Enhancing Tiger Auditing Tool for Linux Systems and Services

Abstract

Information security is one of the main concerns in modern day computing. Therefore, security auditing tools are largely used in modern day computer systems. There are open source auditing tools as well as commercial auditing tools. Commercial vulnerability scanning tools are very expensive these days. Therefore, organizations are interested to use open source auditing tools. Available open source auditing tools are capable of performing various kinds of vulnerability scans and identifying security issues of the system. Develop an auditing tool from the begin takes a considerable amount of time and it has a high probability of overlapping features with existing solutions. This implementation is to enhance the features of existing Tiger auditing tool. Tiger is a modular based application and users are allowed to develop their own modules into the application. But in order to do it, self-written modules have to comply with Tiger coding standers. Tiger uses its own way of executing modules. It also uses message function to deal with report generation. In order to enhance the functionality of the default Tiger application following new modules has been developed. The identify security patches module used to identify available operating system security patches if available. If a new release of the operating system is available, it identifies by the identify operating system releases module. Security configuration files of manually installed packages are scanned by auditing manually installed packages module. The default Tiger release does not support live modifications. Users have to wait until the audit finishes. Then they should check the report and identify vulnerabilities. But using the enhanced Tiger application, users are facilitated to modify particular files if any issue identifies during the audit process. The suggest security tools module informs users about available security tools which improves the security level of certain services. A graphical user interface is provided to the users to ease their work. According to the user feedbacks, majority of users have identified with the enhanced Tiger application is very useful. The graphical user interface and the perform live changes module made the enhanced version more user friendly to users.