December 26th, 2003, 11:38 AM
i am a newbie(so dont flame me!).i want to know about tripwire,can anybody give me some thread links ,or maybe some txt files?
December 26th, 2003, 12:11 PM
system integrity verifiers (SIV)
monitors system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well known signatures. It may also detect when a normal user somehow acquires root/administrator level privleges. Many existing products in this area should be considered more "tools" than complete "systems": i.e. something like "Tripwire" detects changes in critical system components, but doesn't generate real-time alerts upon an intrusion.
EDIT: would you mind posting this in the correct forum? As I don't think this is a tutorial :P
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
December 27th, 2003, 01:24 AM
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
December 27th, 2003, 02:28 AM
March 22nd, 2004, 01:01 PM
I'm trying to custom my Tripwire prints outs to keep just what I need to know. However, there is no solid documentation for the open source version of Tripwire. Does anyone have a link to this information or can anyone here answer my questions if I post them here.
- Question one: Would a used program be marked as modified?
March 22nd, 2004, 11:12 PM
Hope this helps: if Tripwire detects that a file has been changed, then it will show the modified file name, size, time, etc.
i.e. Modified object name: /root/aoisgreat.txt
size 2000, 2120
modify time Wed Feb 29 13:00 2006, Wed Feb 29 13:18 2006
++Maximum Linux Security - Anonymous
edit: commas added only to separate the entries
Updating the Database after an Integrity Check
If you run an integrity check and Tripwire finds violations, you will first need to determine whether the violations discovered are actual security breaches or the product of authorized modifications. If you recently installed an application or edited critical system files, Tripwire will (correctly) report integrity check violations. In this case, you should update your Tripwire database so those changes are no longer reported as violations. However, if unauthorized changes are made to system files that generate integrity check violations, then you should restore the original file from a backup or reinstall the program.
Appears that you can modify your report (printout) by "updating the Tripwire database so that those changes are no longer reported as violations."
March 23rd, 2004, 05:32 PM
I'm currently using it on Debian, LindowsOS, and Fedora.