TARA INTRODUCTION

The Tiger Analytical Research Assistant (TARA) is an upgrade to the original 
Tiger program.  Enchancements, include:

	o Minor bug fixes
	o Upgrade to systems features for Linux, SunOS, IRIX, and default
	o HTML output (e.g., tara -H) option

TARA/TIGER INTRODUCTION

Here's a quick "HOW TO" on using 'tara'...

First:  Make sure you are using a 'tararc' file to your liking.  The
        tararc-TAMU file disables a lot of checks.  The 'tigerrc-dist'
        file enables all of them.  You should probably edit one to your
        tastes.  The TARA upgrades only effect the default tests.  Use
        the optional tests at your own risk.

Second, for just a test run, it is *NOT* necessary to install 'tara'.
Just 'cd' into the top-level tara directory and run './tiger'.  This
will create a security report after some time (times vary based on system
size and extent of checking defined in 'tararc').

If you fix some things, and want to run just part of the system without
having to wait for the entire thing, 'cd' to the 'scripts' directory
and you can run any of the scripts there standalone.  Just use
'./scriptname'.  The output will go to stdout, so if you want to save
it to a file, you'll need to redirect it.

A complete HTML report can be generated by using the '-H' option on the
tara command line. This will genrate a HTML report with hyperlinks to
the message text. If a HTML report is not desired, you can follow the
procedures below. 

If you want more information on a particular message generated by 'tara'
(or any of the scripts), you can use the 'taraexp' (TARA EXPlain) facility.
You have three choices here.

First, if you just want more information on a specific message, just use
'./taraexp msgid', where 'msgid' is the text inside the [] associated with
each message.  For example, to obtain more information about:

--WARN-- [acc001w] Login ID backup is disabled, but still has a valid shell 
         (/bin/sh). 

one would use './taraexp acc001w'.

Second, if you want to insert the explanations in the report, you can
either run 'tara' (or the individual scripts) with the '-E' option,
or if you have already run it, then use 'taraexp -F report-file'.  This
will write a copy of the security report to stdout, with explanations
inserted.

The third option is to generate a separate explanation file from a
report file.  To do this, use 'taraexp -f report-file'.  An explanation
report will be generated with message identifiers with each explanation.
This can be used when the report file has lots of repeated message ID's
and inserting explanations will increase the size of the report to
absurd proportions.

------------------------------------------------------------------------

Running 'tara' regularly.

First: It still isn't necessary to "install" 'tara'.  Installing it
is only a convenience.  If you do not install it, then it will be
necessary to either invoke 'tara' (or the individual scripts) with
the '-B' option or 'cd' to the 'tara' directory before running it.
The '-B' option informs the scripts where the top level 'tara'
directory is.

You have two options when running 'tara' regularly.  The first is
to simply run 'tara' out of cron.  Since on large systems, a full run
can take hours, this is probably not desirable.

The more desirable is to use 'taracron'.  With 'taracron', it is
possible to run the individual scripts spread out over a time period
(some can be run three times a day, others once a week or month).
In addition, 'tararon' will (on some systems) e-mail a "change"
report to the specified person (in 'tararc').  The "change" report
will only contain "new" information and will only be mailed when
there *is* new information.

------------------------------------------------------------------------

Installing 'tara'. There is no installation of tara.  You can perform
a 'make clean' to remove old binaries and reports. 

------------------------------------------------------------------------

