tiger (1:3.2.4~rc1-1) unstable; urgency=low * debian/postrm: Remove depth in find when purging to avoid warnings (LP: #665453) * debian/source/format: Explicitly define the source format. Set as 1.0 since the package will not use quilt as Savannah upstream is directly packaged into Debian * debian/rules: Fix FTCBFS: Let dh_auto_configure pass --host to ./configure. (Closes: #888041) * util/convert2html, util/genmsgidx: make the build reproducible with patch provided by Alexis Bienvenüe (Closes: #828226) * Include content from GIT upstream (3.2.4rc1 release): - systems/Linux/2/gen_mounts: Added fuse.clamfs and fuse.javafs filesystems (LP: #1204527, #1305057) - systems/Linux/2/check_release: + Update Debian version, current stable is 9.3 and list of old Debian versions + Add support to check for RHEL and Ubuntu releases. Now Ubuntu is no longer considered a Debian "unstable" version (LP: #248845) - scripts/check_accounts: Optimise as per suggestion by Arran Schlosberg - scripts/check_crontabs: Clean up gen_cron file content before it is used (Closes: #839635) - systems/Linux/2/check_lilo: Only complain if grub is world readable when it has a password configured (LP: #248843). Look for grub in the proper location (as used in Grub 2) - systems/Linux/2/check_release: Update Debian version, current stable is 9.3 and list of old Debian versions. Add support to check for RHEL and Ubuntu releases. Ubuntu is no longer considered a Debian "unstable" version (LP: #248845) - systems/Linux/2/deb_checkmd5sums: Optimise by avoiding checking files in /usr/share/ - tigerrc: Set +Tiger_Check_TRUSTED to 'N' (Closes: #722629) -- Javier Fernández-Sanguino Peña Sat, 10 Feb 2018 22:57:09 +0100 tiger (1:3.2.3-15) unstable; urgency=medium * Acknowledge previous NMU (thank you Francois Marier) (Closes: 830714, 830716, 848621) * debian/compat: Update to compatibility version 11 * debian/control: Update to standards version 4.1.3 - Remove debian/tiger.menu - Add the upstream key in debian/upstream and the 'gpsigurlmangle' in debian/watch - Use https url in debian/control VCS-Git headers - debian/tiger.menu: Remove as we already have a .desktop file as per Technical CTTE decission #741573 (and fix lintian error) - debian/rules: Add build-arch and build-indep targets (fix lintian error) * Include content provided in GIT repository upstream including: - script/check_accounts: Fix error when eval'ing code - script/check_passwd: Add a check of the sudoers files using visudo - systems/Linux/2/check: Disable deb_checkadvisories as the Debian website content does not provide information to generate up to date listing of advisories. This feature can be best implemented using apticron, cront-apt or painintheapt - systems/Linux/2/deb_checkmd5sums: Do not call prelink with -c - systems/Linux/2/gen_mounts: Update with a large number of filesystems currently supported in the Kernel. Additionally, to prevent false positives, try to determine if the filesystem is within the list of supported filesystems in the kernel by using two different mechanisms. This should reduce the number of configuration warnings in the future (and the need to update this script whenever a new, esoteric, filesystem is used) - util/genmsgidx: Do not assume the tempfile binary exists, check first. - tigerrc, system/Linux/2/check: Make it possible to disable or enable the Debian specific checks using the patch provided by Nicholas Bamber (Closes: 512085) - ./systems/Linux/2/check_listeningprocs: Handle all addresses in the 127.0.0.0/8 range as loopback addresses - scripts/check_signatures: Fix interpretation of md5sum output which was broken in the script -- Javier Fernández-Sanguino Peña Sun, 04 Feb 2018 20:44:04 +0100 tiger (1:3.2.3-14.3) unstable; urgency=medium * Non-maintainer upload. * Teach tiger about cgroup2 (Closes: #843452) * Teach tiger about efivarfs (Closes: #848377) -- Francois Marier Sun, 18 Dec 2016 17:16:39 -0800 tiger (1:3.2.3-14.2) unstable; urgency=medium * Non-maintainer upload. * Teach tiger about fuse.lxcfs (Closes: #829643) -- Francois Marier Sun, 10 Jul 2016 10:21:22 -0700 tiger (1:3.2.3-14.1) unstable; urgency=medium * Non-maintainer upload. * Teach tiger about tracefs (Closes: #791352) -- Francois Marier Sat, 16 Jan 2016 20:41:02 -0800 tiger (1:3.2.3-14) unstable; urgency=low * debian/control: Add Vcs-Browser and Vcs-Git * Acknowledge NMU for 1:3.2.3-12.1 (Closes: #740625) -- Javier Fernández-Sanguino Peña Sat, 28 Nov 2015 12:44:53 +0100 tiger (1:3.2.3-13) unstable; urgency=high * debian/rules: Make a symbolic link to make Tiger work with Linux kernel versions 4 (Closes: #785589) * util/genmsgidx: Try to make build reproducible with patch provided by Daniel Kahn Gillmor that sets the environment variable LC_COLLATE=C when running the ls command (Closes: #792828) * systems/Linux/2/gen_mounts: - Fix typo in sshfs definition (Closes: 7680867) - Added aufs (Debian bug 781171) - Added fuse.s3fs (Debian bug 799753) -- Javier Fernández-Sanguino Peña Sun, 22 Nov 2015 20:22:26 +0100 tiger (1:3.2.3-12.1) unstable; urgency=medium * Non-maintainer upload. * Fix typo in hugetlbfs check (closes: #740625) -- Francois Marier Tue, 14 Oct 2014 23:07:58 +1300 tiger (1:3.2.3-12) unstable; urgency=medium [ Include changes done in upstream's GIT ] * scripts/check_passwd, scripts/check_anonftp, scripts/check_network: Added /usr/sbin/nologin to list of valid nologin shells (Closes: #734775, #717218) (LP: #248844) * systems/Linux/2/deb_checkmd5sums: - Fix the location of dpkg-divert, it has moved from /usr/sbin to /usr/bin (Closes: #732936, #735102) - Do not use dpkg-divert if not available * systems/Linux/2/gen_mounts - Added pstore (Closes: 733832) - Fix typo: hugetlbf --> hugetlbfs (Closes: 729692) - Add fuse.gvfs-fuse-daemon as a filesystem and consider gvfs filesystems as non-LOCAL to be in the safe side. - systems/Linux/2/check_single: Do not assume existance of /etc/inittab" [ Debian specific changes ] * debian/control: Bump standards, no changes required * debian/po/es.po: Fix Language in PO file * debian/po/ja.po: Update PO debconf based on Japanese team review (Closes: #692474) -- Javier Fernández-Sanguino Peña Thu, 23 Jan 2014 00:39:49 +0100 tiger (1:3.2.3-11) unstable; urgency=low * debian/postinst, debian/rules: Do not use example file at /usr/share/doc/tiger for the configuration. Copy the example file to /usr/share/tiger and use it from there instead (Closes: #710068) * debian/rules: - Add the issue and issue.net example files provided into /usr/share/doc/tiger/examples. - Remove auto-generated config files when cleaning just in case Makefile didn't take care of them [ Updated with upstream content in GIT repository. The following is a list of changes relevant to Debian as they close existing bugs. ] * scripts/check_known: Determine properly the kernel version to decide whether to user ifconfig (or not) (Closes: #708360, #709065, #687937) * Make util/mkfilelst a bash script since it uses a sourced script with arguments (Closes: #690644) - Note: We ignore other bashims reported in the bug reported due to the use of HOSTNAME since the Tiger configuration file ensures that the HOSTNAME variable is properly set before using any of these scripts. This variable is defined using the proper binary in the system//config scripts. * systems/Linux/2/services: Update services definition to prevent false positives report on duplicated service names (Closes: #696510) * scripts/check_issue: Do not require there to be administrative-provided files to compare with. If they are not found, warn instead that we have nothing to compare with (Closes: #511970) -- Javier Fernández-Sanguino Peña Thu, 05 Sep 2013 07:11:59 +0200 tiger (1:3.2.3-10) unstable; urgency=low * Update Debian Advisories [ Update with content in latest GIT repository ] * systems/Linux/2/gen_mounts: - Added devtmpfs (Closes: 653416) - Added sshfs and cgroup (Closes: 655276) * tigerrc: - Include support for sha512 password hashes (Closes: #657310) * audit/audit_windows.bat: Update audit script [ Patch provided by Christian Perrier ] * Debconf translations updated: - Dutch, thanks to Jeroen Schot. (Closes: #657283) - Polish, thanks to Michał Kułach. (Closes: #666445) -- Javier Fernández-Sanguino Peña Wed, 18 Apr 2012 19:28:18 +0200 tiger (1:3.2.3-9) unstable; urgency=low * debian/control: - Enhance description - Add Recommends on integrity checking tools [ Take fixes introduced in upstream's GIT]: * systems/Linux/2/config: Add /run/, /run/shm and /run/lock to the list of potentially writable filesystems as these are commonly used as tmpfs (Closes: #633060) * scripts/check_accounts: Sort the user files before joining them (Closes: #624258) * scripts/check_devices - Extend the list of EXPECTEDDIRS to cover /dev/bsg (Closes: #616339) - Do not test symbolic links if they point to regular files. (Closes: #616337) * systems/Linux/2/check_inittab: Improved the check so that it takes into account the availability of /etc/shutdown.allow (Closes: #603199) * systems/Linux/2/check_umask: Fix how UMASK is obtained for login.defs (Closes: 603320) -- Javier Fernandez-Sanguino Pen~a Thu, 08 Dec 2011 01:46:05 +0100 tiger (1:3.2.3-8) unstable; urgency=high * debian/rules: Symlink systems/Linux/3 to systems/Linux/2 to support Linux kernel version 3 (Closes: #635450) * config: Fix bug which prevent it from using the default configuration file if it did not find a proper configuration -- Javier Fernandez-Sanguino Pen~a Thu, 04 Aug 2011 23:25:20 +0200 tiger (1:3.2.3-7) unstable; urgency=low * debian/control: - Add Recommends to tripwire | aide - Review package description * Update to latest CVS: - [multiple files] Fix spelling (Closes: #609203) - systems/Linux/2/config: Add /dev/shm and /lib/init/rw to the writable filesystems (common tmpfs) (Closes: #603338) - systems/Linux/2/gen_mounts: Added xenfs as a valid filesystem (Closes: #615052) - Apply patch by Timo Lindfors to add support for SHA-512 passwords (This is the default used in Debian GNU/Linux squeeze and later releases) (Closes: #581266) -- Javier Fernandez-Sanguino Pen~a Sat, 26 Feb 2011 01:45:50 +0100 tiger (1:3.2.3-6) unstable; urgency=low * systems/Linux/2/gen_mounts: Fix typo in brtfs (Closes: 598792) * tigerrc: Use rsyslogd in the Tiger_Running_Procs definition as it is the default syslog daemon since Lenny (Closes: 544957) -- Javier Fernandez-Sanguino Pen~a Mon, 11 Oct 2010 22:29:03 +0200 tiger (1:3.2.3-5) unstable; urgency=low * system/Linux/2/gen_mounts: Added brtfs (Closes: 598792) * Updated Danish po-debconf translation provided by Joe Dalton (Closes: 596151) * scripts/check_rootdir: Check for inode 2 on ext4 as well as ext2/3. Thanks to the patch provided by Lorenzo De Liso from Ubuntu. * debian/postrm: Clean directories correctly when purging. Thanks to the patch provided by Lorenzo De Liso from Ubuntu. * config: Do not complain before creating the directory if WORKDIR does not exist but it is pointing to a temporary location. This change was prompted by the patch provided by Lorenzo De Liso, but the change is not exactly the same as the one implemented in Ubuntu (which is wrong, as it will try to create the directory twice) (Closes: #589089) Note: The above bug is considered closed even if the patch "Use temporary file instead of hardcoded rcfile for temporary work" is not included as this patch is not accepted. * Remove RCS directories from the source package. -- Javier Fernandez-Sanguino Pen~a Wed, 06 Oct 2010 03:01:20 +0200 tiger (1:3.2.3-4) unstable; urgency=low * Updated Debian Policy to 3.9.0. * Pull fixes from upstream SVN: - Fixed the bashism problem with logical expression in /systems/HPUX/check_trusted. (Closes: #581140). - Added support to recognize fuse.ltspfs for ltspfs file system. Thanks to Alexandre Cavalcante Alencar. (Closes: #587507). * Added debian/tiger.menu file. * Added debian/tiger.desktop file. -- Francisco Manuel Garcia Claramonte Thu, 14 Jul 2010 21:07:17 +0200 tiger (1:3.2.3-3) unstable; urgency=low * Pull fixes from upstream SVN: - Fixed the problem in scripts/check_known checking /*/lost+found/* files with spaces or newline files in their filename, thanks to Dave Rutherford for the patch (Closes: #532826). - Fixed the problem with delete() function in initdefs script, and fixed the problem with temporary file in scripts/find_files script. Thanks to Hannes von Haugwitz for the patch (Closes: #544701). - Added support o detect simfs as local filesystem for OpenVZ systems, thanks to Raimund Sacherer for the patch (Closes: #571944). - Clarify use of Tiger_Running_Procs for check_runprocs in the documentation (Closes: 544957) - Fix syntax error in scripts/sub/check_nousrgrp * debian/debian.ignore: Fix unescape patterns (dots and parenthesis) and decrease processing time by combining and grouping similar rules. Thanks to Moritz Naumann for the patch (Closes: #550512). * debian/changelog: wrap long lines * Lintian fixes to make the package lintian clean - debian/rules: Adjust executable bit to all shell files instead of just to one selection of them. - Add debian/tiger.lintian-overrides to setup overrides for warnings that are not relevant for the package. - debian/rules: Add call to dh_lintian. * Update Debian Advisories * Debconf translations updated: + Czech translation, thanks to Miroslav Kure (Closes: #569694). + Portuguese translation, thanks to the "Portuguese Translation Team" (Closes: #570456). + Russian translation, thanks to Yuri Kozlov (Closes: #570540). + Brazilian Portuguese translation, thanks to Adriano Rafael Gomes (Closes: #570601). + Vietnamese translation, thanks to Clytie Siddall (Closes: #572777). * Debconf translations included: + Added Slovak Debconf translation, thanks to helix84 (Closes: #570289). + Added Italian Debconf translation, thanks to Vincenzo Campanella (Closes: #570747). -- Javier Fernandez-Sanguino Pen~a Mon, 05 Apr 2010 19:57:47 +0200 tiger (1:3.2.3-2) unstable; urgency=low [ Francisco Manuel Garcia Claramonte ] * Thanks to Stefano Zacchiroli for the NMU 1:3.2.2-11.1 and close the bug #544113. * Updated some Debconf translations: + French translation, thanks to Christian Perrier (Closes: #565321). + Swedish translation, thanks to Martin Bagge (Closes: #565497). + Japanese translation, thanks to "Hideki Yamane (Debian-JP)" (Closes: #565615). + German translation, thanks to Erik Schanze (Closes: #568175). + Russian translation, thanks to Yuri Kozlov (Closes: #537918) * Updated to Debian policy 3.8.4 * Fixed the Bashisms problem in the files: + systems/default/check_ndd. Fixed just the problem with the alternative test command. (Closes: #530205) + systems/HPUX/check_passwdspec. (Closes: #530204) * Fixed the problem finding users in scripts/sub/check_suid. (Closes: #438122) [ Javier Fernandez-Sanguino ] * Integrate all patches included in the 3.2.2-11 package release which were missing in 3.2.3-1 and generated regression bugs (Closes: #566893, #567857, #529041) -- Francisco Manuel Garcia Claramonte Mon, 01 Feb 2010 00:09:33 +0100 tiger (1:3.2.3-1) unstable; urgency=low * New upstream release * Updated to Debian Policy 3.8.3 * Updated debhelper dependency version to 7. * Updated debhelper compatibility to 7. * Added myself as Comaintainer, Francisco Manuel Garcia Claramonte * Removed the Diff depends (Closes: #544113, #544041). Thanks to Santiago Vila and Karl Ferdinand Ebert for the patch. * Changes to make the package lintian clean. + Updated dh_clean call to dh_prep in debian/rules. + Added ${misc:Depends} to Depends debian/control field of tiger and tiger-otheros binary packages. + Adjusted executable permissions to some shell scripts. * Removed unneeded commands to create symlinks in debian/rules. * Removed the clear idx file code in util/genmsgidx to allow build the Debian package. * Updated template description to avoid make a question, according to Debian Developer's Reference (6.5.4.2.1). Updated debian/po/* files. Updated spanish translation. * Added commands in debian/rules to remove unneeded Makefiles files in Debian package. -- Francisco Manuel Garcia Claramonte Thu, 03 Dec 2009 21:52:06 +0100 tiger (1:3.2.2-11) unstable; urgency=low * Sort the system/Linux/2/inetd file since 'join' complains about it not being sorted when used in check_inetd (Closes: #524783) * Add symbolic links so users can create the issue and issue.net templates they want to check against when running check_issue in /etc/tiger/ (Closes: #511970) * scripts/find_files: Use patch provided by Khalid Shukri in order to complain from danging symlinks properly so that they can be tiger.ignore'd (Closes: 434333) * debian/debian.ignore: - Add an ignore message to remove the dangling symlinks that are udev-related. - Add an ignore message for /dev/log since world-writable permissions for that file are standard in Debian (Closes: 417939) * initdefs: Change error message when a file value definition is empty * systems/Linux/2/check_umask: More extensive umask checks also covering different analysis for each one of the available shells in order to provide more meaningful information. * systems/Linux/2/check_rcumask: Remove shell login umask definitions from * the file (both bash and csh/tcsh) since these do not apply to the script (i.e. are not init.d related) and add /etc/init.d/rc handling (Closes: 443807) * doc/misc.txt: Add new messages for new umask analysis covered in check_umask * doc/filesys.txt: Add a description of the new warning message introduced by the above patch. * doc/config.txt: Document that this happens also when the configuration * system was not able to define a valid file and set a value for the file definition. * debian/rules: Adjust the permissions of /var/lib/tiger/work and /var/log/tiger/ so that they are 0700. (Closes: #512078) * debian/preinst: Adjust the permissions of /var/lib/tiger/work and /var/log/tiger/ when upgrading so that they are set to 0700. -- Javier Fernandez-Sanguino Pen~a Thu, 21 May 2009 00:26:23 +0200 tiger (1:3.2.2-10) unstable; urgency=low * Fix bug in scripts/check_perms -- Javier Fernandez-Sanguino Pen~a Thu, 07 May 2009 23:55:22 +0200 tiger (1:3.2.2-9) unstable; urgency=low * Use --debconf-ok when calling ucf (Closes: 517798, 521620, 539188) * Update check_release to reflect latest Debian release (Closes: 523700) * Fix systems/Linux/2/config so that it uses /etc/apache2 in Debian if it exists and /etc/apache otherwise. (Closes: 523699) * Change the wording of errors in tigerexp when the variable does not have a value (Closes: 523699) * Throw away errors from executing 'df -t nfs' in scripts/check_network (Closes: 511803) * Linux/2/gen_mounts: Added davfs, fuse and ext4 (Closes: 524722, 498468, 512567) * Update list of Debian advisories -- Javier Fernandez-Sanguino Pen~a Sat, 25 Apr 2009 14:01:26 +0200 tiger (1:3.2.2-8) unstable; urgency=low * Acknowledge NMU (Closes: #503282) * Fix Makefiles so that the explanation index file is generated and distributed properly (Closes: #507028) * system/Linux/2/gen_mounts: - Added ecryptfs, used by ecryptfs-utils (Closes: 506512) - Fix bashism (Closes: #505939, #505939) * Update Standards-Version to 3.8.0: - Added a Homepage field in debian/control * Use debhelper version 5 * Lintian fix: - Comment out DH_COMPAT definition in debian/rules - Fixed debian/watch file used by uscan by adding a version and a proper location for upstream updates -- Javier Fernandez-Sanguino Pen~a Thu, 27 Nov 2008 23:47:16 +0100 tiger (1:3.2.2-7.1) unstable; urgency=medium * Non-maintainer upload. * Patched Makefile.in to make clean and distclean targets use doc/Makefile.in when recursing the clean target. (Closes: #503282) -- Jonny Lamb Fri, 24 Oct 2008 16:14:23 +0100 tiger (1:3.2.2-7) unstable; urgency=low * Fix bashism in check_patches script (Closes: #502672) -- Javier Fernandez-Sanguino Pen~a Sun, 19 Oct 2008 12:45:38 +0200 tiger (1:3.2.2-6) unstable; urgency=medium * Bring changes from CVS to gen_mounts, amongst other fixes: - Adds definitions for the following filesystems: reiser4, securityfs, fuse.gvfs-fuse-daemon, fuseblk, fuse.truecrypt, fuse.encfs, debugfs, afs, configfs, gfs, gfs2, inotifyfs, hugetlb, subfs, futexfs and bind. (Closes: #498203, #483727, #469685, #490344, #490822, #451879) (LP: #155211) - Make it possible to define system-specific local and non-local filesystems through the use of the Tiger_FSScan_Local and Tiger_FSScan_NonLocal variables in tigerrc. - Make it possible to prevent the 'unknown filesystem' warnings through the use of a new tigerrc variable: Tiger_FSScan_WarnUnknown * Use prelink to calculate checksums if present (Closes: #445531, #349391) * Use /var/lib/tiger/work instead of /var/run/tiger/work to be FHS-compliant. It also avoids spamming people using a tmpfs /var/run with warning messages every time it creates its directory. (Closes: #486591) * Use tempfile in the config script to create the RC file if available, the $$ construct is used in a safe directory (WORKDIR) but this way people doing a cursory look at the code will not report (or try to fix, as in Ubuntu) inexistant temp race conditions. * Add code in Makefile.in and doc/Makefile.in (new file) to make it possible to build and remove the HTML files generated from the text files so that we do not distributed autogenerated content. * Also change Makefile.in to make 'all' actually be useful so that the build targets builds binaries (binaries were being built on install instead) * Update list of Debian advisories to current date. * Add a ignore for Debian to prevent Tiger from complaining about fetchmail processes. * Add additional samples for server processes to debian/server.ignore * Remove double linefeed in debian/changelog * Use UCF to handle configuration file changes to prevent prompting when upgrading to tiger versions that change the tigerrc. (Closes: #341595) * Remove stale left file created in /usr/lib/tiger/bin if it exists on purge * Lintian fixes: - Remove coreutils Depends as it is an Essential package - Remove code in postinst related to an ancient bug and associate debconf prompts. - Make the following scripts executable: systems/Linux/1/check, systems/Linux/1/gendlclients, systems/Linux/1/getdisks, systems/Linux/2/update_advisories.sh -- Javier Fernandez-Sanguino Pen~a Tue, 09 Sep 2008 00:28:35 +0200 tiger (1:3.2.2-5) unstable; urgency=low * Acknowledge NMU, which was not acknowledged in the previous package version. - Fix bashism in 'tigercron' script (Closes: #468700) - Bump Standards-Version to 3.7.3. -- Javier Fernandez-Sanguino Pen~a Sun, 31 Aug 2008 14:47:18 +0200 tiger (1:3.2.2-4) unstable; urgency=low * Fix a temp race condition in the genmsgidx script if the system has a tempfile function (Closes: 496415) -- Javier Fernandez-Sanguino Pen~a Tue, 26 Aug 2008 12:00:16 +0200 tiger (1:3.2.2-3.1) unstable; urgency=medium * Non-maintainer upload. * Fix bashism in 'tigercron' script (Closes: #468700) * Bump Standards-Version to 3.7.3. -- Chris Lamb Sat, 12 Apr 2008 04:35:43 +0100 tiger (1:3.2.2-3) unstable; urgency=low * Fix encoding of changelog and copyright files (Closes: #454024) -- Javier Fernandez-Sanguino Pen~a Mon, 11 Feb 2008 22:28:40 +0100 tiger (1:3.2.2-2) unstable; urgency=low * Remove all configuration files on purge, including tiger.default if it exists (which is not a conffile since 1:3.2.1-36 and might be a leftover) (Closes: #455108) -- Javier Fernandez-Sanguino Pen~a Sun, 09 Dec 2007 15:36:44 +0100 tiger (1:3.2.2-1) unstable; urgency=low * New upstream release * Remove debian/ dir from upstream's tarball to prevent FTBFS (Closes: #450479) * Fix scripts: - scripts/check_crontabs, scripts/check_apache, scripts/check_xinetd: Change message calls so that they can be filtered (Closes: #411534) - scripts/check_apache: Fix the way the configuration file is handled to obtain the IP address and port (Closes: 436904) - systems/Linux/2/gen_cron: Handles properly the case when the special @daily,@reboot, etc. definitions are used instead of real times. Also fix bug deailing with variables in crontab contents (Closes: 418440) * Add 'fuse' to the list of valid filesystems (Closes: #449439) * Add Dependency on bsdmainutils to get the COLUMN command (Closes: 448975) * Add Portuguese translation, thanks LuA-sa LourenA§o (Closes: 440372) * Modify update-advisories to skip directories with 'data' in the name * Update the advisories list -- Javier Fernandez-Sanguino Pen~a Thu, 08 Nov 2007 02:20:09 +0100 tiger (1:3.2.1-38) unstable; urgency=low * systems/Linux/2/gen_mounts, vmblock is now recognised as a non-local FS. -- Javier Fernandez-Sanguino Pen~a Wed, 27 Jun 2007 00:46:54 +0200 tiger (1:3.2.1-37) unstable; urgency=low * systems/Linux/2/check_rcumask: Fix syntax error (Closes: #430224) -- Javier Fernandez-Sanguino Pen~a Sat, 23 Jun 2007 15:52:58 +0200 tiger (1:3.2.1-36) unstable; urgency=low * Fix the location of Tiger's default file (Closes: #426182) * Updated the Debian advisories listing (as of today, latest DSA is 1316) * Changed the maintainer's email address * system/Linux/2/check_lilo: run the boot loader check if on amd64 (Closes: #412669) * system/Linux/2/deb_checkmd5sums: Fix the script so that it understands properly the "new" md5sum format (Closes: #412822) * Add new suid files to the list of SUIDs at system/Linux/2/suid_list (Closes: #417330) * scripts/check_devices: Extend the list of EXPECTEDDIRS for Linux to cover udev-specific dirs (Closes: #417940, #420488) * systems/Linux/2/check_rcumask: Skip comment lines defining umask (Closes: 418531) * scripts/check_ftpusers: Skip this check if there is no FTP daemon installed (Closes: #420486) * scripts/check_printcap: Skip this test if CUPS is installed (Closes: #420487) * system/Linux/2/gen_mounts: Added fusectl to the local filesystems (Closes: #409386) * Debconf translations: - Included Dutch translation provided by Bart Cornelis (Closes: #414768) - Included Portuguese translation provided by Luísa Lourenço (Closes: #415534) -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jun 2007 01:04:17 +0200 tiger (1:3.2.1-35) unstable; urgency=low * [scripts/check_rootkit] Send stderr output of chkrootkit to /dev/null to avoid the 'warning, got bogus unix line' messages that netstat might output (Closes: #223847) * Update advisories -- Javier Fernandez-Sanguino Pen~a Thu, 30 Nov 2006 21:42:23 +0100 tiger (1:3.2.1-34) unstable; urgency=low * Linux/2/gen_mounts - Added selinuxfs to local FS (Closes: #397832) * scripts/check_accounts - Redirect find errors in home directories to /dev/null, prevents root being sent errors when using NFS mounted home directories with root_squash. Thanks to Matus Harvan for the patch (Closes: #386163) * Update Debian advisories lists. -- Javier Fernandez-Sanguino Pen~a Fri, 10 Nov 2006 16:01:21 +0100 tiger (1:3.2.1-33) unstable; urgency=low * Fix typo in check_rootkit script, thanks to Michael Cihar (Closes: #385475) -- Javier Fernandez-Sanguino Pen~a Thu, 31 Aug 2006 23:04:43 +0200 tiger (1:3.2.1-32) unstable; urgency=low * Modify config so that it will attempt to create a working directory if it does not exist (Closes: #366919) * [scripts/check_rootkit] Introduce Tiger_CHKROOTKIT_ARGS so that admins can ajust the behaviour of CHKROOTKIT (defaults to '-q') (Closes: #320341) * Include output of chkrootkit when a file is INFECTED (Closes: #277533) -- Javier Fernandez-Sanguino Pen~a Wed, 30 Aug 2006 14:13:42 +0200 tiger (1:3.2.1-31) unstable; urgency=low * systems/Linux/2/deb_checkmd5sums: Fix Ubuntu bug 50611 by excluding dev/ and lib/udev/devices/ from the md5sum test, thanks to Richard Laager for the patch (Closes: #383400) * systems/Linux/2/check_neverlogin: handle users prepended with domains (DOMAIN\user) properly (Closes: #344890) * Update advisories from Debian as of today. * Simplify dependencies (just use coreutils) (Closes: #368713) -- Javier Fernandez-Sanguino Pen~a Thu, 17 Aug 2006 07:51:17 +0200 tiger (1:3.2.1-30) unstable; urgency=low * Fix deb_nopackfiles to kip directories that are symbolic links, this happens with /usr/X11R6/bin as the latest Xorg package versions just symlink this to /usr/bin/ (Closes: #367931, #373790) * Fix deprecated syntax with sort that made the cron job spout warnings. Thanks to Cyril Chaboisseau and Adam James for providing a patch (Closes: #369501) * Fix check_listeningprocs to prevent it from botching when udp6 services are up (Closes: #375165) * Updated information of DSAs (should someday include information based on the DTSA archive but I'd rather use OVAL...) * Add some more TODOs -- Javier Fernandez-Sanguino Pen~a Wed, 5 Jul 2006 02:30:25 +0200 tiger (1:3.2.1-29) unstable; urgency=low * Fix check_accounts to properly review the contents of .forward files. Thanks to Rainer Schopf for the fix (Closes: #329610) * Added cifs to the non local filesystems in gen_mounts (Closes: #329813) * Use TAIL in Linux scripts conforming to POSIX 1003.2-1992 (Closes: #339090) * check_accounts: Add quotation marks to Tiger_Admin_Accounts to prevent errors if empty (Closes: #342181) * check_devices: Handle the special case of having " in filenames by quoting the character (Closes: #355096) * Nice Tigercron by default, users wishing to change the nice can adjust it in /etc/default/tiger (Closes: #334186, #325257, #339655) * Disable signature checks in the default tigerrc since those provided are not updated, debsums is prefered in Debian (Closes: #327486) * Update the list of advisories in debian_advisories * Debconf translations: - Added Vietnamese translation provided by Clytie Siddall (Closes: #322301) - Added Swedish translation provided by Daniel Nylander (Closes: #343731) * Use debhelper compatibility version 4 (it was about time!) * Lintian fix: eliminate duplicate Recommends/Depends on binutils -- Javier Fernandez-Sanguino Pen~a Thu, 20 Apr 2006 23:05:48 +0200 tiger (1:3.2.1-28) unstable; urgency=low * Added a dependency on "| debconf-2.0" as requested by Joey Hess * Use Debhelper compatibility version 4 * Updated to latest CVS code: - gen_passwd_sets: Create a src file if using LDAP (Closes: #319815) -- Javier Fernandez-Sanguino Pen~a Thu, 4 Aug 2005 19:16:22 +0200 tiger (1:3.2.1-27) unstable; urgency=low * Updated to latest CVS code, with some new fixes and patches including: - check_accounts: Check for null $uids before using them in comparisons (Closes: #312080) - check_runprocs: Use comm instead of fname (Closes: #308486) - Linux/gen_mounts: Changed extraction from mount command so it can cope with whitespaces in mount locations, added sanity check and fix a bug that mangled $fs (Closes: #315435) - Makefile.in: install files needed to run tiger -G (Closes: #319468) * German translation update of debconf templates provided by Erik Schanze (Closes: #311857) * Updated to latest batch of Debian advisories -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jul 2005 16:50:33 +0200 tiger (1:3.2.1-26) unstable; urgency=low * Updated to latest CVS code, with some new fixes and patches including: - check_listeningprocs (generic and Linux versions): Proper check for processes in loopback (Closes: #307695) - Linux/check_passwdspec: Better fix for pwd=! (Closes #308141) - Linux/deb_checkmd5sums: Prevent issues with /usr/bin/[ by adjusting GREP calls (Closes #305484) - Linux/gen_mounts: Added auto, udev when using on /dev, capifs and nfsd. (Closes: #305670 #307802 #307887 #308585) Note to self: Bug mount manpages since none of these are listed there... - Linux/gen_passwd: Add LDAP password support with patch provided by Micha Kersloot (Closes: #307505) - Documentation improvements (README.Sources and TODO) -- Javier Fernandez-Sanguino Pen~a Sat, 14 May 2005 12:52:09 +0200 tiger (1:3.2.1-25) unstable; urgency=low * Updated to latest CVS code: - Add afs as a non-local filesystem, and auto as a local filesystem (Closes: #305670) - Improve manpage wording * Provide a default value for Tiger_Running_Procs instead of leaving it empty -- Javier Fernandez-Sanguino Pen~a Thu, 21 Apr 2005 20:09:45 +0200 tiger (1:3.2.1-24) unstable; urgency=medium * Updated to CVS code: - Fixed Linux/2/gen_mounts code which broke with the patches implemented before the previous upload. -- Javier Fernandez-Sanguino Pen~a Mon, 18 Apr 2005 18:23:30 +0200 tiger (1:3.2.1-23) unstable; urgency=low * Updated to CVS code, this changes: - gen_mounts now considers valid and non-local many more filesystems (as described in mount(5)) including devfs (Closes: #304956, #304555, #304557) - check_listeningprocs will now check against both fname and comm and strips the arguments of the command (this is an improvement over the fix done in #288086) - check_network_config properly checks ICMP redirects and the message generation is fixed now it also now checks for local iptables rules (Closes: #304957) - several typo fixes in doc/linux.txt * Updated DSA listing -- Javier Fernandez-Sanguino Pen~a Sat, 16 Apr 2005 22:19:50 +0200 tiger (1:3.2.1-22) unstable; urgency=low * Added some more valid but non-local filesystems ('none', 'binfmt_misc', 'autofs') to gen_mounts (Closes: #302646) -- Javier Fernandez-Sanguino Pen~a Sat, 2 Apr 2005 13:07:07 +0200 tiger (1:3.2.1-21) unstable; urgency=low * Added the sysfs as a valid (local, but not reviewed) filesystem (Closes: #302612) -- Javier Fernandez-Sanguino Pen~a Sat, 2 Apr 2005 01:52:34 +0200 tiger (1:3.2.1-20) unstable; urgency=low * Upgraded to latest CVS sources: - Depend on binutils (Closes: #301451) - (check_rootdir) Do not warn on the inode if the root filesystem is not ext2|3 (Closes: #298305) - (check_runprocs) Use comm instead of fname so that the names of the processes are not truncated (Closes: #288086) - (check_lilo) Only run if running on the x86 architecture (Closes: #288737) - (check_single) Only run if running on the x86 architecture (Closes: #288737) - (check_passwdspec) Fixed password aging check. Separate all checks so that they prevent bugs if pwd="!" (Closes: #297889) - (deb_checkmd5sums) Do not warn if the md5 file is not present in the list file (Closes: #299935) - (deb_nopackfiles) Remove uneeded {} (Closes: #297889) - Also fixes a number of documentation typos fixed by Nicolas Francois * Updated advisories -- Javier Fernandez-Sanguino Pen~a Thu, 31 Mar 2005 17:14:50 +0200 tiger (1:3.2.1-19) unstable; urgency=low * tigercron - Fixed invalid From: header based on Robert Loomans' patch. This bug was introduced by the previous release. (Closes: #287780) -- Javier Fernandez-Sanguino Pen~a Thu, 30 Dec 2004 09:00:19 +0100 tiger (1:3.2.1-18) unstable; urgency=low * systems/Linux/2/check_lilo: - Fixed grub.conf naming (Closes: #286641) * scripts/check_passwd: - Delete temporary passwd files only on exit (Closes: #284899) * debian/server.ignore: - Added a sample ignore line for users accessing a remote server with X11Forwarding set to 'on' (Closes: #284220) * scripts/check_passwdformat: - Maximum user and group length set to 32 (Closes: #283446) (probably needs to be moved to systems/Linux/2/ since it's Debian-specific) * tigercron, tigerrc: - Added Tiger_Mail_FROM feature (Closes: #243517) * Disabling signature checks since they cannot be relied on (use Tripwire, Aide, Samhain, Integrit, bsign or any other intecrity checker instead), moreover deb_checkmd5sums already does it for Debian... (Closes: #274625) * Added Czech debconf translation provided by Miroslav Kure (Closes: #287301) -- Javier Fernandez-Sanguino Pen~a Mon, 27 Dec 2004 19:18:53 +0100 tiger (1:3.2.1-17) unstable; urgency=low * Quoted homedir uses in check_rhosts and check_netrc (Closes: #282211) -- Javier Fernandez-Sanguino Pen~a Sun, 21 Nov 2004 11:56:57 +0100 tiger (1:3.2.1-16) unstable; urgency=low * Updated advisories * Fixed gen_group_sets to work properly in NIS environments for Linux and Tru64 (Closes: #281608) * Fixed eval in check_accounts so that find is _only_ executed for users which are not part of Tiger_Admin_Accounts, this prevents Tiger from going and using remote filesystems (i.e. /var/autofs/ because in Debian 'operator' has /var as his home dir). It also should speed up this check a lot. This shows why Tiger_Admin_Accounts is a bad idea and Tiger_Accounts_Trust should be used instead (or add a Tiger_Accounts_Admin) (Closes: #280653, #280654) -- Javier Fernandez-Sanguino Pen~a Wed, 17 Nov 2004 15:15:21 +0100 tiger (1:3.2.1-15) unstable; urgency=low * Lintian fixes: - Updated Standards-Version - Removed cvs conflict copy files - Changelog is now UTF-8 * Use C locales to avoid scripts/check_system from breaking up (Close: #270108) * deb_checkmd5sums's regexep now excludes usr/share/doc/ (Closes: #264111) -- Javier Fernandez-Sanguino Pen~a Mon, 13 Sep 2004 11:12:08 +0200 tiger (1:3.2.1-14) unstable; urgency=low [ as suggested by Tilman Koschnick ] * Allow delete() to remove files from LOGDIR so that reports generated by tiger -e are removed proplerly (Closes: #262523) * Symlink /usr/lib/tiger/tigexp to /sbin/tigexp so that tiger -e works (Closes: #262518) -- Javier Fernandez-Sanguino Pen~a Sun, 1 Aug 2004 18:19:18 +0200 tiger (1:3.2.1-13) unstable; urgency=low * Updated to CVS changes which fix a problem in the gen_passwd_sets script which would make duplicates appear in the passwd files. Thus generating a lot of false positives (in the check_passwd script) Also removes some other duplicates in the check_passwdformat script and updates the Debian advisories listing. -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jun 2004 21:25:27 +0200 tiger (1:3.2.1-12) unstable; urgency=low * Updated to latest CVS code fixing: - [check_known] Do not call LS directly with all files but use a for loop (Closes: #246600) - [deb_nopackfiles] Made the dirlist variable so that directories which do not exist are not checked for (Closes: #254574) -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jun 2004 13:58:24 +0200 tiger (1:3.2.1-11) unstable; urgency=low * Updated to latest CVS code which fixes: - [check_accounts] Try to avoid eval problems if user/shells/directories contain non-empty (but invalid) characters (such as space) (Similar changes in some other scripts to avoid breakage in similar situations) (Closes: #246987) - [check_passwd] Define Tiger_Passwd_Hashes if not defined (Closes: #246885) - [deb_checkmd5sums] Fixed patch provided by Chung-chieh Shan (Closes: #234811) * Remove check_finddeleted from the default configuration since it is prone to a lot of false positives, also, it depends on LSOF (which is only recommended). I will reenable this sometime in the future and (maybe) provide a Debian-specific script to just monitor for daemons that are using outdated libraries (Closes: #249331) * Send filesystem scans error output to /dev/null (need to fix this in scripts/find_files by not following symbolic links that point nowhere, this is an interim fix) -- Javier Fernandez-Sanguino Pen~a Thu, 20 May 2004 09:31:23 +0200 tiger (1:3.2.1-10) unstable; urgency=low * Removed evals from tigerrc and make proper sourcing in Tiger_PATH_OK_Group_Write (Closes: #236419) -- Javier Fernandez-Sanguino Pen~a Sat, 6 Mar 2004 11:00:55 +0100 tiger (1:3.2.1-9) unstable; urgency=medium * Added Danish debconf translation (Closes: #235066) * Fixed errors in check_finddeleted (Closes: #235951) * Added some more common servers to the server.ignore example * Fix error in deb_checkmd5sums with patch from Chung-chieh Shan which avoids failure on packages whose names contain "." (Closes: #234811) * Minor change in check_passwd to detect if no shell is defined for a given user (as suggested by raoul bhatia) -- Javier Fernandez-Sanguino Pen~a Wed, 3 Mar 2004 13:13:05 +0100 tiger (1:3.2.1-8) unstable; urgency=low * check_rcumask: Proper warning if no umask settings are defined (Closes: #234661) -- Javier Fernandez-Sanguino Pen~a Wed, 25 Feb 2004 20:39:16 +0100 tiger (1:3.2.1-7) unstable; urgency=low * Updated from CVS which includes a number of improvements including the following (relevant to Debian bugs): - Added more information on check_finddeleted regarding how to use it and remove spurious errors. This script will not give false positives any longer on some special characterr) files like /dev/console or /dev/null and has reduced its output to something more managable (there is only one message per deleted file now) (Closes: #232704,#231148, #225112) - Fixed password definitions adding the 'g-Z' 'A-Z' and '.' sets (Closes: #227596) - Many scripts now controls YPCAT errors to printing errors in hosts that are not properly configured. (i.e. nsswitch.conf is defined to use NIS but there's no NIS host) Errors are redirected to /dev/null when YPCAT is not required as many systems do not include it, specially in Debian. (Closes: #225910) - Check_crontab will only warn if neither cron.allow or cron.deny exist (Debian bug #226362) * Default cronrc no longer runs check_finddeleted as often since it's prone to false positives (even if it can be customised through the ignore mechanism, see /usr/share/doc/tiger/examples/server.ignore) * Added French template translation provided by Christian Perrier (Closes: #226883, #224700) * Fully translated the spanish template. * Updated to include latest Debian advisories. * debian/rules now uses mandir (/usr/share/man/) in configure call. -- Javier Fernandez-Sanguino Pen~a Tue, 24 Feb 2004 21:21:19 +0100 tiger (1:3.2.1-6) unstable; urgency=low * The cron.d taks will only run if tigercron is executable, this avoids cron.d from running tiger if it has been removed but not purged (thanks to Thomas Lange for noticing this mistake) * Included patch from Nicholas François which makes Tiger not warn on manpage files purged through localepurge (Closes: #219728) * Added To: line in tigercron (Closes: #218363) * Added Japanese translation contributed by Hideki Yamane (Closes: #224185) -- Javier Fernandez-Sanguino Pen~a Sat, 20 Dec 2003 13:49:38 +0100 tiger (1:3.2.1-5) unstable; urgency=low * Updated from CVS to fix reported bugs: * fixed typo in check_lilo (Closes: #221470) * This update also provides a number of fixes/enhancements which will be available in the next release: * check_crontabs adds more information in messages * check_inetd does not report the services as not protected if TCP wrappers are undefined * per interface promiscuous detection with 'ip' for more accurate results in check_known * check_passwd message fix * shadow password check is no longer in check_passwdformat (move to account checks) * check_rootdir checks ownership * check_services will not misreport for services not defined * check_ssh needs to run through bash * check_xinetd fixes syntax error * YP -> YPCAT in all operating systems * Proper definitions for AIX * HPUX fixes * Tiger now runs check_xinetd or check_inetd depending on which configuration file is available. -- Javier Fernandez-Sanguino Pen~a Sat, 6 Dec 2003 22:10:02 +0100 tiger (1:3.2.1-4) unstable; urgency=low * Updated from CVS sources to fix reported bugs * Updated check_root so mesg check is not done when running in cron (Closes: #218056, #220924) * Updated check_lilo now locates grub file properly (Closes: #218771) * Updated check_passwd fixes syntax error (Closes: #219086) * deb_checkmd5sums detect local diversions and avoid problems with duplicate conffiles (Closes: #219727, #220325) * check_release fixed typeset bashism (Closes: #219764) * deb_checkmd5sums now uses -F to avoid warning on /usr/bin/[ (Closes: #220946) * config add sendmail_cf location * Updated advisories list. -- Javier Fernandez-Sanguino Pen~a Sun, 16 Nov 2003 13:10:08 +0100 tiger (1:3.2.1-3) unstable; urgency=low * Updated from CVS sources to latest Tiger changes including: - Check_rootkit no longer complains if chkrootkit is not installed (Closes: #215885) - Fixes check_network_config return values (Closes: #215891) - Fixes inittab's false positives (Closes: #215872) - Fixes bashisms ini scripts (Closes: #215896) - Fixes initdefs delete() in order for check_chkrootkit removal to work properly (Closes: #215882) * Debian/rules now sets SHELL=/bin/bash (Closes: #198856) * Updated to latest advisories * Now depends also on coreutils (X | corerutils) (Closes: #215487) * Added device baseline to debian.ignore (Closes: #194956) * Removed check_sendmail from check.tbl so that it does not get run by check_system (Closes: #2158739) -- Javier Fernandez-Sanguino Pen~a Sun, 19 Oct 2003 23:56:50 +0200 tiger (1:3.2.1-2) unstable; urgency=low * The "Happy Birthday! (to me)" Release, now uploaded to unstable. * New upstream version, which includes is fully integrated with TARA 3.0.3 and provides quite a number of bugfixes, checks and new documentation. * Changes relevant to reported Debian bugs include: - Adds support for diversions and conffiles in deb_checkmd5sums (Closes: #211329, #162589) - Provides documentation for check_logfiles (Closes: #195192) - Adds support for HP-UX in several scripts (Closes: #195200, #197220) - Changes gen_passwd_sets under Linux to identify des or md5 (Closes: #197221) - Removes debug messages from check_rootdir (Closes: #197219) - Added tigercron.8 manpage (Closes: #148291) - OS-specific scripts are run before generic ones, since the Linux version of check_listeningprocs is different than the generic one it will be prefered and run (Closes: #200778) - Deb_nopackfiles no longer uses long arguments in the grep call and has been speed-optimized (Closes: #201577) - Deb_nopackfiles also now sends FIND errors to void since they are not used and might confuse users who do not have X installed (Closes: #207904) - check_path now uses -L to follow symlinks (Closes: #161993) - Adds new password check for empty passwords (Closes: #197228) - Fixed typo in accounts.txt spotted by Philipp Weis (Closes: #211793) - check_passwdformat provides an improved message and allows daemon in uid 1 (Closes: #211328) - also, check_passwdformat now will not warn on lenght issues for locked users. (Closes: #211327) * Added -XMacOSX to exclude the new OS provided upstream. * Modified debian/rules to move the MacOSX and Tru64 directories to tiger-otheros * Added patch for new po-debconf format (Closes: #186800) * (but changed it so that the 'root' user is not translatable) * Updated to latest Debian advisories. * Forced to start using epochs due to how I messed the experimental packages (3.2.1rcX > 3.2.1!) -- Javier Fernandez-Sanguino Pen~a Fri, 10 Oct 2003 19:19:36 +0200 tiger (3.2.1-1) experimental; urgency=low * New upstream version, which includes is fully integrated with TARA 3.0.3 and provides quite a number of bugfixes, checks and new documentation. * Changes relevant to reported Debian bugs include: - Adds support for diversions and conffiles in deb_checkmd5sums (Closes: #211329, #162589) - Provides documentation for check_logfiles (Closes: #195192) - Adds support for HP-UX in several scripts (Closes: #195200, #197220) - Changes gen_passwd_sets under Linux to identify des or md5 (Closes: #197221) - Removes debug messages from check_rootdir (Closes: #197219) - Added tigercron.8 manpage (Closes: #148291) - OS-specific scripts are run before generic ones, since the Linux version of check_listeningprocs is different than the generic one it will be prefered and run (Closes: #200778) - Deb_nopackfiles no longer uses long arguments in the grep call and has been speed-optimized (Closes: #201577) - Deb_nopackfiles also now sends FIND errors to void since they are not used and might confuse users who do not have X installed (Closes: #207904) - check_path now uses -L to follow symlinks (Closes: #161993) - Adds new password check for empty passwords (Closes: #197228) * Added -XMacOSX to exclude the new OS provided upstream. * Added patch for new po-debconf format (Closes: #186800) -- Javier Fernandez-Sanguino Pen~a Fri, 19 Sep 2003 02:33:00 +0200 tiger (3.2-4) unstable; urgency=low * Updated to latest debian advisories * Modified postinst so it does not break when a user enters an e-mail address which includes a @ by using sed instead of Perl (Closes: #194955) * Included a check to only ask the debconf tiger/mess question if there is any cruft from previous versions. * Fixed check_logfiles including some of the things provided by Ryan Bradetich and some other fixes to make it output less false positives on Debian GNU/Linux (Closes: #195199) * Fixed regular expression in Linux's config to support some older versions of fileutils (Closes: #197218) -- Javier Fernandez-Sanguino Pen~a Fri, 20 Jun 2003 21:16:02 +0200 tiger (3.2-3) unstable; urgency=low * Modified util/difflogs to sort files in order to not report spurious differentes. * Fixed tigercron (again), since the previous fix was not done ok. -- Javier Fernandez-Sanguino Pen~a Mon, 12 May 2003 22:52:15 +0200 tiger (3.2-2) unstable; urgency=low * Fix tigercron which was broken upstream (when the echo was removed). This broke the IDS functionality since tigercron never checked for changes! -- Javier Fernandez-Sanguino Pen~a Sun, 11 May 2003 21:26:04 +0200 tiger (3.2-1) unstable; urgency=low * New upstream version - False positives in services fixed (Closes: #132278) - Check_exports produces proper output (Closes: #162453) - Checks have been separated, now each check file prints it's comment (Closes: #165766) - Using the new ignore mechanism (better than the differential mechanism) this package now provides a baseline for Debian GNU/Linux, hopefully this will make Matt test again this package :-) (Closes: #164308, #172375) - The new ignore mechanism can now be used to avoid false positives, please customize as needed and read the notes on the check_listeningprocs script (Closes: #136991) - Tigexp now gets modified by the Makefile (Closes: #189864) * Fixed dh_make boilerplate * Changed debian/rules to 'mv' the systems to tiger-otheros * Added tiger.ignore to conffiles * Modified Makefile so that it installs scripts with proper (fixed) permissions * Updated Debian advisories (with update-advisories) * Fixed syntax error in check_issue (thanks to lintian!) * Added logo to the docs (!) * Fixed error in IRIX script -- Javier Fernandez-Sanguino Pen~a Sat, 10 May 2003 00:47:51 +0200 tiger (3.2rc3-3) experimental; urgency=low * Added -q option to be used when running tigercron -- Javier Fernandez-Sanguino Pen~a Sat, 26 Apr 2003 13:41:35 +0200 tiger (3.2rc3-2) experimental; urgency=low * Fixed cron to tigercon in the cron.d file -- Javier Fernandez-Sanguino Pen~a Wed, 23 Apr 2003 22:02:07 +0200 tiger (3.2rc3-1) experimental; urgency=low * New release candidate. -- Javier Fernandez-Sanguino Pen~a Wed, 23 Apr 2003 13:30:32 +0200 tiger (3.2rc2-1) experimental; urgency=low * Experimental version, fixes bugs but might introduce new ones. -- Javier Fernandez-Sanguino Pen~a Mon, 21 Apr 2003 17:57:40 +0200 tiger (3.2rc1-1) experimental; urgency=low * New upstream version - False positives in services fixed (Closes: #132278) - Check_exports produces proper output (Closes: #162453) - Checks have been separated, now each check file prints it's comment (Closes: #165766) - Using the new ignore mechanism (better than the differential mechanism) this package now provides a baseline for Debian GNU/Linux, hopefully this will make Matt test again this package :-) (Closes: #164308, #172375) - The new ignore mechanism can now be used to avoid false positives, please customize as needed and read the notes on the check_listeningprocs script (Closes: #136991) - Tigexp now gets modified by the Makefile (Closes: #189864) -- Javier Fernandez-Sanguino Pen~a Wed, 16 Apr 2003 00:29:45 +0200 tiger (3.1-5) unstable; urgency=low * Included some of the changes that will be in the next Tiger release * Config now sets the locale to POSIX (just in case it breaks some tests) * Check_listeningprocs now works with multiple program names (Closes: #164898) * Recovered the fixes from 3.0-2 which has made an old bug surface (Closes: #164307, #166176, #166744) * Updated to latest advisories * Removed debugging output from systems/Linux/2/check_neverlogin -- Javier Fernandez-Sanguino Pen~a Mon, 28 Oct 2002 17:51:03 +0100 tiger (3.1-4) unstable; urgency=medium * Fixed LOGDIR in tigercron.in which was making templates not work. * Remove all the /var/log/tiger* files.. sorry for the mess :( * Added a new configuration note in order to ask the user for the removal of the previous files instead of removing them without asking. -- Javier Fernandez-Sanguino Pen~a Mon, 14 Oct 2002 15:30:03 +0200 tiger (3.1-3) unstable; urgency=low * Removed DSA update in the package build (Closes: #164216) * Updated to latest DSAs -- Javier Fernandez-Sanguino Pen~a Fri, 11 Oct 2002 09:09:43 +0200 tiger (3.1-2) unstable; urgency=low * Added Build-Depends on autoconf since it's the only new thing for building that has been included upstream. (Closes: #163969) -- Javier Fernandez-Sanguino Pen~a Thu, 10 Oct 2002 12:48:25 +0200 tiger (3.1-1) unstable; urgency=low * New upstream release which includes some fixes for Debian bugs such as the "don't regenerate index" (Closes: #162590) * Made debian/rules update automatically the advisories file (which is now named debian_advisories so the previous chmod -x is not needed) * Automatically remove CVS dirs from the package (Closes: #154343) * Fixed bashisms in check_rcumask (Closes: #159444) * Changed check_passwd to not send false positives in Debian, it should be fixed, however to support PAM too (Closes: #162593) * Updated DSAs are now available -- Javier Fernandez-Sanguino Pen~a Thu, 25 Jul 2002 19:37:41 +0200 tiger (3.0-3) unstable; urgency=low * Updated to latest advisories. -- Javier Fernandez-Sanguino Pen~a Wed, 7 Aug 2002 10:33:47 +0200 tiger (3.0-2) unstable; urgency=low * Changed Linux' config file so that it sets LSGROUPS to nothing Due to a change in fileutils-4.1.1 which changed the standard behavior from "showing groups (but really doing nothing)" to "not showing the owner" ! (Closes: #155588) * Modified config to set the environment properly (this was the first workaround I tried for the previous bug, didn't fix it but it seems better to leave the locale's environment, just in case...) -- Javier Fernandez-Sanguino Pen~a Tue, 6 Aug 2002 17:06:01 +0200 tiger (3.0-1) unstable; urgency=low * New upstream release (based on savannah sources) * Fix in order for deb_checkmd5sums to work with all sources (it was limited due to a stupid bug) * Included latest DSA advisories * The new package provides a *very* short diff since changes regarding Debian are added to the upstream sources too. -- Javier Fernandez-Sanguino Pen~a Tue, 18 Jun 2002 13:28:18 +0200 tiger (2.2.4p2-5) unstable; urgency=low * Added a GPL header to all the important scripts/files used by the program (this means /, /scripts and /systems/{default,Linux}. This was a requirement for adding tiger as a new project to the savannah site. (probably next upstream version and Debian diff file will be reduced since I intend to make the current Debian codebase upstream's 2.2.4p3) * Added a new check scripts/check_runprocs (not currently configured to run since it needs sysadmin to configure tigerrc properly to determine which processes should be checked for) * Added some more information to the README.Debian file and rewrote some paragraphs. * Written some notes on how to use Tiger as a host IDS. * Chmod'ed many scripts in order to avoid lintian warnings. * Changed tiger so it first reads tigerrc in the local directory (useful for testing the package without installing or to use the tar.gz in other environments) * Fixed the scripts/check_anon in order to test if ftphome/etc/passwd exists before grep'ing it. -- Javier Fernandez-Sanguino Pen~a Tue, 11 Jun 2002 23:02:12 +0200 tiger (2.2.4p2-4) unstable; urgency=low * Incorporated TARA changes including: - Changed acc006 from FAIL to WARN (scripts/check_accounts). - Added -H option for HTML output. - Fixed scripts/check_cron for problems in entries. - Fixed scripts/check_exports to avoid false positives. - Fixed scripts/check_path due to problems with parse_csh. - Change scripts/check_perm to not warn when owner is bin and changed calls of echo to message(). - Made some of the changes provided by ARC in scripts/check_inetd (save for the SORT and JOIN changes which do not seem to work) - Changed scripts/sub/check_devs to work with IRIX 6.5 - Changed GROUPS to GROUPSS as ARC team does since it (might) be a readonly variable in some shells (see bash(1)). Even though it is not used in any script. * Created a new package to provide all the scripts for other operating systems (Warning: you still need to compile the C programs: getpermit, md5, realpath, snefru and testsuid in those platforms for tiger to work fully). * Added Tiger_Check_SYSTEM to the distributed tigerrc * Added some Linux specific checks (gdm, xdm) in scripts/check_root * Created (new) systems/Linux/2/check_inittab script (for ctraltdel issue from Bastille). * Created (new) systems/Linux/2/check_rcumask script to check umask settings for the RC boot scripts. * Created (new) scripts/check_ftpusers script to check for administrative users that are allowed access in the FTP server. * Created (new) scripts/check_tcpd script to check for changes in the way inetd services are being protected through the use of tcp_wrappers. This script has been written based on check_inetd. * Modified scripts/check_sendmail to check for sendmail.cf's banner * Note. This new scripts have not been added to the cron entry. They will only be run when running the 'tiger' script. * Written some README files: howto write modules (README.writemodules),. how much time does it take for scripts to run (README.time), and information on making signatures (README.signatures) * Changed tigexp to work if issued -F with no second argument -- Javier Fernandez-Sanguino Pen~a Sun, 26 May 2002 01:58:53 +0200 tiger (2.2.4p2-3) unstable; urgency=low * Fixed typo in spanish template description. -- Javier Fernandez-Sanguino Pen~a Tue, 14 May 2002 13:49:33 +0200 tiger (2.2.4p2-2) unstable; urgency=low * Fixed filesystem permissions (execution bit) for Linux specific scripts * Changed scripts/check_anon to avoid error when checking for $ftphome/etc/passwd. * Updated security advisories. -- Javier Fernandez-Sanguino Pen~a Fri, 10 May 2002 09:55:41 +0200 tiger (2.2.4p2-1) unstable; urgency=low * This is the "I finally merged with Bryan Gartner's tarball" release * Cosmetic upgrade in version number due to too many changes in the sytem specific checks (AIX, Solaris et al.) derivated from tara sources. (thus this release might be labeled "new upstream", avoid 2.2.4p1 since it is used in TAMU's distribution) * Updated to latest debian DSAs. * Next release will have a new package to provide all the scripts for other Operating systems so that a central Debian server can be used with network filesystems as a single point of script distribution. * Included tara's new check and scripts checks: devices, issue, lilo, logfiles, network, patches, release, root, rootdir, single and tripwire_run (this last one is deactivated in Debian since the package, if installed, will do the checks) * Included the following systems without changes: AIX-4, IRIX-{4,5,6}, Linux-1, Next-3, UNICOS, UNICOSMK * Instead of cp'ing all the SunOS files I ln -s all directories that were equal in order to reduce space in the source package (and diff) * Included the two new utils to convert into HTML * Changed realpath.c, snefru.c as described in CHANGES.ARSC * Merged patches from ASCR in files: check_accounts, check_cron, check_group, check_inetd, check_passwd, check_sendmail, systems/Linux/2/gen_mounts, tiger. * Updated scripts (not changed in Debian): check_path * Fixed Linux's gen_cron to include CRONSPOOL and fixed systems/Linux/2/config to properly configure it (was set to /usr instead of /var) since it was not used this was not detected until now. * Updated the tiger configuration file (tigerrc) * Updated the manpage tiger.8 * Moved check_listening from Linux-specific to all the generic location (since it will work in any UNIX system with NETSAT). Changed tigerrc accordingly adding Tiger_Check_LISTENING variable and renaming the previous variables for this check. * De-activated RedHat's specific (and written in Perl) check_network script. TODO: rewrite it in shell script and remove RedHat-specific stuff. * Moved the Linux specific checks provided by Paul Telford to systems/Linux/2/ since they are not appropiate to other systems (for consistency) * Fixed check_release as provided by Paul Telford (some typos and not correctly programmed) * Applied some of the changes described in the Changes.ARSC. It seems these were not included in the TARA distribution (for some reason). REMINDER: ask for these to the ARSC team. * Fixed check_sendmail's pattern matching (wrong reports on dates) and made it properly Y2k. * Fixed (again) the postinst... let's see if I get it right this time... * Moved the FQDN check from 'tiger' to 'config' (since it is used by both tiger and tigercron) -- Javier Fernandez-Sanguino Pen~a Tue, 30 Apr 2002 16:16:31 +0200 tiger (2.2.4-22) unstable; urgency=low * This is the "Yes, I was on vacation fixing bugs release (I)" * Applied patch Marcel that fixes some long-standing issues, did not change BASEDIR to basedir since it should work that way but *did* change typo which made diff's against previous run not to work (Closes: #139221) * Fixed Linux/2/gen_export_sets tpo (Closes: #139667) * Modified Linux/2/config so that findcmd() looks first for binaries generated by Tiger, including realpath (Closes: #139669) * Modified deb_checkmd5sum to "understand" locale.nopurge configuration. Currently experimental, but seems to work fine. Admins that fixed this through templates will, however, have to remake them (Closes: #123891) * Since realpath's Linux does not work as tiger's realpath -d, removed it from the Recommends: (use tiger's instead) * Added -u option in gen_listeningprocs (UDP sockets are not shown if using netstat, this was an unreported bug) * Added warning to the tigerrc regarding user's Tiger_ListeningProc (will not work if using NETSTAT and not LSOF) * Added the Tiger_Check_EVERYLISTENING option which will report if a service is listening on *all* interfaces, default is Y, if set to 'N' only processes run by users different from Tiger_ListeningProcs will be reported. Changed gen_listeningprocs for this to work (Closes: #138855) * Changed the name of gen_listeningprocs to check_listeningprocs (more proper and consistent) * Provided some more documentation in the tiger.8 manpage detailing which modules are available * Check_listeningprocs has been modified to allow it to not warn on processes when using the Tiger_Listening_ValidProc variable in /etc/tigerrc this allows admins to remove processes which can dynamically change TCP/IP port (Closes: #134085) * Changed Tiger_Listening_Proc to Tiger_Listening_ValidUser (more precise). WARNING: Postinst will not change this from the config file! * The changes introduced in check_listeningprocs as well as the check-against-template behavior configuration will (hopefully) reduce greatly false positives if properly configured (Closes: #126635) * Set Tiger_Check_CRACK to 'N' by default and removed cron job since this feature does not work. Added 'john' Recommends: since the Debian package does provide that feature by itself. * Added check_sendmail to SCRIPTS in the Makefile (it was not being installed, unreported bug) -- Javier Fernandez-Sanguino Pen~a Wed, 27 Mar 2002 14:31:14 +0100 tiger (2.2.4-21) unstable; urgency=low * Changed deb_nopackfile so it also checks the diversions file (Closes: #129343) * Fixed deb_md5sums to work with files with namespaces by using quotes properly (Closes: #129339) * Updated Debian Advisories (cvs, xsane...) -- Javier Fernandez-Sanguino Pen~a Mon, 4 Mar 2002 21:15:25 +0100 tiger (2.2.4-20) unstable; urgency=low * Fixed check_known's grep which did not work on Solaris boxes... * Fixed systems/SunOS/ so that it can find the CUT command too * Changed scripts/check_known to use HEAD instead of TAIL in the mail spool checks (Closes: #135202) * Changed scripts/check_anon to check if the ftp user is in the system's passwords (Closes: #135205) * Added proper dependecies (based on systems/Linux/2/config) (Closes: #128796) * Added an Tiger_Output_FQDN option so that it uses hostname -f as the system name for reports (Closes: #129526) * Added version.h to the package in order for tiger to determine the current Tiger version. * Fixed debconf note (Closes: #136298) * Added an alternative (and better) template location: /etc/tiger/templates * Updated Debian DSA's -- Javier Fernandez-Sanguino Pen~a Fri, 1 Mar 2002 09:50:19 +0100 tiger (2.2.4-19) unstable; urgency=medium * Fixed gen_listeningprocs typo and added SORT to reduce output -- Javier Fernandez-Sanguino Pen~a Wed, 9 Jan 2002 19:20:19 +0100 tiger (2.2.4-18) unstable; urgency=low * Fixed the deb_nopackfiles so it uses -x -F and will not be confused by strange file names (i.e. [) this also avoids filenames being interpreted as regular expressions (Closes: #126569) * Fixed deb_md5sums so it does not follow symlinks (sometimes they get followed to unexistant files) * Modified check_accounts so that it does not give warnings for accounts of uid < 999 (system accounts in Debian GNU/Linux) by introducing a new tigerrc variable (Tiger_Accounts_Trust) * Added tiger-2.2.3p1-patch from TAMU * Added some more info to the debian/copyright file * Added the fix_tiger_GROUPS.sh script to a "contrib" area * Added -p option to netstat and reduced output with grep -v STREAM :) * Improved gen_listeningprocs so only uniq processes are shown listening to the same socket, also, UDP sockets are now listed too with lsof and netstat * Fixed check_inetd so it does not do a 'set' when an empty line is found * Modified difflogs intensively since it was not working properly, added a new feature and varialbes in tigerrc so that cron jobs can be compared against "template" (policy-compliant?) runs. This can reduce false positives even if they cannot be reduced in a given module. * Added configurable Tiger_Listening_Procs for gen_listeningprocs to customize for local security policy (Closes: #126635) * Added debconf note (borrowed from snort) to configure mails receiver (Closes: #122256) * Added debconf note to warn the user to adapt to security policy * Fixed lintian errors. * Update DSAs -- Javier Fernandez-Sanguino Pen~a Wed, 26 Dec 2001 13:48:13 +0100 tiger (2.2.4-17) unstable; urgency=high * Fixed typo in systems/Linux/2/gen_passwds_setgs (aggggh!! introduced when nisplus was commented out) -- Javier Fernandez-Sanguino Pen~a Wed, 26 Dec 2001 10:18:53 +0100 tiger (2.2.4-16) unstable; urgency=medium * Added -rf to prerm script when purging. * Commented nisplus from the gen_passwd_sets since there is no NISCAT in Linux * Fixed scripts/check_known so it works properly in NIS environments. now uses the passwd_set properly instead of passwd_source -- Javier Fernandez-Sanguino Pen~a Fri, 21 Dec 2001 09:57:28 +0100 tiger (2.2.4-15) unstable; urgency=low * Changed gen_passwd_sets for Linux so it now recognises NIS/NISPLUS and does not depend on shadow passwords being installed (Closes: #113132, #125792) * /etc/cron.d/tiger now listed in conffiles (Closes: #124142) -- Javier Fernandez-Sanguino Pen~a Thu, 20 Dec 2001 10:33:16 +0100 tiger (2.2.4-14) unstable; urgency=high * Updated the services file and modified the check_inetd scripts so now it only warns if several services share port numbers (the check was originally made to only handle one service per port) (Closes: #123730) -- Javier Fernandez-Sanguino Pen~a Thu, 13 Dec 2001 10:36:37 +0100 tiger (2.2.4-13) unstable; urgency=low * Fixed tigercron shell problem which made it not work properly (Closes: #123116) * Setup tigerrrc so that Tiger_DPKG_Optimize defaults to 'Y' -- Javier Fernandez-Sanguino Pen~a Mon, 10 Dec 2001 11:34:06 +0100 tiger (2.2.4-12) unstable; urgency=high * Fixed cronrc so CPU consuming tasks are run once a day (Closes: #122378) * Fixed check_passwd so that uids and usernames are looked for correctly (Closes: #122391) * Updated services file (Closes: #122338) * Fixed file control list (Closes: #122337) * Updated Debian Security Advisories * Provided new (untested) method to bypass DPKG in some tests through the $Tiger_DPKG_Optimize variable in tigerrc (default N) (Closes: #122678) * Changed deb_nopackfiles and deb_checkadvisories to work in optimize and non-optimize method (using grep, cut, et al in the /var/lib/dpkg area) * Fixed Debian specific scripts (==) * Fixed Linux's gen_export_sets (nobody yelled yet, but it did not work in the previous release) * Fixed deb_checkadvisories so it correctly located the list of packages (Note: takes too much time currently to finish) -- Javier Fernandez-Sanguino Pen~a Fri, 7 Dec 2001 10:12:36 +0100 tiger (2.2.4-11) unstable; urgency=medium * Changed file_access_list for Linux so /etc/aliases can be world readable (Closes: #112159) * Fixed getuserhome command so it does not return directories beginning with ~. This fixes tiger from incorrectly guessing the ftp directory (Closes: #121800, #114008) * Fixed /var/run/utmp file permissions to follow Debian standards (Closes: #121501, #112217) * Fixed config.tbl since Debian-specific scripts were not being run. * Fixed gen_passwd_sets so it now understands MD5 passwds (Closes: #112170, #117342) * Fixed disk device checks in check_perm so that it does not complain for /dev/hd* which belong to group 'disk' (Closes: #112218) * Changed the postrm script so all files are removed on purge (Closes: #116267) * Changed MAILER from mail to sendmail so we can send 'Subject' and 'From' (Closes: #120679, #121681) * Fixed tigercron so mails get sent properly with a From line, since the information is now sent to the mailer and not to the Tiger log no mails should be sent out if they do not include useful information (tiger takes care of diffing out reports) (Closes: #114334, #113588) * Added Recommends on mail transport agent since it's used for cron reporting. * Fixed gen_export_sets for Linux so it properly warns when using Linux's /etc/exports * Added a tag in tigerrc to disable reporting when nothing important happens (Closes: #113588) * Changed check_passwd so it now says how many times uids or usernames appear repeated (Closes: #117117) -- Javier Fernandez-Sanguino Pen~a Sun, 2 Dec 2001 16:21:16 +0100 tiger (2.2.4-10) unstable; urgency=low * Updated the Debian Security Advisories checked for. * Removed non-Linux systems (Closes: #111038) * SCRH line of findcmd is now fixed (Closes: #112216) * Fixed services file for Linux (Closes: #115031, #114033) -- Javier Fernandez-Sanguino Pen~a Sun, 2 Dec 2001 16:21:16 +0100 tiger (2.2.4-9) unstable; urgency=low * Added From: header to the tiger cron output -- Javier Fernandez-Sanguino Pen~a Wed, 26 Sep 2001 01:11:06 +0200 tiger (2.2.4-8) unstable; urgency=low * Fixed tigercron so that it includes the hostname in the mail subject (Closes: #113462) -- Javier Fernandez-Sanguino Pen~a Tue, 25 Sep 2001 15:19:30 +0200 tiger (2.2.4-7) unstable; urgency=low * Fixed script/check_rhosts so it does not warn about comments * Added some new issues in Debian systems which tiger does not check properly * Really fixed SRCH line (Closes: #112870) * Added some more info regarding false positives in Debian in the README.Debian file -- Javier Fernandez-Sanguino Pen~a Sun, 23 Sep 2001 00:55:42 +0200 tiger (2.2.4-6) unstable; urgency=low * Fixed Linux/2/config not being able to find SNEFRU, by adding /usr/lib/tiger/bin to the SRCH line (Closes: #112870) * Fixed Linux/2/config not finding CUT since it was not exported (Closes: #112871) * Updated data from Debian Advisories from the WML sources -- Javier Fernandez-Sanguino Pen~a Thu, 20 Sep 2001 10:46:58 +0200 tiger (2.2.4-5) unstable; urgency=low * Fixed debian/control file (Closes: #112532) -- Javier Fernandez-Sanguino Pen~a Mon, 17 Sep 2001 18:09:35 +0200 tiger (2.2.4-4) unstable; urgency=low * Added subjet to tiger's cron report (Closes: #112222, #112161) * Fixed mail check in order to compare against uid and not username (hopefully it will work with Debian and other Unices but I'm not sure ls -n is available there) (Closes: #112162) * Binaries now get compiled at build time * Removed ./c from Makefile * Subsituted corrupted .c files on c/ (md5.c and snefru.c) (Closes: #112216) * Modified scripts/check_know so it checks on uids and not on names (Closes: #112162) -- Javier Fernandez-Sanguino Pen~a Fri, 14 Sep 2001 20:34:30 +0200 tiger (2.2.4-3) unstable; urgency=high * Fixed cron entry (Closes: #111795) -- Javier Fernandez-Sanguino Pen~a Mon, 10 Sep 2001 18:27:21 +0200 tiger (2.2.4-2) unstable; urgency=low * Removed tigerrc(8) reference in manpage (Closes: #110528) * Installed tigexp in sbin (Closes: #110535) * Updated the services file for Linux with a new script that updates it from the system /etc/services. Should close some of the false positives regarding #110531 -- Javier Fernandez-Sanguino Pen~a Wed, 29 Aug 2001 16:03:29 +0200 tiger (2.2.4-1) unstable; urgency=low * Initial Release. * Changed GROUPS variable to GROUPC since it seems to conflict with bash * Modified Makefile so it installs correctly * Provided a new check for open sockets and Debian specific checks for md5sums of installed files and package associatons of installed files. -- Javier Fernandez-Sanguino Pen~a Thu, 23 Aug 2001 15:07:16 +0200