Tiger – The Unix Security Audit and Intrusion Detection Tool

Tiger is a free, open source collections of shell scripts for security audit and host intrusion detection, for Unix-like systems such as Linux. It’s a security checker written entirely in shell language and employs various POSIX tools in the backend. It’s major purpose is to check the system configuration and status.

It’s very extensible than the other security tools, and has a good configuration file. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them.

In this article, we will show how to install and use Tiger security checker with basic examples in Linux.

How to Install Tiger Security Tool in Linux

On Debian and its derivatives such Ubuntu and Linux Mint, you can easily install Tiger security tool from the default repositories using package manger as shown.

$ sudo apt install tiger 

On other Linux distributions, you can download the latest source (the current stable release is 3.2.3, at the time of writing) and run it straight away from the terminal as as root or use the sudo command to gain root privileges.

$ wget  -c  http://download.savannah.gnu.org/releases/tiger/tiger-3.2rc3.tar.gz
$ tar -xzf tiger-3.2rc3.tar.gz
$ cd tiger-3.2/
$ sudo ./tiger

By default all checks are enabled, in the tigerrc file and you can edit it using a CLI editor of your liking to enable only the checks you are interested in:

Run Tiger Security Audit Tool on Linux
Run Tiger Security Audit Tool on Linux

When the security scan is complete, a security report will be generated in the log sub directory, you will see a message similar to this (where tecmint is the hostname):

Security report is in `log//security.report.tecmint.181229-11:12'.

You can view the contents of the security report file using cat command.

$ sudo cat log/security.report.tecmint.181229-11\:12
View Security Report
View Security Report

If you just want more information on a specific security message, run the tigexp (TIGer EXPlain) command and provide the msgid as an argument, where “msgid” is the text inside the [] associated with each message.

For example, to get more information about the following messages, where [acc001w] and [path009w] are the msgids:

--WARN-- [acc015w] Login ID nobody has a duplicate home directory (/nonexistent) with another user.  
--WARN-- [path009w] /etc/profile does not export an initial setting for PATH.

Simply run these commands:

$ sudo ./tigexp acc015w
$ sudo ./tigexp path009w
View Security Messages
View Security Messages

If you want to insert the explanations (more information on a particular message generated by tiger) in the report, you can either run tiger with the -E flag.

$ sudo ./tiger -E 

Or if you have already run it, then use tigexp command with the -F flag to specify the report file, for example:

$ sudo ./tigexp -F log/security.report.tecmint.181229-11\:12
View Security Report with Messages
View Security Report with Messages

To generate a separate explanation file from a report file, run the following command (where -f is used to specify the report file):

$ sudo ./tigexp -f log/security.report.tecmint.181229-11\:12

As you can see, installing tiger is not necessary. However, if you want to install it on your system for purposes of convenience, run the following commands (use ./configure – -help to check configure script options):

$ ./configure
$ sudo make install

For more information, see the man pages under the ./man/ sub-directory, and use the cat command to view them. But if you have installed the package, run:

$ man tiger 
$ man tigerexp

Tiger project homepage: https://www.nongnu.org/tiger/

Tiger is a set of scripts that scan a Unix-like system looking for security problems – it’s a security checker. In this article, we have shown how to install and use Tiger in Linux. Use the feedback form to ask questions or share your thoughts about this tool.

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

4 thoughts on “Tiger – The Unix Security Audit and Intrusion Detection Tool”

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.