[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tiger-announce] New Tiger release: 3.2.3

From: tiger-announce
Subject: [Tiger-announce] New Tiger release: 3.2.3
Date: Wed, 10 Sep 2008 09:49:48 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

A new Tiger release (3.2.3) is available at

This version is mainly a bug fix release that incorporates all the fixes
introduced in Debian since the 3.2.2 release.

It also updates Linux' gen_mounts to support many more filesystems and
provides a way for local administrators to define local and non-local
filesystems. Which makes it easier for local admins to define exotic
filesystems if in use and avoid the warnings Tiger mails each time a script
that runs through the filesystems (check_perms, check_known and find_files)

Detailed changelog (from the CHANGES file):

Changes (v 3.2.3) 

- SECURITY FIX: Fix a temporary race condition in the genmsgidx script (only
  affects those that build the code in untrusted systems)

- Added support for more local and non-local filesystems in Linux gen_mounts:
  reiser4, securityfs, fuse.gvfs-fuse-daemon, fuseblk, fuse.truecrypt,
  fuse.encfs, debugfs, afs, configfs, gfs, gfs2, inotifyfs, hugetlb, subfs,
  futexfs and bind.

- Added a new configuration variable in tigerrc (Tiger_FSScan_WarnUnknown)
  that allows administrators to disable the warning related to unknown
  filesystems and modified gen_mounts to make use of it.

  The default behaviour (in the provided tigerrc and in the code), if the
variable is not set is to warn admins since unknown filesystems might be a
security issue (rootkit?)

- Add new variables in tigerrc:
   * Tiger_FSScan_Local: if set, filesystems defined in it will be considered
     local and will always be analysed.
   * Tiger_FSScan_NonLocal: ff set, filesystems defined in it will be
      considered non-local and will not be analysed.
  This allows administrators to add there esoteric filessystems in use so
that they can work around the 'unknown filesystem' report generated by
gen_mounts until it gets updated upstream.

- Fix the main Makefile so that the code gets compiled when running 'make

- Add a new Makefile to the doc/ subdirectory so that the contents get built
  and removed and no autogenerated content is distributed. This subdirectory
  is called from the main Makefile.

- Use tempfile if available in the configuration step, although we work in
  WORKDIR and we are safe there

- Make tigercron POSIX compliant so it works in any shell, not just bash

- The 'gen_cron' script for Linux now handles properly the case when the
  special @daily,@reboot, etc. definitions are used instead of real times. 

- Scripts changes:
    * check_apache:Fix the way the configuration file is handled to obtain
                    the IP address and port (Debian bug #436904)
    * check_crontags, check_xinetd, check_apache: Change message calls so
    * that they can be filtered 
    * find_files: Only check local filesystems
    * systems/Linux/2/deb_checkmd5sums: use prelink if available

Happy hacking!


Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]