Hello All,
Does any one use TARA? The company I work for uses TARA for Linux and SunOS and an internal tool for HP-UX. I will be starting a Senior capstone class for college soon and was wondering how useful would an update to TARA be to the Open Source community. I invision it as a client-server application where either the client or server can initiate a scan and the results go into a database (MySQL or PostgreSQL). From the DB risk acceptance filters can be applied and reports (Web & email) can be generated. The web interface could generate reports for each site or support region. This could be used by managment to see how security compliant a given region is.
The DB could also have tables in it to support determining how patch compliant systems are. I would like the DB flexable enough to support other security concerns in the furture.
I would like to hear your thoughts on how useful this would be before I spend a lot of time working on it. Of cource it also comes down to if the professor will accept it as a project.
--
Jamie Bohr
