Bug#734775: tiger: nologin path incorrect in three scripts for debian use
Package: tiger
Version: 1:3.2.3-11
Severity: normal
Dear Maintainer,
The nologin path should be /usr/sbin/nologin for these three instances:
/bin/false|/usr/bin/false|/dev/null|/sbin/nologin|/bin/true)
/usr/lib/tiger/scripts/check_passwd
/bin/false|/usr/bin/false|/sbin/nologin)
/usr/lib/tiger/scripts/check_anonftp
if (( $shell ne '/bin/false' ) || ( $shell ne '/sbin/nologin' )) {
/usr/lib/tiger/scripts/check_network
# - Some 'valid' shells such as nologin or noshell might be listed under
/usr/lib/tiger/scripts/check_accounts
Thanks,
Ian
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (800, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tiger depends on:
ii binutils 2.23.90.20131116-1
ii bsdmainutils 9.0.5
ii debconf [debconf-2.0] 1.5.52
ii libc6 2.17-96
ii net-tools 1.60-25
ii ucf3.0027+nmu1
Versions of packages tiger recommends:
ii chkrootkit 0.49-4.1
ii john1.8.0-1
ii postfix [mail-transport-agent] 2.10.2-1
pn tripwire | aide none
Versions of packages tiger suggests:
ii lsof 4.86+dfsg-1
-- Configuration Files:
/etc/tiger/cronrc changed [not included]
/etc/tiger/tiger.ignore changed [not included]
-- debconf information excluded
-- debsums errors found:
debsums: changed file /usr/lib/tiger/systems/Linux/2/deb_checkmd5sums (from
tiger package)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#726645: dbus: tiger reports vulnerability with dbus-daemon-launch-helper
Package: dbus Version: 1.6.16-1 Severity: normal The tiger script check_suid does the equivalent of: strings dbus-daemon-launch-helper | grep -E '\.\./' And finds: ../../dbus/dbus-connection.c ../../dbus/dbus-errors.c ../../dbus/dbus-message.c ../../dbus/dbus-pending-call.c ../../dbus/dbus-signature.c ../../dbus/dbus-watch.c ../../dbus/dbus-bus.c ../../dbus/dbus-server.c Please remove these strings. Thanks, Ian -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.10-3-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dbus depends on: ii adduser3.113+nmu3 ii libc6 2.17-93 ii libdbus-1-31.6.16-1 ii libexpat1 2.1.0-4 ii libselinux12.1.13-3 ii libsystemd-login0 204-5 ii lsb-base 4.1+Debian12 dbus recommends no packages. Versions of packages dbus suggests: ii dbus-x11 1.6.16-1 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#725190: tiger: getting misc020f after adding procs to tigerrc
Package: tiger Version: 1:3.2.3-11 Severity: normal Dear Maintainer, I am still getting misc020f after adding suggested /sbin/klogd /sbin/syslogd to tigerrc Tiger_Running_Procs variable. This was the fix instructed by tigexp. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-8 ii bsdmainutils 9.0.5 ii debconf [debconf-2.0] 1.5.50 ii libc6 2.17-3 ii net-tools 1.60-25 ii ucf3.0027 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii john1.7.8-1 ii postfix [mail-transport-agent] 2.10.0-3 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#725100: tiger: dev003w is thrown on a stock debian install.
Package: tiger Version: 1:3.2.3-11 Severity: normal Dear Maintainer, dev003w dev002f are thrown on a stock debian install. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-8 ii bsdmainutils 9.0.5 ii debconf [debconf-2.0] 1.5.50 ii libc6 2.17-3 ii net-tools 1.60-25 ii ucf3.0027 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii john1.7.8-1 ii postfix [mail-transport-agent] 2.10.0-3 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724504: tiger: lin001w is warning me about packages that are generated on the install of the kernel
Package: tiger Version: 1:3.2.3-11 Severity: normal Dear Maintainer, The files lin001w warns me about are generated in the install of the kernel. They should be ignored in tiger by default. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-8 ii bsdmainutils 9.0.5 ii debconf [debconf-2.0] 1.5.50 ii libc6 2.17-3 ii net-tools 1.60-25 ii ucf3.0027 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii john1.7.8-1 ii postfix [mail-transport-agent] 2.10.0-3 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724328: tiger: perm023a alert when setuid/setguid is set to default permissions
Package: tiger Version: 1:3.2.3-11 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** * Ran a tiger report and received perm023a alerts for permissions settings which were not different than default debian settings. /bin/su setuid to 'root' -- same as default debian /usr/bin/at is setuid to 'daemon' -- same as default debian /usr/bin/at is setgid to 'daemon' -- same as default debian /usr/bin/passwd is setuid to 'root' -- same as default debian /usr/bin/wall is setgid to 'tty' -- same as default debian Tiger should not alert me about this, as they are upstream standard. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-8 ii bsdmainutils 9.0.5 ii debconf [debconf-2.0] 1.5.50 ii libc6 2.17-3 ii net-tools 1.60-25 ii ucf3.0027 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii john1.7.8-1 ii postfix [mail-transport-agent] 2.10.0-3 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724334: tiger: When /var/mail is a logical volume, it should ignore kis008w
Package: tiger Version: 1:3.2.3-11 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** Ran tiger report and got warning kis008w. When /var/mail is a logical volume, tiger should ignore this. *** End of the template - remove these lines *** -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.22-8 ii bsdmainutils 9.0.5 ii debconf [debconf-2.0] 1.5.50 ii libc6 2.17-3 ii net-tools 1.60-25 ii ucf3.0027 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii john1.7.8-1 ii postfix [mail-transport-agent] 2.10.0-3 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724335: tiger: misc021w is telling me no umask entry for /etc/init.d/rcS but umask already defined
Package: tiger
Version: 1:3.2.3-11
Severity: normal
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
if you do sudo find /etc -type f -exec grep -i umask {} \; -print you will see
that umask is defined in login.defs and picked up by pam_umask. There is no
reason for tiger to look for
a umask entry in /etc/init.d/rcS
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tiger depends on:
ii binutils 2.22-8
ii bsdmainutils 9.0.5
ii debconf [debconf-2.0] 1.5.50
ii libc6 2.17-3
ii net-tools 1.60-25
ii ucf3.0027
Versions of packages tiger recommends:
ii chkrootkit 0.49-4.1
ii john1.7.8-1
ii postfix [mail-transport-agent] 2.10.0-3
pn tripwire | aide none
Versions of packages tiger suggests:
ii lsof 4.86+dfsg-1
-- Configuration Files:
/etc/tiger/tiger.ignore changed [not included]
-- debconf information excluded
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#723101: tiger looking for boot.conf instead of boot.cfg
Package: tiger Version: 1:3.2.3-11 Severity: normal Dear Maintainer, * I ran a tiger report, and I was given the boot03w warning. Tiger is looking for my boot configuration file in boot.conf. This debian install by default has boot.cfg instead of boot.conf. * I expected tiger to see the boot.cfg file -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.10-2-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tiger depends on: ii binutils 2.23.52.20130828-1 ii bsdmainutils 9.0.5 ii debconf [debconf-2.0] 1.5.51 ii libc6 2.17-92+b1 ii net-tools 1.60-25 ii ucf3.0027+nmu1 Versions of packages tiger recommends: ii chkrootkit 0.49-4.1 ii john1.8.0-1 ii postfix [mail-transport-agent] 2.10.2-1 pn tripwire | aide none Versions of packages tiger suggests: ii lsof 4.86+dfsg-1 -- Configuration Files: /etc/tiger/tiger.ignore changed [not included] -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720581: login package provides wrong dir for nologin
Package: login Version: 1:4.1.5.1-1 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? Tiger security tool warning * What exactly did you do (or not do) that was effective (or ineffective)? ran tiger security tool with nologin in /etc/shells/ * What was the outcome of this action? login package looked for nologin in /sbin/nologin while login package provides it in /usr/sbin/nologin * What outcome did you expect instead? *** End of the template - remove these lines *** -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages login depends on: ii libc6 2.17-3 ii libpam-modules 1.1.3-9 ii libpam-runtime 1.1.3-9 ii libpam0g1.1.3-9 login recommends no packages. login suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720350: (no subject)
Package: login Version: 1:4.1.5.1-1 Severity: normal Dear Maintainer, *** Please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these lines *** -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages login depends on: ii libc6 2.17-3 ii libpam-modules 1.1.3-9 ii libpam-runtime 1.1.3-9 ii libpam0g1.1.3-9 login recommends no packages. login suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
