tigerrc: Configure Tiger_Running_Procs

* Relates to #60 * Mention Tiger conf in README
pyllyukko · Jan 20, 2024 · 85e6407 · 85e6407
1 parent c4bf9fa
commit 85e6407
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -82,6 +82,7 @@ For a complete list you can run `ansible-playbook --list-tasks harden.yml`.
     * Configured ClamAV to unarchive with password "infected" (see [Passwords for archive files](https://docs.clamav.net/manual/Signatures/EncryptedArchives.html) & [ClamAV and ZIP File Decryption](https://blog.didierstevens.com/2017/02/15/quickpost-clamav-and-zip-file-decryption/))
     * Downloads YARA rules from [Neo23x0](https://github.com/Neo23x0/signature-base), [GCTI](https://github.com/chronicle/GCTI), [Elastic](https://github.com/elastic/protections-artifacts), [YaraRules Project](https://yara-rules.github.io/blog/), [JPCERT/CC](https://github.com/JPCERTCC/jpcert-yara), [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/), [Citizen Lab](https://github.com/citizenlab/malware-signatures), [GoDaddy](https://github.com/godaddy/yara-rules), [Didier Stevens](https://github.com/search?q=repo%3ADidierStevens%2FDidierStevensSuite+path%3A*.yara) & [Open-Source-YARA-rules](https://github.com/mikesxrs/Open-Source-YARA-rules) for [ClamAV to use](https://docs.clamav.net/manual/Signatures/YaraRules.html)
 * [rkhunter](https://sourceforge.net/projects/rkhunter/) configuration (see [rkhunter.yml](tasks/rkhunter.yml))
+* [Tiger](https://www.nongnu.org/tiger/): Configures `tigerrc` & `tiger.ignore`
 * [Lynis](https://cisofy.com/lynis/) configuration (see [lynis.yml](tasks/lynis.yml))
 * Configures AIDE (see [aide.yml](tasks/aide.yml))
 * Display managers:

diff --git a/templates/tigerrc.j2 b/templates/tigerrc.j2
@@ -389,7 +389,13 @@ Tiger_Listening_ValidProcs=''
 # The process list below is just an example (useful for Linux)
 # change it to suit your needs. You can use either the process name
 # or the full path name
+{% if ansible_distribution == "Debian" or ansible_distribution == "Kali" %}
+Tiger_Running_Procs='/lib/systemd/systemd-journald /usr/sbin/cron'
+{% elif ansible_distribution == "Slackware" %}
+Tiger_Running_Procs='/usr/sbin/syslogd /usr/sbin/crond'
+{% else %}
 Tiger_Running_Procs='syslogd cron atd klogd'
+{% endif %}
 # or
 # Tiger_Running_Procs='/sbin/syslogd /usr/sbin/atd /usr/sbin/cron /sbin/klogd'
 #