Good day there!
My name is Vladislav Babkin, I am from Ukraine, and I want to contribute by helping developing this tool
I have some questions:
1) Aren't sh scripts good enough to audit a policy? Well, we will need some additional tooling, like a tool to try and open a connection to a port, etc.
2) Should auditing tool be able to try and fix the problems? For example, if it connects to web-server as root - maybe it should connect to it and close that possibility (if the user adds a flag to do so)?
2) When ensuring a policy, should this tool autoinstall software as well if is not present, or should it just fail?
3) Should it work internally on the server, or can it be run somewhere on the outside with access to the machine through ssh or alike?
4) I am right now working on a starup (and will do so in summber), and I will have my exams in June, so I probably will start coding earlier, Hope that is not a problem :)
I'm looking forward to hearing from you,
Vladislav Babkin
--
Sent from my mobile via Mail.Ru