny support... # 03/21/2005 jfs Use EGREP instead of grep -E +# 04/25/2007 jfs Update Debian version, current is 5.0 # #----------------------------------------------------------------------------- # TODO: @@ -79,6 +80,7 @@ haveallcmds CUT EGREP RM || exit 1 haveallfiles BASEDIR WORKDIR || exit 1 +# This code only works for old redhat releases, it does not cover Red Hat Enterprise or CentOS if [ -e /etc/redhat-release ] then REDHAT_VERSION=`$CUT -f5 -d' ' /etc/redhat-release` @@ -91,7 +93,9 @@ # Also notice that Progeny does provide official support # for 7.2, 7.3, 8.0 and 9.0 starting January 1, 2004 # (but only for x86) see http://transition.progeny.com/ - if [ $MAJOR -lt 9 ] + + # Note: There is no RedHat 10, used only for comparison + if [ $MAJOR -lt 10 ] then message FAIL osv001f "" "Out of date Redhat Linux version $REDHAT_VERSION" @@ -121,10 +125,10 @@ then MAJOR=`echo $DEBIAN_VERSION | $CUT -d \. -f 1` MINOR=`echo $DEBIAN_VERSION | $CUT -d \. -f 2` - if [ "$MAJOR" -lt 3 ] + if [ "$MAJOR" -lt 5 ] then message FAIL osv002f "" "Out of date Debian GNU/Linux version \`$DEBIAN_VERSION'" - elif [ "$MAJOR" -eq 3 -a "$MINOR" -lt 0 ] + elif [ "$MAJOR" -eq 5 -a "$MINOR" -lt 0 ] then message FAIL osv002f "" "Out of date Debian GNU/Linux version \`$DEBIAN_VERSION'" fi --- tiger-3.2.3.orig/systems/Linux/2/gen_mounts +++ tiger-3.2.3/systems/Linux/2/gen_mounts @@ -54,6 +54,10 @@ # of unexistant symlinks (See Debian bug 434333) # Linux/2/gen_mounts - 11/27/2008 - Added ecryptfs, used by ecryptfs-utils (See Debian bug 506512) # - Fix bashism (Debian bug #505939) +# Linux/2/gen_mounts - 05/25/2009 - Added davfs, fuse and ext4 (Debian bug 524722, 498468, 512567) +# Linux/2/gen_mounts - 07/01/2010 - Added fuse.ltspfs (Debian bug 587507) +# Linux/2/gen_mounts - 10/06/2010 - Added btrfs (Debian bug 598792) +# Linux/2/gen_mounts - 14/01/2011 - Added xenfs (Savannah bug 32126) #----------------------------------------------------------------------------- # @@ -105,8 +109,10 @@ [ "$1" = "ext" ] && LOCAL=0 [ "$1" = "ext2" ] && LOCAL=0 [ "$1" = "ext3" ] && LOCAL=0 + [ "$1" = "ext4" ] && LOCAL=0 [ "$1" = "auto" ] && LOCAL=0 [ "$1" = "vzfs" ] && LOCAL=0 # VPS virtual partition + [ "$1" = "simfs" ] && LOCAL=0 # OpenVZ virtual partition [ "$1" = "reiserfs" ] && LOCAL=0 [ "$1" = "reiser4" ] && LOCAL=0 [ "$1" = "xfs" ] && LOCAL=0 @@ -118,6 +124,7 @@ [ "$1" = "coherent" ] && LOCAL=0 [ "$1" = "xenix" ] && LOCAL=0 [ "$1" = "hpfs" ] && LOCAL=0 + [ "$1" = "btrfs" ] && LOCAL=0 [ "$1" = "rootfs" ] && LOCAL=0 # Provides an empty root directory for the bootstrap phase [ "$1" = "shm" ] && LOCAL=0 # IPC-shared memory regions [ "$1" = "tmpfs" ] && LOCAL=0 # Temporary files (kept in RAM unless swapped) @@ -130,7 +137,9 @@ [ "$1" = "fuse.truecrypt" ] && LOCAL=0 # Encrypted filesystem, used in Ubuntu 'hardy' [ "$1" = "fuse.encfs" ] && LOCAL=0 # Encrypted filesystem [ "$1" = "fuse.gvfs-fuse-daemon" ] && LOCAL=0 # Used in Ubuntu 'hardy' + [ "$1" = "fuse.ltspfs" ] && LOCAL=0 # Used by LTSP 5.x [ "$1" = "ecryptfs" ] && LOCAL=0 # Encrypted filesystem used by ecryptfs-utils + [ "$1" = "xenfs" ] && LOCAL=0 # Virtual fs for Xen # Filesystems of other OS [ "$1" = "msdos" ] && LOCAL=1 [ "$1" = "umsdos" ] && LOCAL=1 @@ -180,10 +189,12 @@ [ "$1" = "hugetlbf" ] && LOCAL=1 [ "$1" = "subfs" ] && LOCAL=1 [ "$1" = "futexfs" ] && LOCAL=1 # futex (Fast Userspace Locking) mechanism + [ "$1" = "fuse" ] && LOCAL=1 [ "$1" = "vmblock" ] && LOCAL=1 # Vmware filesystem [ "$1" = "debugfs" ] && LOCAL=1 # Debugging filesystem see # http://lwn.net/Articles/115405/ [ "$1" = "configfs" ] && LOCAL=1 + [ "$1" = "davfs" ] && LOCAL=1 # Other filesystems we don't support [ "$1" = "adfs" ] && LOCAL=1 [ "$1" = "affs" ] && LOCAL=1 --- tiger-3.2.3.orig/systems/Linux/2/check_umask +++ tiger-3.2.3/systems/Linux/2/check_umask @@ -0,0 +1,202 @@ +#!/bin/sh +# +# tiger - A UN*X security checking system +# Copyright (C) 2003, 2009 Javier Fernandez-Sanguino Pen~a +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# Please see the file `COPYING' for the complete copyright notice. +# +# check_umask - 04/15/2003 +# +# Checks if there is a umask setting for login shells so that users +# are not (by default) creating files witn insecure permissions. +# +# This check has been separated from check_logfiles since it's a broader check. +# The command requirements have been modified to adjust to what it's really +# needed. +# +# 05/21/2009 - jfs - Enhance checks so that different messages are provided +# based on installed shells +# 01/13/2004 - jfs - Fixed syntax error in the previous patch +# 10/19/2003 - jfs - Applied patch from Ryan Bradetich adding 077 umask +# to the valid list. +# 08/09/2003 - jfs - Fixed the script so it does not grok if no valid +# umask entries are available +# 05/01/2003 - jfs - Fixed dependancies +# +#----------------------------------------------------------------------------- +# TODO +# - The script will not work properly if the 'umask' string is present +# in the script but it's not a valid call to the umask setting. +# It will not work properly either if more than 1 occurances of umask are +# present. +# - The script does not handle UMASK definition in /etc/login.defs if defined in +# octal mode +# - The script does not handle umask when it is defined through the pam_umask +# service for all shells +# +#----------------------------------------------------------------------------- +# +TigerInstallDir='.' + +# +# Set default base directory. +# Order or preference: +# -B option +# TIGERHOMEDIR environment variable +# TigerInstallDir installed location +# +basedir=${TIGERHOMEDIR:=$TigerInstallDir} + +for parm +do + case $parm in + -B) basedir=$2; break;; + esac +done + +# +# Verify that a config file exists there, and if it does +# source it. +# +[ ! -r $basedir/config ] && { + echo "--ERROR-- [init002e] No 'config' file in \`$basedir'." + exit 1 +} + +. $basedir/config + +. $BASEDIR/initdefs + +# +# If run in test mode (-t) this will verify that all required +# elements are set. +# +[ "$Tiger_TESTMODE" = 'Y' ] && { + haveallcmds CUT EXPAND GREP HEAD SED TAIL WC || exit 1 + haveallfiles BASEDIR WORKDIR || exit 1 + haveallvars TESTLINK HOSTNAME + + echo "--CONFIG-- [init003c] $0: Configuration ok..." + exit 0 +} + +#------------------------------------------------------------------------ + +echo +echo "# Checking for correct umask settings for user login shells..." + +haveallcmds CUT EXPAND GREP HEAD SED TAIL WC || exit 1 +haveallfiles BASEDIR WORKDIR || exit 1 + + +##### +# Check to ensure that the umask is set correctly +##### + +Foundumask=0 + +# Files to look for include: +# - /etc/login.defs : used by login (PAM) to set common values across any login shell +# - /etc/profile: used by Bash +# - /etc/bash.bashrc: used by Bash +# - /etc/bashrc: used by Bash +# - /etc/csh.login: used by csh and tcsh +# - /etc/csh.cshrc: used by csh and tcsh +# - /etc/csh/login.d/*: used by csh and tcsh + +# First check PAM's default since it applies to all shells +GLOBALFILE="/etc/login.defs" +if [ -r $GLOBALFILE ] ; then + GLOBALUMASK=`$GREP ^UMASK $GLOBALFILE \ + | $EXPAND \ + | $CUT -d" " -f3` +fi + +if [ -z "$GLOBALUMASK" ]; then + message WARN misc026w "" "There is no default umask settings for user login shells in $GLOBALFILE" +else + [ "$GLOBALUMASK" != "002" -a "$GLOBALUMASK" != "022" -a "$GLOBALUMASK" != "027" -a "$GLOBALUMASK" != "077" ] && + message FAIL misc022f '' "The default umask setting in $GLOBALFILE for users is insecure ($GLOBALUMASK)" +fi + +check_umask() +{ + file=$1 + [ ! -r "$file" ] && return 0 + + Occurance=`$GREP umask $file |$GREP -v ^# | $WC -l` + + if [ $Occurance -gt 0 ]; then + Foundumask=1 + UMASK=`$GREP umask $file \ + | $GREP -v ^\# \ + | $EXPAND \ + | $HEAD -n 1 \ + | $SED -e "s/^.*umask//"\ + | $CUT -d" " -f2` + + if [ -n "$UMASK" ] ; then + [ "$UMASK" != "002" -a "$UMASK" != "022" -a "$UMASK" != "027" -a "$UMASK" != "077" ] && + message FAIL misc022f '' "The umask setting in $file for users is insecure ($UMASK)" + else + message WARN misc021w "" "There are no valid umask definitions in $file" + fi + fi + if [ $Occurance -gt 1 ]; then + message WARN misc023w '' "There are more than one umask entry in $file (total of $Occurance umask definitions)" + fi + return $Occurance +} + +# Dash +# Note: Dash only reads /etc/profile so analyse this one first +shellname="dash" +Findumask=0 +check_umask /etc/profile || Findumask=1 +# Warn if dash is installed and no definitions have been found +if [ $Findumask -eq 0 ] && [ -x /bin/dash ] ; then + message WARN misc021w "" "There is no umask definition for the $shellname shell" +fi +# Same with ksh +shellname="ksh" +if [ $Findumask -eq 0 ] && [ -x /bin/ksh ] ; then + message WARN misc021w "" "There is no umask definition for the $shellname shell" +fi + +# Bash +shellname="bash" +# Do not reset Findumask here: +# In addition to /etc/profile (tested previously) bash manages other +# configuration files for login shells: +for file in /etc/bash.bashrc /etc/bashrc +do + check_umask $file || Findumask=1 +done +# Warn if bash is installed and no definitions have been found +if [ $Findumask -eq 0 ] && [ -x /bin/bash ] ; then + message WARN misc021w "" "There is no umask definition for the $shellname shell" +fi + +# Csh/Tcsh +shellname="csh/tcsh" +Findumask=0 +for file in /etc/csh.login /etc/csh.cshrc /etc/csh/login.d/* +do + check_umask $file || Findumask=1 +done +# Warn if csh/tcsh are installed and no definitions have been found +if [ $Findumask -eq 0 ] && [ -x /bin/csh -o -x /usr/bin/tcsh ] ; then + message WARN misc021w "" "There is no umask definition for the $shellname shell" +fi + + --- tiger-3.2.3.orig/systems/Linux/2/check_rcumask +++ tiger-3.2.3/systems/Linux/2/check_rcumask @@ -17,6 +17,8 @@ # # check_rcumask - Sat May 18 17:50:00 CEST 2002 # +# check_rcumask - 05/21/2009 - jfs - Remove shell login umasks and add Debian's /etc/init.d/rc. +# Adjust haveallcmds definition # check_rcumask - 06/23/2007 - jfs - Fix syntax error (Debian bug #430224) # check_rcumask - 06/21/2007 - jfs - Skip comment lines (Debian bug #418531) # check_rcumask - 05/20/2006 - jfs - Use TAIL properly (POSIX 1003.2-1992) @@ -31,7 +33,9 @@ # Included patch to check for more source files # # Checks if there is a umask setting for the init.d scripts (rc) so that -# these create files with a proper mode (644). +# the init scripts create files with a proper mode (umask 022 so that files +# are created at least with 0644 permissions). +# # Done based on scripts/check_logfiles (since the code to look for umasks # is there already). The code is included only on Linux scripts since it # has not been tested in other environments. @@ -74,7 +78,7 @@ # elements are set. # [ "$Tiger_TESTMODE" = 'Y' ] && { - haveallcmds HEAD TAIL GREP EXPAND SED CAT SORT AWK LS RM || exit 1 + haveallcmds HEAD TAIL GREP EXPAND SED CUT || exit 1 haveallfiles BASEDIR WORKDIR || exit 1 haveallvars TESTLINK HOSTNAME @@ -87,7 +91,7 @@ echo echo "# Checking for correct umask settings for init scripts..." -haveallcmds HEAD TAIL GREP EXPAND SED CAT SORT LS AWK || exit 1 +haveallcmds HEAD TAIL GREP EXPAND SED CUT || exit 1 ##### @@ -96,12 +100,9 @@ Foundumask=0 -# Files include Debian's rcS, Titan's umask.sh file and Red Hat default -# source for initscripts -# /etc/rc.d/init.d/functions, C-Shell's /etc/csh.login, Bash's /etc/profile -# and PAM's /etc/login.defs -# (deprecated, but for backward compatibility) -for file in '/etc/init.d/rcS' '/etc/rc.d/init.d/umask.sh' '/etc/init.d/umask.sh' '/etc/rc.d/init.d/functions' '/etc/csh.login' '/etc/profile' +# Files include Debian's rc and rcS, Titan's umask.sh file and Red Hat default +# source for initscripts: /etc/rc.d/init.d/functions +for file in '/etc/init.d/rcS' '/etc/rc.d/init.d/umask.sh' '/etc/init.d/umask.sh' '/etc/rc.d/init.d/functions' '/etc/init.d/rc' do [ -r $file ] && { --- tiger-3.2.3.orig/systems/Linux/2/config +++ tiger-3.2.3/systems/Linux/2/config @@ -49,6 +49,9 @@ # Linux/2/config - 03/31/2005 - jfs - Changed GROUPC to GROUPSS # Linux/2/config - 04/17/2005 - jfs - Added IPTABLES and CMP # Linux/2/config - 05/20/2006 - jfs - Use TAIL properly (POSIX 1003.2-1992) +# Linux/2/config - 04/25/2009 - jfs - Use apache2 directory if available in Debian +# Linux/2/config - 01/14/2011 - jfs - Add /dev/shm and /lib/init/rw +# to the writable filesystems (common tmpfs) (Debian bug #317329) # #----------------------------------------------------------------------------- @@ -150,7 +153,7 @@ ID=`findcmd id` EXPAND=`findcmd expand` # We use sendmail better than mail since we use it to -# send appropiate headers +# send appropriate headers MAILER=`findcmd sendmail` [ -z "$MAILER" ] && MAILER=`findcmd mail` LSOF=`findcmd lsof` @@ -241,7 +244,14 @@ # For Apache server configuration APACHECONFDIR="/etc/httpd/conf/" -[ "$LXDISTRIBUTION" = "debian" ] && APACHECONFDIR="/etc/apache/" +if [ "$LXDISTRIBUTION" = "debian" ] ; then + # Old Apache + APACHECONFDIR="/etc/apache/" + # Use new Apache if available + if [ -d /etc/apache2 ] ; then + APACHECONFDIR="/etc/apache2/" + fi +fi [ "$LXDISTRIBUTION" = "suse" ] && APACHECONFDIR="/etc/httpd/" # For SSHd configuration if [ -f /etc/ssh/sshd_config ] @@ -302,7 +312,7 @@ LOCFS=ext2 export LOCFS -FS_WDIRSYS="/tmp/ /var/tmp/ /var/spool/mail/" +FS_WDIRSYS="/tmp/ /var/tmp/ /var/spool/mail/ /dev/shm /lib/init/rw" export FS_WDIRSYS # SYSDEFAULTPATH="/bin:/usr/bin" --- tiger-3.2.3.orig/systems/Linux/2/gen_export_sets +++ tiger-3.2.3/systems/Linux/2/gen_export_sets @@ -18,7 +18,7 @@ # Linux/2/gen_export_sets - 12/03/2001 # # 12/03/2001 jfs Make it export sets that can be understood by check_exports -# this way it can appropiately find errors +# this way it can appropriately find errors # #----------------------------------------------------------------------------- # --- tiger-3.2.3.orig/systems/Linux/2/debian_advisories +++ tiger-3.2.3/systems/Linux/2/debian_advisories @@ -9657,6 +9657,562 @@ perl-base 5.6.1-8.8 sparc DSA-620-1 perl 2004-12-30 perl-debug 5.6.1-8.8 sparc DSA-620-1 perl 2004-12-30 perl-suid 5.6.1-8.8 sparc DSA-620-1 perl 2004-12-30 +iceweasel-gnome-support 3.0.6-3 all DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 alpha DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 alpha DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 amd64 DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 amd64 DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 arm DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 arm DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 armel DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 armel DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 hppa DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 hppa DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 i386 DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 i386 DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 ia64 DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 ia64 DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 mips DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 mips DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 mipsel DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 mipsel DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 powerpc DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 powerpc DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 s390 DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 s390 DSA-1886-1 iceweasel 2009-9-14 +iceweasel-dbg 3.0.6-3 sparc DSA-1886-1 iceweasel 2009-9-14 +iceweasel 3.0.6-3 sparc DSA-1886-1 iceweasel 2009-9-14 +phpmyadmin 2.9.1.1-11 all DSA-1824-1 phpmyadmin 2009-6-25 +wesnoth-data 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-music 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-tsg 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-trow 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-ttb 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-ei 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-utbs 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-httt 1.2-5 all DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 alpha DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 alpha DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 alpha DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 amd64 DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 amd64 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 amd64 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 arm DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 arm DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 arm DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 hppa DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 hppa DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 hppa DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 i386 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 i386 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 i386 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 ia64 DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 ia64 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 ia64 DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 mipsel DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 mipsel DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 mipsel DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 powerpc DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 powerpc DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 powerpc DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 s390 DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 s390 DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 s390 DSA-1737-1 wesnoth 2009-3-11 +wesnoth 1.2-5 sparc DSA-1737-1 wesnoth 2009-3-11 +wesnoth-server 1.2-5 sparc DSA-1737-1 wesnoth 2009-3-11 +wesnoth-editor 1.2-5 sparc DSA-1737-1 wesnoth 2009-3-11 +tunapie 2.1.8-2 all DSA-1764-1 tunapie 2009-4-07 +libnspr4-0d 4.7.1-5 alpha DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 alpha DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 alpha DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 amd64 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 amd64 DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 amd64 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 arm DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 arm DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 arm DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 armel DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 armel DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 armel DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 hppa DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 hppa DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 hppa DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 i386 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 i386 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 i386 DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 ia64 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 ia64 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 ia64 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 mips DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 mips DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 mips DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 mipsel DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 mipsel DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 mipsel DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 powerpc DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 powerpc DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 powerpc DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 s390 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 s390 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 s390 DSA-1931-1 nspr 2009-11-08 +libnspr4-0d 4.7.1-5 sparc DSA-1931-1 nspr 2009-11-08 +libnspr4-0d-dbg 4.7.1-5 sparc DSA-1931-1 nspr 2009-11-08 +libnspr4-dev 4.7.1-5 sparc DSA-1931-1 nspr 2009-11-08 +ikiwiki 2.53.4 all DSA-1875-1 ikiwiki 2009-8-31 +libtiff-doc 3.8.2-11.2 all DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 alpha DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 alpha DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 alpha DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 alpha DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 alpha DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 amd64 DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 amd64 DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 amd64 DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 amd64 DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 amd64 DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 arm DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 arm DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 arm DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 arm DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 arm DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 armel DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 armel DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 armel DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 armel DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 armel DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 hppa DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 hppa DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 hppa DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 hppa DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 hppa DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 i386 DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 i386 DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 i386 DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 i386 DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 i386 DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 ia64 DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 ia64 DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 ia64 DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 ia64 DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 ia64 DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 mips DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 mips DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 mips DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 mips DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 mips DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 mipsel DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 mipsel DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 mipsel DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 mipsel DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 mipsel DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 powerpc DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 powerpc DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 powerpc DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 powerpc DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 powerpc DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 s390 DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 s390 DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 s390 DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 s390 DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 s390 DSA-1835-1 tiff 2009-7-15 +libtiff-opengl 3.8.2-11.2 sparc DSA-1835-1 tiff 2009-7-15 +libtiff-tools 3.8.2-11.2 sparc DSA-1835-1 tiff 2009-7-15 +libtiff4-dev 3.8.2-11.2 sparc DSA-1835-1 tiff 2009-7-15 +libtiffxx0c2 3.8.2-11.2 sparc DSA-1835-1 tiff 2009-7-15 +libtiff4 3.8.2-11.2 sparc DSA-1835-1 tiff 2009-7-15 +libnss-ldapd 0.6.7.1 alpha DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 amd64 DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 arm DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 armel DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 hppa DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 i386 DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 ia64 DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 mips DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 mipsel DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 powerpc DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 s390 DSA-1758-1 nss-ldapd 2009-3-30 +libnss-ldapd 0.6.7.1 sparc DSA-1758-1 nss-ldapd 2009-3-30 +libapr1 1.2.7-9 alpha DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 alpha DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 alpha DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 amd64 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 amd64 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 amd64 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 arm DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 arm DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 arm DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 i386 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 i386 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 i386 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 ia64 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 ia64 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 ia64 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 mips DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 mips DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 mips DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 mipsel DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 mipsel DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 mipsel DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 powerpc DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 powerpc DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 powerpc DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 s390 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 s390 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 s390 DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dev 1.2.7-9 sparc DSA-1854-1 apr, apr-util 2009-8-08 +libapr1 1.2.7-9 sparc DSA-1854-1 apr, apr-util 2009-8-08 +libapr1-dbg 1.2.7-9 sparc DSA-1854-1 apr, apr-util 2009-8-08 +phpmyadmin 2.9.1.1-10 all DSA-1723-1 phpmyadmin 2009-2-11 +rails 2.1.0-7 all DSA-1887-1 rails 2009-9-15 +psi 0.11-9 alpha DSA-1741-1 psi 2009-3-14 +psi 0.11-9 amd64 DSA-1741-1 psi 2009-3-14 +psi 0.11-9 arm DSA-1741-1 psi 2009-3-14 +psi 0.11-9 armel DSA-1741-1 psi 2009-3-14 +psi 0.11-9 hppa DSA-1741-1 psi 2009-3-14 +psi 0.11-9 i386 DSA-1741-1 psi 2009-3-14 +psi 0.11-9 ia64 DSA-1741-1 psi 2009-3-14 +psi 0.11-9 mips DSA-1741-1 psi 2009-3-14 +psi 0.11-9 mipsel DSA-1741-1 psi 2009-3-14 +psi 0.11-9 powerpc DSA-1741-1 psi 2009-3-14 +psi 0.11-9 s390 DSA-1741-1 psi 2009-3-14 +psi 0.11-9 sparc DSA-1741-1 psi 2009-3-14 +phpmyadmin 2.9.1.1-13 all DSA-1918-1 phpmyadmin 2009-10-25 +libpoppler-dev 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 alpha DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 amd64 DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 arm DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 armel DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 hppa DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 i386 DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 ia64 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 mips DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 mipsel DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 powerpc DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 s390 DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-3 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +poppler-utils 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +poppler-dbg 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler-glib3 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler3 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler-qt4-dev 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler-glib-dev 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler-qt2 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler-qt-dev 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libpoppler-dev 0.8.7-3 sparc DSA-1941-1 poppler 2009-11-25 +libmozillainterfaces-java 1.9.0.16-1 all DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 alpha DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 alpha DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 alpha DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 alpha DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 alpha DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 alpha DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 amd64 DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 amd64 DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 amd64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 amd64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 amd64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 amd64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 hppa DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 hppa DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 hppa DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 hppa DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 hppa DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 hppa DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 i386 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 i386 DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 i386 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 i386 DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 i386 DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 i386 DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 ia64 DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 ia64 DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 ia64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 ia64 DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 ia64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 ia64 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 mips DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 mips DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 mips DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 mips DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 mips DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 mips DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 mipsel DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 mipsel DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 mipsel DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 mipsel DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 mipsel DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 mipsel DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 powerpc DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 powerpc DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 powerpc DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 powerpc DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 powerpc DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 powerpc DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 s390 DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 s390 DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 s390 DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 s390 DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 s390 DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 s390 DSA-1956-1 xulrunner 2009-12-16 +python-xpcom 1.9.0.16-1 sparc DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d 1.9.0.16-1 sparc DSA-1956-1 xulrunner 2009-12-16 +xulrunner-dev 1.9.0.16-1 sparc DSA-1956-1 xulrunner 2009-12-16 +libmozjs-dev 1.9.0.16-1 sparc DSA-1956-1 xulrunner 2009-12-16 +libmozjs1d-dbg 1.9.0.16-1 sparc DSA-1956-1 xulrunner 2009-12-16 +spidermonkey-bin 1.9.0.16-1 sparc DSA-1956-1 xulrunner 2009-12-16 +smarty 2.6.20-1.2 all DSA-1919-1 smarty 2009-10-25 +dpkg-dev 1.14.29 all DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 alpha DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 alpha DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 amd64 DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 amd64 DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 arm DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 arm DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 armel DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 armel DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 hppa DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 hppa DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 i386 DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 i386 DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 ia64 DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 ia64 DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 mips DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 mips DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 mipsel DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 mipsel DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 powerpc DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 powerpc DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 s390 DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 s390 DSA-2011-1 dpkg 2010-3-10 +dpkg 1.14.29 sparc DSA-2011-1 dpkg 2010-3-10 +dselect 1.14.29 sparc DSA-2011-1 dpkg 2010-3-10 +libmozillainterfaces-java 1.9.0.19-1 all DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 alpha DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 alpha DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 alpha DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 alpha DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 alpha DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 alpha DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 amd64 DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 amd64 DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 amd64 DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 amd64 DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 amd64 DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 amd64 DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 arm DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 arm DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 arm DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 arm DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 arm DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 arm DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 armel DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 armel DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 armel DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 armel DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 armel DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 armel DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 hppa DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 hppa DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 hppa DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 hppa DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 hppa DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 hppa DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 i386 DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 i386 DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 i386 DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 i386 DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 i386 DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 i386 DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 ia64 DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 ia64 DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 ia64 DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 ia64 DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 ia64 DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 ia64 DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 powerpc DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 powerpc DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 powerpc DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 powerpc DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 powerpc DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 powerpc DSA-2027-1 xulrunner 2010-4-03 +spidermonkey-bin 1.9.0.19-1 sparc DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d 1.9.0.19-1 sparc DSA-2027-1 xulrunner 2010-4-03 +python-xpcom 1.9.0.19-1 sparc DSA-2027-1 xulrunner 2010-4-03 +libmozjs1d-dbg 1.9.0.19-1 sparc DSA-2027-1 xulrunner 2010-4-03 +libmozjs-dev 1.9.0.19-1 sparc DSA-2027-1 xulrunner 2010-4-03 +xulrunner-dev 1.9.0.19-1 sparc DSA-2027-1 xulrunner 2010-4-03 +ikiwiki 2.53.5 all DSA-2020-1 ikiwiki 2010-3-20 +libmozillainterfaces-java 1.9.0.18-1 all DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 alpha DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 alpha DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 alpha DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 alpha DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 alpha DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 alpha DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 amd64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 amd64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 amd64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 amd64 DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 amd64 DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 amd64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 arm DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 arm DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 arm DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 arm DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 arm DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 arm DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 armel DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 armel DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 armel DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 armel DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 armel DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 armel DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 hppa DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 hppa DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 hppa DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 hppa DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 hppa DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 hppa DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 i386 DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 i386 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 i386 DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 i386 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 i386 DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 i386 DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 ia64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 ia64 DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 ia64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 ia64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 ia64 DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 ia64 DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 mips DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 mips DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 mips DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 mips DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 mips DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 mips DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 mipsel DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 mipsel DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 mipsel DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 mipsel DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 mipsel DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 mipsel DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 powerpc DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 powerpc DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 powerpc DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 powerpc DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 powerpc DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 powerpc DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 s390 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 s390 DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 s390 DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 s390 DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 s390 DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 s390 DSA-1999-1 xulrunner 2010-2-18 +python-xpcom 1.9.0.18-1 sparc DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d-dbg 1.9.0.18-1 sparc DSA-1999-1 xulrunner 2010-2-18 +xulrunner-dev 1.9.0.18-1 sparc DSA-1999-1 xulrunner 2010-2-18 +spidermonkey-bin 1.9.0.18-1 sparc DSA-1999-1 xulrunner 2010-2-18 +libmozjs-dev 1.9.0.18-1 sparc DSA-1999-1 xulrunner 2010-2-18 +libmozjs1d 1.9.0.18-1 sparc DSA-1999-1 xulrunner 2010-2-18 backup-manager-doc 0.7.5-4 all DSA-1518-1 backup-manager 2008-3-15 backup-manager 0.7.5-4 all DSA-1518-1 backup-manager 2008-3-15 gs 8.01-6 all DSA-1510-1 ghostscript 2008-2-27 @@ -9673,6 +10229,7 @@ gs-gpl 8.01-6 s390 DSA-1510-1 ghostscript 2008-2-27 gs-gpl 8.01-6 sparc DSA-1510-1 ghostscript 2008-2-27 phpmyadmin 2.9.1.1-7 all DSA-1557-1 phpmyadmin 2008-4-24 +phpmyadmin 2.9.1.1-8 all DSA-1641-1 phpmyadmin 2008-9-20 openssh-blacklist 0.1.1 all DSA-1576-1 openssh 2008-5-14 xsltproc 1.1.19-3 alpha DSA-1624-1 libxslt 2008-7-31 libxslt1-dbg 1.1.19-3 alpha DSA-1624-1 libxslt 2008-7-31 @@ -9797,6 +10354,18 @@ libexiv2-dev 0.10-1.5 s390 DSA-1474-1 exiv2 2008-1-23 libexiv2-dev 0.10-1.5 sparc DSA-1474-1 exiv2 2008-1-23 exiv2 0.10-1.5 sparc DSA-1474-1 exiv2 2008-1-23 +enscript 1.6.4-11.1 alpha DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 amd64 DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 arm DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 hppa DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 i386 DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 ia64 DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 mips DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 mipsel DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 powerpc DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 s390 DSA-1670-1 enscript 2008-11-24 +enscript 1.6.4-11.1 sparc DSA-1670-1 enscript 2008-11-24 +phpmyadmin 2.9.1.1-9 all DSA-1675-1 phpmyadmin 2008-11-30 libflac-doc 1.1.2-8 all DSA-1469-1 flac 2008-1-20 liboggflac-dev 1.1.2-8 alpha DSA-1469-1 flac 2008-1-20 liboggflac3 1.1.2-8 alpha DSA-1469-1 flac 2008-1-20 --- tiger-3.2.3.orig/systems/default/check_ndd +++ tiger-3.2.3/systems/default/check_ndd @@ -87,7 +87,7 @@ while read dev parm good level mesgid mesg do - ([ -z "$dev" ] || [[ $dev = \#* ]]) && continue + ([ -z "$dev" ] || [ $dev = \#* ]) && continue val=`$NDD -get $dev $parm 2>/dev/null` eval "case \"$val\" in $good) --- tiger-3.2.3.orig/audit/README +++ tiger-3.2.3/audit/README @@ -15,7 +15,7 @@ file for Windows 2000/XP/2003) that will extract the relevant information from the system (installed software and patches, permissions, TCP/IP listeners, processes, etc.) and allow you to review -that information manually and fill in the appropiate checklist. +that information manually and fill in the appropriate checklist. These scripts are derived from Marc Heuse's set of audit scripts [1]. Similar tools include Sen Boran's UNIX/Linux local audit tool [2]. --- tiger-3.2.3.orig/audit/audit_windows.bat +++ tiger-3.2.3/audit/audit_windows.bat @@ -9,7 +9,7 @@ :: :: Please notice that this script is enhanced if you download some binary :: tools that provide additional information that cannot be retrieved -:: with Microsoft's tools. The appropiate tools are listed in each +:: with Microsoft's tools. The appropriate tools are listed in each :: place together with their download location. :: :: IF you receive this script together with the above mentioned tools