Results 1 to 4 of 4

Thread: xinetd vs Tripwire

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    3

    Question xinetd vs Tripwire

    Hi Guys!!

    Got RH 8 installed om my laptop, but i want to secure it as much as I can before go networked.
    In RH 8 xinetd is installed by default. But I wonder should I aslo use Tripwire?! Isn't xinetd an substitute for tripwire and inetd?! Or I am I wrong?!

    Since the computer is pretty new installed I want to re-compile it soon, should I wait to install Tripwire until I got the kernel "lighter", because of to many Trip-log-messages?!

    I've heard of AIDE.. is it better then Tripwire?!

    (that's alot of question, sorry... but I'm a curious newbie that want a stabel system ).

    Thanx in advance...

    /DevKillen

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    xinetd and tripwire are two different things.

    xinetd is a good combination of inetd and tcpwrappers and can be used for controlling which net services you run as well as access control for those services.

    Tripwire on the other hand is a host based ids system that can tell you when files are changed or rootkits have been used. It basically creates md5 checksums for your critical system files and tells you if anyone has modified them.

    I'd use both of these and add on a firewall like ipchains....errr...iptables (ipchains is older, just had it stuck in my brain from my gsec reading).
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Juridian was answer faster then I did.. But here is some info and links to read more about the products you mentioned .

    Source: xinetd
    xinetd is a secure replacement for inetd, the internet services daemon.

    Why should I use it ?

    1) It can do access control on all services based on:
    a. address of remote host
    b. time of access
    c. name of remote host
    d. domain name of remote host
    2) Access control works on all services, whether multi-threaded or single-threaded and for both the TCP and UDP protocols. All UDP packets can be checked as well as all TCP connections.
    3) It provides hard reconfiguration:
    a. kills servers for services that are no longer in the configuration file
    b. kills servers that no longer meet the access control criteria
    4) It can prevent denial-of-access attacks by
    a. placing limits on the number of servers for each service (avoids process table overflows)
    b. placing an upper bound on the number of processes it will fork
    c. placing limits on the size of log files it creates
    d. placing limits on the number of connection a single host can initiate
    e. place limits on the rate of incoming connections
    f. discontinue services if the load exceeds specified limit
    5) Extensive logging abilities:
    a. for every server started it can log:
    i) the time when the server was started
    ii) the remote host address
    iii) who was the remote user (if the other end runs a RFC-931/RFC-1413 server)
    iv) how long the server was running
    (i, ii and iii can be logged for failed attempts too).
    b. for some services, if the access control fails, it can log information about the attempted access (for example, it can log the user name and command for the rsh service)
    6) No limit on number of server arguments
    7) You can bind specifc services to specific IP's on your host machine
    Source: Tripwire

    What is tripwire?

    Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality.
    Source: AIDE

    What is AIDE?

    AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.
    There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.
    ~micael

  4. #4
    Junior Member
    Join Date
    Oct 2002
    Posts
    3
    Really Thanx guys!! Now I got it much clearer!!

    /DevKillen

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •