-
December 26th, 2003, 12:38 PM
#1
Member
tripwire
i am a newbie(so dont flame me!).i want to know about tripwire,can anybody give me some thread links ,or maybe some txt files?
-
December 26th, 2003, 01:11 PM
#2
http://mrcorp.infosecwriters.com/Tri...inux_intro.htm
http://www.freeos.com/printer.php?entryID=3405
http://www.nig.abel.co.uk/network_in...on_systems.htm
system integrity verifiers (SIV) monitors system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well known signatures. It may also detect when a normal user somehow acquires root/administrator level privleges. Many existing products in this area should be considered more "tools" than complete "systems": i.e. something like "Tripwire" detects changes in critical system components, but doesn't generate real-time alerts upon an intrusion.
Google
EDIT: would you mind posting this in the correct forum? As I don't think this is a tutorial :P
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me
www.elhalf.com
-
December 27th, 2003, 02:24 AM
#3
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
-
December 27th, 2003, 03:28 AM
#4
Member
-
March 22nd, 2004, 02:01 PM
#5
I'm trying to custom my Tripwire prints outs to keep just what I need to know. However, there is no solid documentation for the open source version of Tripwire. Does anyone have a link to this information or can anyone here answer my questions if I post them here.
- Question one: Would a used program be marked as modified?
-
March 23rd, 2004, 12:12 AM
#6
Good Day,
Hope this helps: if Tripwire detects that a file has been changed, then it will show the modified file name, size, time, etc.
i.e. Modified object name: /root/aoisgreat.txt
size 2000, 2120
modify time Wed Feb 29 13:00 2006, Wed Feb 29 13:18 2006
++Maximum Linux Security - Anonymous
edit: commas added only to separate the entries
From: http://www.redhat.com/docs/manuals/l...update-db.html
Updating the Database after an Integrity Check
If you run an integrity check and Tripwire finds violations, you will first need to determine whether the violations discovered are actual security breaches or the product of authorized modifications. If you recently installed an application or edited critical system files, Tripwire will (correctly) report integrity check violations. In this case, you should update your Tripwire database so those changes are no longer reported as violations. However, if unauthorized changes are made to system files that generate integrity check violations, then you should restore the original file from a backup or reinstall the program.
Appears that you can modify your report (printout) by "updating the Tripwire database so that those changes are no longer reported as violations."
-
March 23rd, 2004, 06:32 PM
#7
I'm currently using it on Debian, LindowsOS, and Fedora.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|