Tripwire
Download
1 / 24

TRIPWIRE - PowerPoint PPT Presentation


  • 190 Views
  • Updated On :

TRIPWIRE. A Host-Based Intrusion Detection software Website: http://www.tripwire.com/. Description. What is “ rootkit ” ? A collection of modified system binaries that are designed to hide the attacker ’ s activities on your system.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'TRIPWIRE' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Tripwire

TRIPWIRE

A Host-Based Intrusion Detection software

Website: http://www.tripwire.com/

INSA lab, Kai


Description
Description

  • What is “rootkit”?

    A collection of modified system binaries that are designed to hide the attacker’s activities on your system.

  • How do you know if you can trust the information your system is giving you?

INSA lab, Kai


Description1
Description

  • Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents.

  • RFC 1321 - The MD5 Message-Digest Algorithm

INSA lab, Kai


Description2
Description

  • With some critical files, such as the password file. It is imperative to regularly update the checksum database.

  • The database made by tripwire should be secured in such a way that an attacker aan not alter it. Ex: CD-R drives or removable, write-disabled discs.

INSA lab, Kai


Requirements for tripwire 2 3 1
Requirements for Tripwire 2.3.1

  • Hardware:

    • Intel based PC

  • OS:

    • Linux (RH 7, Caldera 2.4/w, Turbolinux 6.0.1, SuSE 6.4)

    • FreeBSD 4.2

INSA lab, Kai


Requirements for tripwire 1 3 1
Requirements for Tripwire 1.3.1

  • Hardware:

    • Intel based PC, SPARC, alpha, MIPS…etc.

  • OS:

    • Linux, FreeBSD, OpenBSD, SunOS, Solaris, HP-UX, IRIX, SCO.

  • Tripwire Academic Source Release (ASR)

INSA lab, Kai


How to install
How to install

  • FreeBSD

    and waiting a while for compile

INSA lab, Kai


Install on freebsd
Install on FreeBSD

INSA lab, Kai


Tripwire

Create the site keyfile password

Create the local keyfile password

INSA lab, Kai


Tripwire

Sign the Tripwire configuration file

Sign the Tripwire policy file

INSA lab, Kai


Tripwire

Creating Tripwire database

and wait a while to create database…

finish

INSA lab, Kai


How to install1
How to install

  • Linux

    • Select the tripwire rpm for each linux distribution and install it.

      rpm –I tripwire-[version].i386.rpm

    • After complete the installation, create the site keyfile password and the local keyfile password

      sh /etc/tripwire/twinstall.sh

INSA lab, Kai


Install on linux
Install on Linux

  • Sign the Tripwire configuration file

  • Sign the Tripwire policy file

  • Install the default policy

    /usr/sbin/twadmin –m P /etc/tripwire/twpol.txt

  • Generate the initial checksum database

    /usr/sbin/tripwire –m I

  • Edit the default site policy file

    vi /ec/tripwire/twpol.txt

INSA lab, Kai


Test tripwire
Test Tripwire

  • Ex: create a new root user and check by tripwire

INSA lab, Kai


Scheduling function
Scheduling function

  • Using “crontab” to run Tripwire check every day as 1 a.m. and the output will be mailed to root at same time.

  • Edit /etc/crontab with root and restart /usr/sbin/cron

INSA lab, Kai






What do you learn
What do you learn?

INSA lab, Kai


Screen shot of tripwire configure file usr local etc tripwire twcfg txt
Screen shot of tripwire configure file /usr/local/etc/tripwire/twcfg.txt

INSA lab, Kai


Screen shot of tripwire policy file usr local etc tripwire twpol txt
Screen shot of tripwire policy file /usr/local/etc/tripwire/twpol.txt

INSA lab, Kai