Note: the up-to-date TODO list is maintained through Savannah's Task Manager
(http://savannah.nongnu.org/pm/?group=tiger) this list is provided for the
commodity of those browsing the source code

GENERAL ROADMAP
---------------

The general roadmap for Tiger is the following:

To be released:
(Note: functionality might vary between releases, but this is the intended
approach)

- Version 3.7 (unstable):
   . Revision of CVE vulnerabilities and ICAT Risks (Low, Medium, High)
   . Add vulnerabilities that are already check by remote assessment 
     tools (Nessus) but can be checked locally too.
- Version 3.6 (stable): Fully CVE compatible including OVAL implementation.
- Version 3.5 (unstable):
   . OVAL interpreter and OS-specific OVAL
   queries (for Debian GNU/Linux, RedHat GNU/Linux and Solaris). 
   . Revision of current checks to add CVE mapping for vulnerabilities
     if appropriate.
   . Revision of documentation on fixes (tigexp) 
- Version 3.4 (stable): bug fixes.
- Version 3.3 (unstable):
   . Security audit of C source code and 'eval' in scripts.
   . Revise if all the checks are properly called from Tiger
   . Determine which checks need root privileges and which not, consider
     use of 'sudo' to run root checks (or data gathering) if available.

   . Integration of new checks including contributed checks 
   NOTE: Many patches have been already included. The following still need
     to be added:
      - 1091 - needs to be converted into a shell script
      - 1353 - mostly redundant with check_ftpusers but needs to be 
               revised
      - 1392 - needs to be integrated (it is also part of the CERT's list)
      - 1431 - mostly done by check_devices but needs to be revised
      - anacron patch - needs to be integrated
      - all the checks provided by NIH (36!) need to be integrated in
        the code of some checks or new checks written for them
   . Integrated the secaudit database manager patch provided by the
     Center for Information Technology, National Institutes of Health
   . Integration of checks/bug fixes from TARA 3.0.3 version.
   NOTE: Mostly done for all checks (except for check_sendmail)
   Other utilities, such as buildbins changes, need to be checked.
   . Full documentation and user manual describing checks, policy 
   (BS-7799) compliance and comparison with other tools and checks.
       - Include tigerrc and cronrc manpages
   . Provide other logging mechanisms (syslog, snmp) if tools are
     available.
   . Checks for SANS's Top 10 (generic) and Top 20 (UNIX) vulnerabilities
     (notice, however, that most are remote checks which Tiger cannot
     implement that well..)
   NOTE: Already included an annotated CERT list which determines which
     are done and which are lacking
   . Redhat (rpm) packages
   NOTE: The spec file provided as a patched is now included, I have tested
     it to build RPM packages but I have not tested the RPM packages
     themselves.

Released:
- Version 3.2 (stable): major bug fix version
- Version 3.1 (unstable): bug fixes and new checks.
- Version 3.0 (unstable): new release merging TAMU's Tiger and forked
   versions: ARC's Tara, HP's new checks and Debian's Tiger.
- Version 2.2.4 (stable): last version provided by TAMU


DETAILED ITEMS
--------------

- Revise the trap setting for scripts using temporary files. It might
  be necessary to remove the trap calls or use a generic call that
  will clean all the tempfiles (TigerCleanup?)

- Automate the creation of new tar.gz's including a revision that sets
  the proper exec bits to all needed files.

- Full security audit of the code, I dislike the use of 'eval' (used by
the util/ scripts in the haveallof() function, but seems safe). I would not
like to see posts in Bugtraq related to tiger.
(such as http://lists.insecure.org/lists/bugtraq/1998/Jun/0160.html
from Marc Heuse dated Fri Jun 26 1998 - 08:24:17 BST)

- Update signatures using TAMU's (and maybe knowngoods.org's) signature
database.
See http://savannah.nongnu.org/pm/task.php?group_project_id=472&group_id=2247&func=browse

- Improve support non-Linux OSs
https://savannah.nongnu.org/pm/task.php?group_id=2247&group_project_id=632

- Compare checks against other tools'
	- Bastille/Titan: verify that each thing that they 'fix' (harden)
		is checked by Tiger. Provide a relationship of modules in
		each and Tiger checks (at README.sources)
	- CIS benchmark: verify that each "scoring" check is also done
		at Tiger through a check module.
	- OpenBSD or SuSE security checks (DONE)
	- SAINT/SARA: which do some local checks (on NFS for example)

NOTE: Tiger modular behaviour makes it difficult to share data but it's easier
to make simple checks than if using other monolythic tools (like CIS's, 
OpenBSD's or SuSE's)

- Implement IDMEF to send message on alerts. Consider the use of the XML
  library available at  http://www.silicondefense.com/idwg/snort-idmef/
  or Prelude's libprelude

- Consider sending encrypted mail. Check  http://karl.jorgensen.com/smash/
  or add 'gpg -e -a ' in tigercron

- Implementation of a generic OVAL interpreter: http://oval.mitre.org

- Checks need to have a timeout otherwise some checks like 'check_patches'
  (which depend on net access) will never end on a normal
  Tiger run.

- Implement a way to hook into a distributed architecture. Possible candidates:
	- IDEA http://idea-arch.sourceforge.net/
	- Prelude http://www.prelude-ids.org/

(DONE)- Implement logging to syslog (TARA 3.0.3 does it through logger) 

BUGS
----

- Gen_passwd_sets (all systems) sorts the passwd/shadow before joining, 
  if there are "similar" userfields with non-word characters (*, !) sorting
  might not work as expected and the join will not show some of the users.
  This needs to be fixed by sorting the userfield first and then using that
  sort to sort the passwd fileS


--- Javier Fernandez-Sanguino Pen~a  <jfs@computer.org>
Tue, 12 Aug 2003 21:33:51 +0200

