1 / 30

Tripwire

INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Tripwire. An Intrusion Detection Tool. INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Outline. What, How and The Goal Overview Example Conclusion. INSA.

kimama
Download Presentation

Tripwire

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. INSA Information Networking Security and Assurance Lab National Chung Cheng University Tripwire An Intrusion Detection Tool 2004, Jei

  2. INSA Information Networking Security and Assurance Lab National Chung Cheng University Outline • What, How and The Goal • Overview • Example • Conclusion

  3. INSA Information Networking Security and Assurance Lab National Chung Cheng University Outline • What, How and The Goal • Overview • Example • Conclusion

  4. Description • Tripwire software is a tool that checks to see what has changed on your system • Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents • The tripwire monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc

  5. INSA Information Networking Security and Assurance Lab National Chung Cheng University Web Site • Open source • http://www.tripwire.org • Commercial version • http://www.tripwire.com • Latest version • http://sourceforge.net/projects/tripwire/

  6. INSA Information Networking Security and Assurance Lab National Chung Cheng University Outline • What, How and The Goal • Overview • Example • Conclusion

  7. INSA Information Networking Security and Assurance Lab National Chung Cheng University Three passwords you must set • site keyfile passphrase • local keyfile passphrase • your site passphrase

  8. The files you must know • $HOSTNAME-local.key • Database and report files • Site-key • Configuration and policy files • tw.cfg • Binary file • twcfg.txt • Clear text • tw.pol • Binary file • twpol.txt • Clear text

  9. INSA Information Networking Security and Assurance Lab National Chung Cheng University The command • tripwire • twadmin • twprint • siggen

  10. The mode of tripwire • Database initialization mode • #tripwire –m i [options] • Integrity checking mode • #tripwire –m c [options] [object1 [object2…]] • Database update mode • #tripwire –m u [options] • Policy update mode • #tripwire –m p [options] policyfile.txt • Test mode • #tripwire –m t [options]

  11. The operation of twadmin • Creating a configuration file • #twadmin –m F [options] cfg.txt • Printing a configuration file • #twadmin –m f [options] • Replacing a policy file • #twadmin –m P [options] policyfile.txt • Printing a policy file • #twadmin –m p [options] • Removing encryption from a file • #twadmin –m r [options] file1 [file2…] • Encrypting a file • #twadmin –m E [options] file1 [file2…] • Examine encryption of a file • #twadmin –m e [options] file1 [file2…] • Generate a key • #twadmin –m G [options]

  12. INSA Information Networking Security and Assurance Lab National Chung Cheng University The mode of twprint • Report printing mode • #twprint –m r [options] • Database printing mode • #twprint –m d [options]

  13. INSA Information Networking Security and Assurance Lab National Chung Cheng University The operation of siggen • A utility displays the hash function values for the specified files • #siggen [options] file1 [file2…]

  14. INSA Information Networking Security and Assurance Lab National Chung Cheng University Outline • What, How and The Goal • Overview • Example • Conclusion

  15. Installation • OS • Debian GNU/Linux • The test directory • /root/test_attack • exe.cpp, ifs.inc, quota, sc-bw.zip • Get the package of tripwire • http://www.tripwire.org/downloads/index.php Go to the tripwire directory Untar and unzip the package

  16. Installation Execute the script of installation License agreement The operation that tripwire will do

  17. Installation Enter the site keyfile passphrase Enter your site passphrase Enter the local keyfile passphrase

  18. Installation Succeed

  19. Create a policy file testpolicy.txt The directory you want to check Indicate the configuration file Indicate the site keyflie The policy file you want to create The clear-text file

  20. INSA Information Networking Security and Assurance Lab National Chung Cheng University Check the policy file The crypted policy file No mistake…

  21. Initial the database You must indicate the policy file The database file

  22. Check your database file Indicate the database file The files are included in the /root/test_attack

  23. INSA Information Networking Security and Assurance Lab National Chung Cheng University Check your system The command You must care

  24. Modify your system • Operation • Modify the exe.cpp • Add the file “ceo” to /root/test_attack The operation you do

  25. INSA Information Networking Security and Assurance Lab National Chung Cheng University Update your database Indicate the latest report file Be sure the modification

  26. INSA Information Networking Security and Assurance Lab National Chung Cheng University The crontab Using “crontab” to run Tripwire check every day as 0:00 and the output will be mailed to m9335@cn.ee.ccu.edu.tw

  27. INSA Information Networking Security and Assurance Lab National Chung Cheng University /etc/tripwire/tw.cfg /etc/tripwire/tw.pol

  28. INSA Information Networking Security and Assurance Lab National Chung Cheng University Outline • What, How and The Goal • Overview • Example • Conclusion

  29. INSA Information Networking Security and Assurance Lab National Chung Cheng University Secure In-Depth

  30. INSA Information Networking Security and Assurance Lab National Chung Cheng University Reference • http://www.linuxforum.com/ • http://www.tslg.idv.tw/modules/freecontent/index.php?id=12

More Related