Results 1 to 7 of 7

Thread: tripwire

  1. #1

    Question tripwire

    i am a newbie(so dont flame me!).i want to know about tripwire,can anybody give me some thread links ,or maybe some txt files?

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    http://mrcorp.infosecwriters.com/Tri...inux_intro.htm
    http://www.freeos.com/printer.php?entryID=3405


    http://www.nig.abel.co.uk/network_in...on_systems.htm
    system integrity verifiers (SIV) monitors system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well known signatures. It may also detect when a normal user somehow acquires root/administrator level privleges. Many existing products in this area should be considered more "tools" than complete "systems": i.e. something like "Tripwire" detects changes in critical system components, but doesn't generate real-time alerts upon an intrusion.
    Google

    EDIT: would you mind posting this in the correct forum? As I don't think this is a tutorial :P
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  4. #4
    thanks!

  5. #5
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    I'm trying to custom my Tripwire prints outs to keep just what I need to know. However, there is no solid documentation for the open source version of Tripwire. Does anyone have a link to this information or can anyone here answer my questions if I post them here.

    - Question one: Would a used program be marked as modified?

  6. #6
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Day,

    Hope this helps: if Tripwire detects that a file has been changed, then it will show the modified file name, size, time, etc.

    i.e. Modified object name: /root/aoisgreat.txt

    size 2000, 2120
    modify time Wed Feb 29 13:00 2006, Wed Feb 29 13:18 2006

    ++Maximum Linux Security - Anonymous


    edit: commas added only to separate the entries

    From: http://www.redhat.com/docs/manuals/l...update-db.html

    Updating the Database after an Integrity Check

    If you run an integrity check and Tripwire finds violations, you will first need to determine whether the violations discovered are actual security breaches or the product of authorized modifications. If you recently installed an application or edited critical system files, Tripwire will (correctly) report integrity check violations. In this case, you should update your Tripwire database so those changes are no longer reported as violations. However, if unauthorized changes are made to system files that generate integrity check violations, then you should restore the original file from a backup or reinstall the program.

    Appears that you can modify your report (printout) by "updating the Tripwire database so that those changes are no longer reported as violations."




  7. #7
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    I'm currently using it on Debian, LindowsOS, and Fedora.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •