NOTE: To read changes made to the Debian package (since
August 23rd 2001) see the changelog.Debian file

Changes (v 3.2.2) 
----------------
- Applied patches from Ryan Bradetich to fix Makefiles in HPUX
- Fixed bashisms in scripts
- Fixed YPCAT calls
- Added the audit scripts collection (audit/ subdir). These 
  scripts extract information for a given operating system 
  for offline review and have been provided by Marc Heuse and
  improved by me. For more information see the README file in
  that dir.
  Supported OSes:
    - AIX (tested in 4.x and 5.x)   - Debian GNU/Linux
    - HPUX 10/11                    - Nokia IPSO
    - ORACLE                        - RedHaT GNU/Linux
    - Slackware                     - Solaris
    - SuSE Linux                    - Windows XP/2000/2003
- Added support for a check.d directory where administrators can dump
  scripts and have Tiger run them periodically
- Small improvements to the messages's documentation. Including fixes to
  some error Ids which were not correct
- Documentation improvements: explain new options and behaviour
  in the manpages, overall improvements to text files provided in sources.

- Fixed scripts: check_accounts, check_aliases, check_anonftp, check_crontabs,
  check_devices, check_embedded, check_exports, check_finddeleted,
  check_ftpusers, check_group, check_inetd, check_known, check_listeningprocs,
  check_logfiles, check_netrc, check_passwd, check_passwdformat, check_path,
  check_printcap, check_rhosts, check_root, check_rootdir, check_rootkit,
  check_runprocs, check_sendmail, check_services, check_ssh, check_system,
  check_tcpd, check_umask, check_xinetd, find_files
  (Over 60 reported bugs fixed)

- New checks: check_ntp, check_omniback,  (Linux-specific) check_xinetd,
- Many fixes in HPUX and Linux checks.
- Added support for Solaris 8 and Solaris 9. New checks:
   - 'check_listeningproces' check for this OS too (uses pfiles instead of lsof)
   - 'check_patches': uses a patchdiag.xref file to look for missing patches
- Added Tru64 support
- Added HPUX-specific tigerrc file
- Added spec file to build RPM packages
- Move checks that need to be done to a TODO.check file

Changes (v 3.2.1) 
----------------
- New checks:
  - check_ndd (for HPUX and SunOS systems)
  - check_passwspec  (for Linux and HPUX) 
  - check_trusted (for HPUX)
  - check_rootkit
  - check_xinetd
  - aide_run and integrit_run as new (alternative) integrity file
    checkers (contributed by 'unspawn')
- Improved/Fixed checks: 
	-check_apache
	-check_devices (patch from Ryan Bradetich)
	-check_exports
	-check_finddeleted (patch from Nicolas Franois)
	-check_ftpusers
	-check_group
	-check_inetd
	-check_known
	-check_listeningprocs (patch from Nicolas Franois)
	-check_netrc
	-check_passwd
	-check_path
	-check_patch
	-check_passwdformat
	-check_perms
	-check_rhosts
	-check_root
	-check_services
	-check_signatures
	-check_tcpd
	-check_umask
	-crack_run
	-tripwire_run
   (Linux) check_inittab, check_rcumask, deb_nopackfiles (patch provided
   by  Nicolas Franois), check_accounts (thanks to  Nicolas Franois),
   deb_checkmd5sums (improvements by Nicolas Franois)
- Other check changes:
  - check_cron moved to check_crontabs
  - removed SunOS check_networkconfig in favour of the new check_ndd
- Default Tigerrc has been modified to account for the new checks
- Applied Ryan Bradetich's patches for HPUX support and to some of the
  checks (check_accounts, check_passwd, check_rootdir
- Added CERT's Unix security checklist comparison so users or admins
  can check which checks does Tiger implement automatically.
- Fixed issue with tigercron, did not work as advertised
- Fixed syntax errors in grep calls
- Modified SunOS config file to look for the MAILSPOOL in /var/mail
- Tiger now uses a function (run_script) to run either the scripts in
  the $SCRIPTDIR or system-specific scripts if available. This allows
  developers to create more specific checks for a given OS and have them
  override the generic scripts.
- Review of temporary file creation in all files including the creation
  of a new function (safe_temp) to handle temporary file usage.
- Included a RedHat spec file to create rpm packages (contributed 
  by 'unspawn')
- New utilities: mkfilelst
- Full integration with TARA 3.0.3 including:
  * Update of all SunOS 5 checks based on ARSC's implementation in TARA
  * Preliminary MacOSX implementation based on ARSC's implementation in TARA
  * New check_rookit check
  * Improvements in checks
- Tiger now can generate signatures for new systems 
- Tiger now shows usage
- Updated manpages for tiger and tigexp
- Removed Debian-specific checks from the default cronrc file and instead
  call 'check_system. Added new checks to the cronrc file
- Updated documentation in README files
- Added still more TODOs
- Fixed Makefile (some checks were not getting installed)
- Added sources for SGI security information in README.sources.
- Added tigercron manpage.
- Removed duplicated checks from cronrc
- Improved variable checks in initdefs and applied patches from Ryan Bradetich
  and  Nicolas Franois
- Added some new configuration directives to site_sample
- Included check_ssh in the checks run by Tiger
- Fixed doc/accounts.txt
- Fixed UUID definition in configuration files for most OS.
- Fixed difflogs util with patch from Nicholas Franois and properly sort
  reports.
- Fixed util/genmsgidx with patch from Nicholas Franois


Changes (v 3.2) 
----------------
- Added a roadmap to the TODO
- Tiger will now output to the report the time of completion
- Fixed Linux/2/check (Debian checks were not executed)
- Removed stale files (*org-2.2.3)
- Updated tigerrc files (-all and -dist). Removed stale file not being
  used anymore
- Added some references in README.sources
- Makefile will install the C binaries after compiling (modified 'all' target)
- Preliminary 'distribution' target in Makefile
- Added yet more TODOs
- Added a -q (quite) option to config to be used by tigercron (avoids cron
  sending emails of nothing has changed, no need to redirect output)
- Modified config to not output messages if -q is set (still need to
  modify tiger to use it too)
- Added checks that have been segmented and are new into tiger and tigerrc
  (check_passwdformat, check_nisplus, check_apache, check_printcap, check_exrc,
  check_sendmail, check_printcap)
- Fix of Tiger_Check_ETCISSUE in tiger which made the check run always. 
- Removed useless echo from tigercron
- Included preliminary version of checks: aide_run, integrit_run (the last one
  was in the tar.gz but not in CVS)
- Fixed Steve's name in the realpath.c note
- Added Debian's changes from the 'experimental' area including the changelog
  and the change to the cron.d file
- Created some scripts to check for issues in the source code, including script
  dependancies.
- Fixed missing or improper dependancies in a number of scripts:
  check_accounts, check_aliases, check_anonftp, check_cron, check_devices,
  check_embedded, check_exports, check_finddeleted, check_ftpusers, check_group,
  check_inetd, check_issue, check_known, check_listeningproc, check_printcap,
  check_rhosts, check_root, check_services, check_tcpd, check_umask, crack_run,
  tripwire_run, and Linux's check.
- Fixed PWCK behavior in check_passwd.
- Added notes on behavior of check_sendmail, modified it to run only if 
  SENDMAIL-CF exists.
- Moved Debian-specific checks from check.tbl (would cause errors in non-Debian
  Linux distributions) to 'check' and modified it so that they will only 
  run if distribution=Debian
- Changed Linux's check_listeningprocs Tigerinstalldir to '.'
- Added MD5 to Linux' config
- Fixed bug in gen_cron which makes it output to STDERR if any of the SPOOL
  directories are empty
- Fixed util/mksig to cread @DEST and @ORIG definitions, removed unnecessary
  dependancies, and added missing commands.
 
(23 April 2003 - rc3)
- [security] Applied Steve Grubb's patch to avoid a buffer overflow in realpath
- Changed the behaviour of autoconf to avoid messing
  with binaries in the source copy.
- Improved the Makefile:
	- better segmentation on targets (for testing and error checking)
	- follows better GNU's standards (including use of DESTDIR)
	- binaries and config are sed' on installation
	- missing (new) scripts have been included 
	- removed config-local target (no sense ATM)
- Fixed tigercron (removed CONFIGDIR and added some sanity checks)
- Added sanity checks to Tiger_Accounts_Trust
(22 April 2003 - rc2)
- Makefile changes:
	- now installs WORK and LOGS dir as 700
	- new targets (mantainerclean, config, config-local, distclean)
- config modified to:
	- _only_ use hostname -f with Linux
	- hostname check is done after Tiger_Output_FQDN is defined
	- determine location of RCFILE and IGNOREFILE properly so that
	  cli arguments can change them
	- configure now sets  ${prefix}
- Fixed ignore mechanism (wasn't working at all due to missing quotes)
- Debian packaging fixes
(14 April 2003 - rc1)
- New ignore mechanism for all modules through the ignore_message 
  function in initdefs provides a way for administrators to configure
  (with extended regular expressions) messages that no modules of Tiger
  will report (wether run in a full run or through a cron job). This 
  helps administrator improve Tiger output and remove spurious errors
  or false positives 
  (like the DNS UDP listeners reported by check_listeningprocs)
- Updated the README and USING files with current information on how to
  run/install Tiger
- Updated the README.linux file
- Updated the README.hostids file
- Wrote a new README.ignore file explaining the new mechanism
- Fixed configuration so that the -f option is not used on non-Linux systems
  ('hostname -f' is not an option available in some of them and this breaks
    Solaris!)
- Modified Linux' configuration file in order to work with new checks
- Modified Linux' configuration file so that LSGROUPS is set properly
  depending on the fileutils version (enables Tiger to be used in 
  Debian's 'woody' by fixing, at least, this know issue)
- Fixed the check_inittab script for linux (did not look for the proper
  string!)
- Improved the check_logfiles check in order to check also for logfile 
  permissions and to be more flexible depending on OS.
- Modified some of the util/ scripts:
	. Linux call is modified to return the proper value in gethostinfo
	. LS and AWK are no longer hardcoded in getpermit
	. [security] 'installsig' has been modified so that the DESTDIR 
	  in the file cannot be use to run local commands through 'eval'
- Added missing HPUX config file
- Added "new" signatures for Sun from TAMU

New checks:
- scripts/check_deleted: detects processes or services (servers) using 
     deleted files. It is based on Brian Hatch's article on deleted files
     and the article "The Upgrade Process: Restarting vs Rebooting."
     published at hackinglinuxexposed.com. 
- scripts/check_services: derived from check_inetd, so that it only checks
     for service information 
- scripts/check_umask: derived from check_logfiles, check for user's umask.
- scripts/check_passwdformat: Checks format of password files to determine 
     if there is any inconsitency
- scripts/check_apache: checks configuration of the Apache web server
- scripts/check_exrc: checks for .exrc files (which might be loaded by
     a user inadvertendly when running some editors
- Linux/2/check_network_config: checks for the values of the network 
     configuration in order to determine if the system is susceptible
     to some attacks
- Solaris/5/5.8/check_listeningprocs: preliminary version for Solaris to
     detect which processes/user are opening inbound sockets (note that
     NETSTAT will not provide process or user information and LSOF might
     not be available in all systems)
- HPUX/check_ftpusers: new version of the check_ftpusers script. This one is
     specific for HPUX and has been contributed as a patch at Savannah. It
     does not do the same check as the generic one, and users might want to
     use this or the other one.
- Solaris/5/check_network_config: preliminary version for Solaris to
     detect the network configuration parameters (stills need to be tested)
- HPUX/check_network_config: preliminary version for HPUX of the same script


Changes (v 3.1) 10/09/2002
---------------------------

New autoconfiguration stuff so that users can customize how to run
Tiger (it can now be run from the local dir, that is, the directory
it has been untarred to or any other dir). Default is  
/usr/local/tiger. See configure.in for more information.

Fixes due to testing in Solaris. Mainly bashisms, but also
some new tests for Solaris (not activated by default) as well
as fixes for HP-UX. Fixes include check_accounts, check_devices,
check_ftpusers, check_issue, check_known, check_listeningprocs,
check_logfiles, check_netrc, check_passwd, check_passwd, check_rhosts,

This Solaris testing has also derived new Solaris 5.8 and Solaris 5
configuration scripts.

This new upstream version includes a new
check_loginlog for Linux (based on SuSE's) as well as a preliminary
version of check_patches for Solaris.

check_listeningprocs using LSOF *and* NETSTAT has been moved to
Linux (the version for any other OS uses only 'lsof' since 'netstat'
is not standarised)

Tigexp does not regenerate messages unless being run by root (so that
common users do not get a warning if they run 'tigexp')

Changes (v 3.0) 07/26/2002
---------------------------

New upstream release. Includes a lot of new checks for Linux (developed
for the Debian GNU/Linux distribution) and also includes TARA's and HP's 
fixes. This new upstream is distributed through savannah.gnu.org 
(look for CVS sources there too).

The full changes description can be found in the Debian changelog
(debian/changelog in the source dir) and span from the 2.2.4-1
to the 2.2.4p2-5 Debian packages.

Changes    09/07/99
-------

Fixed to work with SUSE and TurboLinux

Changes    06/02/99
-------

Developed a new tigerrc to support customer's security checklist.
More extensive tigerrc is in tigerrc-dist.

Fixed bug in check_root for Linux boxes.
 
Updated systems service file.

Changes    05/30/99
-------

Developed HTML output capability (tiger -H).
Fixed systems files for SunOS and IRIX

Changes    04/20/99
-------

Corrected numerous small bugs in scripts.

Updated the systems directories to reflect current OS 
configurations for Linux, SunOS, and IRIX and default.

Cleaned up the output a bit.

	--- Advanced Research Corporation

Changes   03/09/94
-------

Fix to ./scripts/sub/check_embed.  This was disabling the
check_embedded script.

New Stuff  01/06/94
---------

Updated signature files for SunOS 4.x and SunOS 5.x.

Bug fixes...

If the current directory is a descendant of a directory for which the
user does not have 'read' permissions (i.e., search only), then csh
and find do not always work.  Workaround is to 'cd /' where necessary.
Not sure this has been completely implemented.

typo in scripts/sub/check_devs (Multiple people)

scripts/sub/check_devs exited if GENCLIENTDIRS undefined (Sally Noonan).

-x 'test' switch is not portable. (Sally Noonan)

AIX doesn't need '-g' (Dorian Deane)

IRIX test doesn't shortcircuit (Steve Rikli)

IRIX config had wrong definition for DATECMD and TIMECMD (Steve Rikli)

Crude 'smrsh' check performing poorly (Patrick Nolan & Mohamed el Lozy)

Changes for performance and robustness, as suggested by Goran
Larsson.  A C program is used to get file ownership and permissions
instead of 'ls | awk'.  (If the C program won't compile, we fall
back to 'ls | awk'.

Changes to check_anonftp for performance.

Added -c switch to allow specifying alternate 'tigerrc' script (John Reynolds)

'tigexp' loses command line parameters on NeXT 3.0 (Kelly Cunningham)

Added ethernet device files to check list for SunOS 5 (was already there
in SunOS 4).  Also inspects /var/sadm/install/contents to check the
perms there so that they don't get accidentally changed back.

New Stuff  10/31/93
---------

Mailling list available.  See the README file for more information.

Support for TAMU Linux distribution, may work on other Linux' as well.

Updated signatures for SunOS 4.x & SunOS 5.x for security patches.

'installsig' script for installing new signature files (util/installsig).
We will try to maintain up to date security patch signature files in
the directory net.tamu.edu:/pub/security/TAMU/tiger-sigs.  Note that
at present, only SunOS 4.x and SunOS 5.x are being actively maintained
(not that there is a bias here, it is just easier for me to get information
on these... contributions will be welcomed).

Various minor bug fixes relating to various platforms.

Fixed check_suid to handle MD5 signatures.

check_embedded now will optionally wait for the file system scans to
complete and will check all setuid executables found for "bad"
embedded pathnames.  See 'tigerrc' for configuring details.

New Stuff  08/17/93
---------

Script for checking embedded pathnames.  The other scripts collect
filenames which are then fed into the check_embedded script.  This
checks the ownership and permissions of all of these embedded pathnames.
Be warned... this can generate *lots* of output.

Pathname checking is now much more complete.  Every "problem" is
reported in detail, instead of saying "Hey, there's a problem with
this pathname".

'tigercron' should work a lot better now.

Script for checking BSD printcap printer control file.

Signatures for IRIX 4.0.5*, thanks to Steve Rikli.
Signatures for NeXTOS 3.1, thanks to William McVey, et al.

Cleaned up output... much of the output now gets formatted to (default)
80 columns.

Digital signature checking now works with SNEFRU or MD5.  Automagically
detects which signature to generate.

Signature checking is a lot faster now, especially if you have a
clean system (the signature database is ordered such that the
"good" signatures are first).

Interface to 'password' generator scripts changed so that the 
generator scripts can do sanity checking on the base files.  Interfaces
to all of the other generator scripts will be changed in next release.

Makefile for installing everything.  I'm not happy with the installation
process this time either... if anyone wants to contribute a snazzy
installation script I'll be happy to include it... 


New Stuff  06/17/93
---------

First off, there are some man pages in the 'man' directory.  They are
definitely lacking.  If I ever stop adding stuff to the package, maybe
I will be able to write better documentation.

********
Explain facility.  All messages (should) have a message ID associated
with them in square brackets [].  The script 'tigexp' can be used to
get an explanation of the message.  Some (many?) of the explanations
are lacking.  You can also insert the explanations into the output
of 'tiger' by using the '-e' flag.  If anyone has suggestions or
improved explanations, don't hesitate to send them to me.

********
Crack 4.1 interface.  'tiger' will now run Alec Muffett's password
cracker 'Crack'.  See the 'tigerrc' file and 'site-sample' file for
information on enabling it (it is disabled by default).

********
Systems:

SunOS 4.1.1 sun3, 4.1.1 sun4, 4.1.2, 4.1.3, 5.1, 5.2 sun4
NeXT 3.0

There, but untested (and I do mean untested).  You can try them,
but they have *never* been used, so I have no idea what to expect.
Some parts are missing (i.e., no signature files).

AIX 3.x (if this one works... any idea why so many setuid's on AIX 3?)
HPUX (probably anything up to 9.x)
IRIX 4.x
UNICOS 6.x 7.x (if those pesky users didn't use the machine so much...)

********
More checks.  A few of the additions since the last release are:

check_aliases:  Check mail aliases for problems.
check_cron:  Check 'cron' entries for problems.
check_group:  Cross reference 'group' files for problems.
check_passwd:  Cross reference 'passwd' files for problems.
check_path:  Check 'root' (and optionally all users) PATH for problems.

In addition all previous scripts have been beefed up with many more
checks.  File Permission databases have been improved (though they
still need more work).  Scripts which check the path to executables
and files now check the pathname thoroughly, even in the face of
symbolic links.

The file system scans now report device files, world writable
directories, symbolic links to system files, in addition to setuid
executables.  Also the setuid checks now attempt to determine if a
setuid program is an old version of a binary for which a security
patch was released (i.e., it was moved out of the way, but never
deleted or chmod'd, and hence may still be a security problem).

For servers of diskless or dataless clients, some "quick" checks of
the clients can be performed on the server (see man/tiger.man).  Not
everything can be checked.  Plus, support is not complete.

It is possible to install 'tiger' now so that you don't have to
feed it all the names of the directories on each invocation.
Just run 'Install'... it will prompt for names.

'tigercron' provides a simple-cron facility with report differencing
capability and mailing of reports.  This is just started and needs
more work to be really useful.  See the 'cronrc' file for a sample
input to it.

Checks for the availability of a utility commands have been moved
nearer to where they are actually needed (as opposed to having them
at the top of each script).  This enables more checks to be performed
when only a few commands are missing.

All cleanup of scratch files goes through the 'delete' routine which
won't delete a file that isn't in the scratch work directory.  This
is to prevent programmer errors from zapping the wrong file [what?
programmer errors?  Never... :)]

Some more C code added.  Handling of obtaining a compilation of the
source improved.  For casual use, nothing need be done.  The C code
will be compiled and installed in the Bindir (TIGERHOME/bin by default).
For regular use, or use in a large group of systems, sharing the
tiger directories, the binaries can be compiled and stored in the
respective system directories.  The scripts will use the binary
directly from that directory.  The Solaris 2.x (SunOS 5) directory
provides precompiled binaries (no C compiler by default).

Finally, if you try to run this on a system with an old or broken
Bourne shell, or one without functions, have a peek at util/setsh.
This will change all the '#!' headers to some other shell (i.e. ksh or
bash).  Note that 'tiger' has never been run under either of these,
but it might be worth a shot.

