Hi! Am Fri, Mar 14, 2003 at 08:01:47AM -0500, [EMAIL PROTECTED] schrieb: > I would like to know what the community is using for local security > scanners on linux boxes. There are many excellent remote security > scanners available, like nessus, and some hardening scripts like Bastille, > but few local security scanners aimed at finding security holes > accessible to users with local non-privileged accounts.
In Debian GNU/Linux, there exists (maybe there are others in Debian, too) the tiger package: tiger - Report system security vulnerabilities TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts, C programs and data files which are used to perform a security audit of UNIX systems. TIGER has one primary goal: report ways 'root' can be compromised. Debian's TIGER incorporates new checks primarily oriented towards Debian distribution including: md5sums checks of installed files, location of files not belonging to packages and check of security advisories. See http://savannah.nongnu.org/projects/tiger and http://www.net.tamu.edu/network/tools/tiger.html for details or say 'apt-get install tiger', if you're running Debian. :-) HTH. Kind regards, Axel Beckert -- -------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh IT-Securitylösungen * dynamische Webapplikationen * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-333 -------------------------------------------------------------- | | | Besuchen Sie uns auf der CeBIT vom 12. - 19. März 2003 | | Messe Hannover * Halle 17 * Stand F 36 | | http://www.cebit.de/ | | | --------------------------------------------------------------
