Tripwire
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Tripwire PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on
  • Presentation posted in: General

INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Tripwire. An Intrusion Detection Tool. INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Outline. What, How and The Goal Overview Example Conclusion. INSA.

Download Presentation

Tripwire

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Tripwire

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Tripwire

An Intrusion Detection Tool

2004, Jei


Outline

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Outline1

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Description

Description

  • Tripwire software is a tool that checks to see what has changed on your system

  • Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents

  • The tripwire monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc


Web site

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Web Site

  • Open source

    • http://www.tripwire.org

  • Commercial version

    • http://www.tripwire.com

  • Latest version

    • http://sourceforge.net/projects/tripwire/


Outline2

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Three passwords you must set

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Three passwords you must set

  • site keyfile passphrase

  • local keyfile passphrase

  • your site passphrase


The files you must know

The files you must know

  • $HOSTNAME-local.key

    • Database and report files

  • Site-key

    • Configuration and policy files

  • tw.cfg

    • Binary file

  • twcfg.txt

    • Clear text

  • tw.pol

    • Binary file

  • twpol.txt

    • Clear text


The command

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The command

  • tripwire

  • twadmin

  • twprint

  • siggen


The mode of tripwire

The mode of tripwire

  • Database initialization mode

    • #tripwire –m i [options]

  • Integrity checking mode

    • #tripwire –m c [options] [object1 [object2…]]

  • Database update mode

    • #tripwire –m u [options]

  • Policy update mode

    • #tripwire –m p [options] policyfile.txt

  • Test mode

    • #tripwire –m t [options]


The operation of twadmin

The operation of twadmin

  • Creating a configuration file

    • #twadmin –m F [options] cfg.txt

  • Printing a configuration file

    • #twadmin –m f [options]

  • Replacing a policy file

    • #twadmin –m P [options] policyfile.txt

  • Printing a policy file

    • #twadmin –m p [options]

  • Removing encryption from a file

    • #twadmin –m r [options] file1 [file2…]

  • Encrypting a file

    • #twadmin –m E [options] file1 [file2…]

  • Examine encryption of a file

    • #twadmin –m e [options] file1 [file2…]

  • Generate a key

    • #twadmin –m G [options]


The mode of twprint

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The mode of twprint

  • Report printing mode

    • #twprint –m r [options]

  • Database printing mode

    • #twprint –m d [options]


The operation of siggen

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The operation of siggen

  • A utility displays the hash function values for the specified files

    • #siggen [options] file1 [file2…]


Outline3

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Installation

Installation

  • OS

    • Debian GNU/Linux

  • The test directory

    • /root/test_attack

      • exe.cpp, ifs.inc, quota, sc-bw.zip

  • Get the package of tripwire

    • http://www.tripwire.org/downloads/index.php

Go to the tripwire directory

Untar and unzip the package


Installation1

Installation

Execute the script of installation

License agreement

The operation that tripwire will do


Installation2

Installation

Enter the site keyfile passphrase

Enter your site passphrase

Enter the local keyfile passphrase


Installation3

Installation

Succeed


Create a policy file

Create a policy file

testpolicy.txt

The directory you want to check

Indicate the configuration file

Indicate the site keyflie

The policy file you want to create

The clear-text file


Check the policy file

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Check the policy file

The crypted policy file

No mistake…


Initial the database

Initial the database

You must indicate the policy file

The database file


Check your database file

Check your database file

Indicate the database file

The files are included in the /root/test_attack


Check your system

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Check your system

The command

You must care


Modify your system

Modify your system

  • Operation

    • Modify the exe.cpp

    • Add the file “ceo” to /root/test_attack

The operation you do


Update your database

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Update your database

Indicate the latest report file

Be sure the modification


The crontab

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The crontab

Using “crontab” to run Tripwire check every day as 0:00

and the output will be mailed to [email protected]


Tripwire

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

/etc/tripwire/tw.cfg

/etc/tripwire/tw.pol


Outline4

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Secure in depth

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Secure In-Depth


Reference

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Reference

  • http://www.linuxforum.com/

  • http://www.tslg.idv.tw/modules/freecontent/index.php?id=12


  • Login