|
|
#1
08-19-2008
|
|||
|
|||
Introduction to Tripwire
Introduction to Tripwire
By drendeah Description of Tripwire "Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000." (Tripwire at SourceForge.net) Open Source Tripwire® (Tripwire) is a piece of rather interesting security software for Linux. Tripwire allows a Linux system administrator to receive alerts when specified system files have been modified. How does it work? Tripwire monitors your Linux system files and sends an alert to the system administrator if any of the files change. The list of files to be monitored is fully configurable by the system administrator. Although Tripwire will not necessarily prevent system files from being modified by an attacker, it will let you know immediately upon the attack. You might think that since you used a strong root password and haven't given it away all of your system files are safe. However, it is never a good security policy to presume that your system is 100% secure. Tripwire gives system administrators the reassurance that if an attacker slips through a vulnerability in their system they will know about it immediately. When is the best time to install Tripwire? The best time to install Tripwire is immediately after a fresh install of Linux. Understandably this isn't possible in all situations. The reason for installing Tripwire as soon as your Linux distro has been installed is simple. The longer your system is not being monitored by Tripwire the more time is available to hackers to make modifications to your important system files. Some of these changes may create a backdoor through which the hackers can enter your system in the future. Tripwire cannot verify that there are no vulnerabilities in your system files. But, as long as you are certain (fresh install) that there are no vulnerabilities then Tripwire can alert you as soon as a modification, which may lead to a vulnerability occurs. Updates to Tripwire The most recent version of Tripwire available from SourceForge.net is dated April 18, 2007. I'm not sure if there are future updates scheduled in the near future. Tripwire has been mentioned in Linux Security Cookbook (published by O'Reilly). This article was brought to you by LinuxSecurityForum.org, become a member and be automatically entered to win free hardware by clicking here: Register 
|
| Sponsored Links |
 |
| Bookmarks |
| Tags |
| introduction, tripwire |
| Thread Tools | |
|
|
