
			    What is TIGER?

     TIGER, or the 'tiger' scripts, is a set of Bourne shell scripts,
C programs and data files which are used to perform a security audit
of UNIX systems.  It is designed to hopefully be easy to use, easy to
understand and easy to enhance.  Currently support for SunOS 4.x and
SunOS 5.x is the best, followed by NeXT 3.x.  Other systems for which
(at least partial) configuration files are provided are IRIX 4.x, AIX
3.x, UNICOS 6.x, Linux 0.99.x and HP/UX.  These configurations are not
tested as thoroughly as the SunOS and NeXT configurations, and in some
cases, may barely work.  For other systems, a "best effort" check will
be performed.

     TIGER has one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one primary goal: report ways 'root' can be
compromised.  While checks are performed for other purposes, most of
the checks are directed at this goal.  The primary assumption made is
that any uid other than 0 can be obtained (if you aren't as paranoid
as I one p