Tiger Analytical Research Assistant (TARA)

The Tiger Analytical Research Assistant is a Unix-based system scanner that can detect a set of known vulnerabilities in the local host.

TARA is an update to Texas A&M's Tiger scripts that has the benefit of being currently maintained. Tiger is often described as a more comprehensive, up to date version of COPS, though the two are not officially related. The Tiger scripts, taken as a set, are a tool for determining all of the paths by which root privilege may be obtained on the local host. Tiger itself requires root privilege to execute. The scripts may be run individually if time is a concern and only certain vulnerabilities are relevant. Tiger also includes an explanation feature to give descriptions and suggested fixes for most vulnerabilities that it can find.

URL: http://www-arc.com/tara

TARA has been tested on

SunOS 5.7
Irix 6.5
Red Hat Linux 5.2, 6.0,

but since it is composted mostly of bash scripts, it should run on any Unix platform with little difficulty.

Pros:

It's open source.
It is very modular.
It works on a wide variety of platforms.

Cons:

It has a very specific function--seeking paths to root--and does only that.

Rating: Recommended. TARA is easy to use, highly portable, and descended from a well regarded tool.

Classification:
Static vs. Dynamic: Dynamic
Library vs. Instrumenting: Library
Testing vs. Production: Production
Opaque vs. Clear: Clear--in that it must be run as root
List vs. Heuristic: List
Conservative vs. Liberal: Liberal
Concurrent vs. Single Program: Concurrent
Alert vs. Fix: Alert with suggestions for fix

Evaluated by Homer Briggs on 8/21/2000