LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-17-2006, 05:39 AM   #1
jsosic
LQ Newbie
 
Registered: Mar 2006
Location: Split
Distribution: Debian and Gentoo
Posts: 8

Rep: Reputation: 0
Angry Removing noise from Tiger?


Hi to all!

I've been using Tiger for a week now. I've read most of the documentation, googled and searched forums, but still no answer. My problem is: tiger generates too much noise... For example, it reports every 6 (or less, not sure, gotta peek into /etc/tiger/tigerrc) hours listener services, and offcourse, they are same all the time. Is there a way to remove this unnecesarry noise?

I've read in the manual to place enteries into /etc/tiger/templates/, and I've dumped that listener services report there, but it still reports it I've switched off "Tiger_Cron_CheckPrev=N", and turned on "Tiger_Cron_Template=Y", but still no effect. Point is, I don't want tiger to report me about changes to previous states, but diffs with templates I set manually.

For example, here is my current /etc/tiger/templates/check_listeningprocs
Code:
--WARN-- [lin003w] The process `Xtightvnc' is listening on socket 5901 (TCP on every interface) is run by jsosic. 
--WARN-- [lin003w] The process `Xtightvnc' is listening on socket 6001 (TCP on every interface) is run by jsosic. 
--WARN-- [lin003w] The process `amavisd-new' is listening on socket 10024 (TCP on loopback interface) is run by amavis. 
--WARN-- [lin002i] The process `apache2' is listening on socket 80 (TCP) on every interface. 
--WARN-- [lin003w] The process `apache2' is listening on socket 80 (TCP on every interface) is run by www-data. 
--WARN-- [lin003w] The process `btdownloadcurse' is listening on socket 6003 (TCP on every interface) is run by jsosic. 
--WARN-- [lin002i] The process `cupsd' is listening on socket 631 (TCP) on every interface. 
--WARN-- [lin002i] The process `cupsd' is listening on socket 631 (UDP) on every interface. 
--WARN-- [lin002i] The process `dhcpcd-bin' is listening on socket 68 (UDP) on every interface. 
--WARN-- [lin002i] The process `dhcpd3' is listening on socket 67 (UDP) on every interface. 
--WARN-- [lin002i] The process `dovecot' is listening on socket 993 (TCP) on every interface. 
--WARN-- [lin003w] The process `gkrellmd' is listening on socket 19150 (TCP on every interface) is run by gkrellmd. 
--WARN-- [lin003w] The process `imap-login' is listening on socket 993 (TCP on every interface) is run by dovecot. 
--WARN-- [lin002i] The process `inetd' is listening on socket 113 (TCP) on every interface. 
--WARN-- [lin003w] The process `innd' is listening on socket 119 (TCP on every interface) is run by news. 
--WARN-- [lin002i] The process `master' is listening on socket 25 (TCP) on every interface. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on loopback interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 953 (TCP on loopback interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on 192.168.1.129 interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on 192.168.1.1 interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (TCP on 217.198.100.152 interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 35185 (UDP on every interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on loopback interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on 192.168.1.129 interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on 192.168.1.1 interface) is run by bind. 
--WARN-- [lin003w] The process `named' is listening on socket 53 (UDP on 217.198.100.152 interface) is run by bind. 
--WARN-- [lin002i] The process `ntpd' is listening on socket 123 (UDP) on every interface. 
--WARN-- [lin003w] The process `portmap' is listening on socket 111 (TCP on every interface) is run by daemon. 
--WARN-- [lin003w] The process `portmap' is listening on socket 111 (UDP on every interface) is run by daemon. 
--WARN-- [lin003w] The process `proftpd' is listening on socket 21 (TCP on every interface) is run by nobody. 
--WARN-- [lin002i] The process `rpc.mountd' is listening on socket 703 (TCP) on every interface. 
--WARN-- [lin002i] The process `rpc.mountd' is listening on socket 700 (UDP) on every interface. 
--WARN-- [lin002i] The process `rsync' is listening on socket 873 (TCP) on every interface. 
--WARN-- [lin003w] The process `squid' is listening on socket 8080 (TCP on every interface) is run by proxy. 
--WARN-- [lin003w] The process `squid' is listening on socket 3130 (UDP on every interface) is run by proxy. 
--WARN-- [lin003w] The process `squid' is listening on socket 35043 (UDP on every interface) is run by proxy. 
--WARN-- [lin002i] The process `sshd' is listening on socket 22 (TCP) on every interface.
,
but still, I get the same report on and on, few times a day...

Can someone pinpoint me where am I doing wrong?
 
Old 04-18-2006, 03:24 PM   #2
jsosic
LQ Newbie
 
Registered: Mar 2006
Location: Split
Distribution: Debian and Gentoo
Posts: 8

Original Poster
Rep: Reputation: 0
Well, I've found it out myself

If you want tiger to difflog it's logs with templates and not last logs, you have to copy one of it's old log from /var/log/tiger to /etc/tiger/templates, and its name should be "check_[nameoftest].out.template". Now it works flawlessly
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu tiger scan? subjazz Linux - Security 5 02-25-2006 02:56 PM
tiger report ? divukman Linux - Security 1 02-24-2006 05:23 AM
gnome on mac os x tiger pieter023 *BSD 1 08-19-2005 07:48 PM
Compiling on Mac Tiger Baryonic Being Other *NIX 1 07-02-2005 04:17 PM
Tiger Jet modem Sandrocchio_0.1 Linux - Hardware 0 12-29-2003 06:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration