Tripwire
Sponsored Links
This presentation is the property of its rightful owner.
1 / 30

Tripwire PowerPoint PPT Presentation


  • 114 Views
  • Uploaded on
  • Presentation posted in: General

INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Tripwire. An Intrusion Detection Tool. INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Outline. What, How and The Goal Overview Example Conclusion. INSA.

Download Presentation

Tripwire

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Tripwire

An Intrusion Detection Tool

2004, Jei


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Description

  • Tripwire software is a tool that checks to see what has changed on your system

  • Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents

  • The tripwire monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Web Site

  • Open source

    • http://www.tripwire.org

  • Commercial version

    • http://www.tripwire.com

  • Latest version

    • http://sourceforge.net/projects/tripwire/


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Three passwords you must set

  • site keyfile passphrase

  • local keyfile passphrase

  • your site passphrase


The files you must know

  • $HOSTNAME-local.key

    • Database and report files

  • Site-key

    • Configuration and policy files

  • tw.cfg

    • Binary file

  • twcfg.txt

    • Clear text

  • tw.pol

    • Binary file

  • twpol.txt

    • Clear text


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The command

  • tripwire

  • twadmin

  • twprint

  • siggen


The mode of tripwire

  • Database initialization mode

    • #tripwire –m i [options]

  • Integrity checking mode

    • #tripwire –m c [options] [object1 [object2…]]

  • Database update mode

    • #tripwire –m u [options]

  • Policy update mode

    • #tripwire –m p [options] policyfile.txt

  • Test mode

    • #tripwire –m t [options]


The operation of twadmin

  • Creating a configuration file

    • #twadmin –m F [options] cfg.txt

  • Printing a configuration file

    • #twadmin –m f [options]

  • Replacing a policy file

    • #twadmin –m P [options] policyfile.txt

  • Printing a policy file

    • #twadmin –m p [options]

  • Removing encryption from a file

    • #twadmin –m r [options] file1 [file2…]

  • Encrypting a file

    • #twadmin –m E [options] file1 [file2…]

  • Examine encryption of a file

    • #twadmin –m e [options] file1 [file2…]

  • Generate a key

    • #twadmin –m G [options]


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The mode of twprint

  • Report printing mode

    • #twprint –m r [options]

  • Database printing mode

    • #twprint –m d [options]


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The operation of siggen

  • A utility displays the hash function values for the specified files

    • #siggen [options] file1 [file2…]


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Installation

  • OS

    • Debian GNU/Linux

  • The test directory

    • /root/test_attack

      • exe.cpp, ifs.inc, quota, sc-bw.zip

  • Get the package of tripwire

    • http://www.tripwire.org/downloads/index.php

Go to the tripwire directory

Untar and unzip the package


Installation

Execute the script of installation

License agreement

The operation that tripwire will do


Installation

Enter the site keyfile passphrase

Enter your site passphrase

Enter the local keyfile passphrase


Installation

Succeed


Create a policy file

testpolicy.txt

The directory you want to check

Indicate the configuration file

Indicate the site keyflie

The policy file you want to create

The clear-text file


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Check the policy file

The crypted policy file

No mistake…


Initial the database

You must indicate the policy file

The database file


Check your database file

Indicate the database file

The files are included in the /root/test_attack


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Check your system

The command

You must care


Modify your system

  • Operation

    • Modify the exe.cpp

    • Add the file “ceo” to /root/test_attack

The operation you do


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Update your database

Indicate the latest report file

Be sure the modification


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The crontab

Using “crontab” to run Tripwire check every day as 0:00

and the output will be mailed to [email protected]


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

/etc/tripwire/tw.cfg

/etc/tripwire/tw.pol


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Secure In-Depth


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Reference

  • http://www.linuxforum.com/

  • http://www.tslg.idv.tw/modules/freecontent/index.php?id=12


  • Login