|
Issue: People manage to gain illicit access or elevated access to
computers, especially networked computers, in spite of our efforts
to prevent this.
Question: How do we know they are there, and if any files were
changed?
Answer: We need a way of verifying the integrity of the files
on our system, compared to a known standard. Tripwire does this.
- Tripwire is a company
that sells Tripwire, a product. It started out as free software
from COAST (now Cerias)
at Purdue U.
- A free version is still available, not not well maintained. This
version was designed for a statically linked binary plus the integrity
database to be stored on the same locked medium (e.g., a floppy disk
or CD).
- The commercial version uses encryption via secret keys to store
the integrity database and software on disk.
- In both cases, you configure the software with instructions as
to what files & directories to pay attention to, and what sorts
of changes to these files are permitted. Tripwire produces a report
when changes exceed those permitted.
- Steps
to installing tripwire (from INLS183)
- The installation
directory and sample installation are also available online.
- sample tripwire output, sent
by email on October 18.
|