On Mon, Sep 02, 2002 at 04:09:21PM +0200, Ola Lundqvist wrote: > Hi > > > If you want a program to check for security flaws please use one designed > > for that > > precisely. Tiger is such a program. Just have the *flaws package recommend: > > or > > depend: on tiger. > > On the other hand tigher does a lot of other things too. But the link > you gave me was very interesting.
Tiger can be configured easily to just check *one* thing. Just customize the cron job at will. (..) > > Agreed. Without having too much digging in tiger it might be a good > idea. The contact I have had with tiger is not very pleasant because it > bugged me with a lot of non-issues. That is maybe the reason why I > deinstalled it. :) There are still false positives in tiger, the template mechanism, however, takes care so that an admin just sees a security warning *once* and not in every run of the security test script (It's a simple diff, mind you, but it works) Regards Javi