LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Removing noise from Tiger? (http://www.linuxquestions.org/questions/linux-security-4/removing-noise-from-tiger-435912/)

jsosic 04-17-2006 05:39 AM

Removing noise from Tiger?
 
Hi to all!

I've been using Tiger for a week now. I've read most of the documentation, googled and searched forums, but still no answer. My problem is: tiger generates too much noise... For example, it reports every 6 (or less, not sure, gotta peek into /etc/tiger/tigerrc) hours listener services, and offcourse, they are same all the time. Is there a way to remove this unnecesarry noise?

I've read in the manual to place enteries into /etc/tiger/templates/, and I've dumped that listener services report there, but it still reports it :( I've switched off "Tiger_Cron_CheckPrev=N", and turned on "Tiger_Cron_Template=Y", but still no effect. Point is, I don't want tiger to report me about changes to previous states, but diffs with templates I set manually.

For example, here is my current /etc/tiger/templates/check_listeningprocs
Code:

--WARN-- [lin003w] The process `Xtightvnc' is listening on socket 5901 (TCP on every interface) is run by jsosic.
--WARN-- [lin003w] The process `Xtightvnc' is listening on socket 6001 (TCP on every interface) is run by jsosic.
--WARN-- [lin003w] The process `amavisd-new' is listening on socket 10024 (TCP on loopback interface) is run by amavis.
--WARN-- [lin002i] The process `apache2' is listening on socket 80 (TCP) on every interface.
--WARN-- [lin003w] The process `apache2' is listening on socket 80 (TCP on every interface) is run by www-data.
--WARN-- [lin003w] The process `btdownloadcurse' is listening on socket 6003 (TCP on every interface) is run by jsosic.
--WARN-- [lin002i] The process `cupsd' is listening on socket 631 (TCP) on every interface.
--WARN-- [lin002i] The process `cupsd' is listening on socket 631 (UDP) on every interface.
--WARN-- [lin002i] The process `dhcpcd-bin' is listening on socket 68 (UDP) on every interface.
--WARN-- [lin002i] The process `dhcpd3' is listening on socket 67 (UDP) on every interface.
--WARN-- [lin002i] The process `dovecot' is listening on socket 993 (TCP) on every interface.
--WARN-- [lin003w] The process `gkrellmd' is listening on socket 19150 (TCP on every interface) is run by gkrellmd.
--WARN-- [lin003w] The process `imap-login' is listening on socket 993 (TCP on every interface) is run by dovecot.
--WARN-- [lin002i] The process `inetd' is listening on socket 113 (TCP) on every interface.
--WARN-- [lin003w] The process `innd' is listening on socket 119 (TCP on every interface) is run by news.
--WARN-- [lin002i] The process `master' is listening on socket 25 (TCP) on every interface.
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on loopback interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 953 (TCP on loopback interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on 192.168.1.129 interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on 192.168.1.1 interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on 217.198.100.152 interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 35185 (UDP on every interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on loopback interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on 192.168.1.129 interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on 192.168.1.1 interface) is run by bind.
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on 217.198.100.152 interface) is run by bind.
--WARN-- [lin002i] The process `ntpd' is listening on socket 123 (UDP) on every interface.
--WARN-- [lin003w] The process `portmap' is listening on socket 111 (TCP on every interface) is run by daemon.
--WARN-- [lin003w] The process `portmap' is listening on socket 111 (UDP on every interface) is run by daemon.
--WARN-- [lin003w] The process `proftpd' is listening on socket 21 (TCP on every interface) is run by nobody.
--WARN-- [lin002i] The process `rpc.mountd' is listening on socket 703 (TCP) on every interface.
--WARN-- [lin002i] The process `rpc.mountd' is listening on socket 700 (UDP) on every interface.
--WARN-- [lin002i] The process `rsync' is listening on socket 873 (TCP) on every interface.
--WARN-- [lin003w] The process `squid' is listening on socket 8080 (TCP on every interface) is run by proxy.
--WARN-- [lin003w] The process `squid' is listening on socket 3130 (UDP on every interface) is run by proxy.
--WARN-- [lin003w] The process `squid' is listening on socket 35043 (UDP on every interface) is run by proxy.
--WARN-- [lin002i] The process `sshd' is listening on socket 22 (TCP) on every interface.

,
but still, I get the same report on and on, few times a day...

Can someone pinpoint me where am I doing wrong?

jsosic 04-18-2006 03:24 PM

Well, I've found it out myself :)

If you want tiger to difflog it's logs with templates and not last logs, you have to copy one of it's old log from /var/log/tiger to /etc/tiger/templates, and its name should be "check_[nameoftest].out.template". Now it works flawlessly :)


All times are GMT -5. The time now is 02:38 PM.