Tripwire
Download
1 / 30

Tripwire - PowerPoint PPT Presentation


  • 155 Views
  • Uploaded on

INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Tripwire. An Intrusion Detection Tool. INSA. Information Networking Security and Assurance Lab National Chung Cheng University. Outline. What, How and The Goal Overview Example Conclusion. INSA.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Tripwire' - kimama


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Tripwire

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Tripwire

An Intrusion Detection Tool

2004, Jei


Outline

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Outline1

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Description
Description

  • Tripwire software is a tool that checks to see what has changed on your system

  • Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents

  • The tripwire monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc


Web site

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Web Site

  • Open source

    • http://www.tripwire.org

  • Commercial version

    • http://www.tripwire.com

  • Latest version

    • http://sourceforge.net/projects/tripwire/


Outline2

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Three passwords you must set

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Three passwords you must set

  • site keyfile passphrase

  • local keyfile passphrase

  • your site passphrase


The files you must know
The files you must know

  • $HOSTNAME-local.key

    • Database and report files

  • Site-key

    • Configuration and policy files

  • tw.cfg

    • Binary file

  • twcfg.txt

    • Clear text

  • tw.pol

    • Binary file

  • twpol.txt

    • Clear text


The command

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The command

  • tripwire

  • twadmin

  • twprint

  • siggen


The mode of tripwire
The mode of tripwire

  • Database initialization mode

    • #tripwire –m i [options]

  • Integrity checking mode

    • #tripwire –m c [options] [object1 [object2…]]

  • Database update mode

    • #tripwire –m u [options]

  • Policy update mode

    • #tripwire –m p [options] policyfile.txt

  • Test mode

    • #tripwire –m t [options]


The operation of twadmin
The operation of twadmin

  • Creating a configuration file

    • #twadmin –m F [options] cfg.txt

  • Printing a configuration file

    • #twadmin –m f [options]

  • Replacing a policy file

    • #twadmin –m P [options] policyfile.txt

  • Printing a policy file

    • #twadmin –m p [options]

  • Removing encryption from a file

    • #twadmin –m r [options] file1 [file2…]

  • Encrypting a file

    • #twadmin –m E [options] file1 [file2…]

  • Examine encryption of a file

    • #twadmin –m e [options] file1 [file2…]

  • Generate a key

    • #twadmin –m G [options]


The mode of twprint

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The mode of twprint

  • Report printing mode

    • #twprint –m r [options]

  • Database printing mode

    • #twprint –m d [options]


The operation of siggen

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The operation of siggen

  • A utility displays the hash function values for the specified files

    • #siggen [options] file1 [file2…]


Outline3

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Installation
Installation

  • OS

    • Debian GNU/Linux

  • The test directory

    • /root/test_attack

      • exe.cpp, ifs.inc, quota, sc-bw.zip

  • Get the package of tripwire

    • http://www.tripwire.org/downloads/index.php

Go to the tripwire directory

Untar and unzip the package


Installation1
Installation

Execute the script of installation

License agreement

The operation that tripwire will do


Installation2
Installation

Enter the site keyfile passphrase

Enter your site passphrase

Enter the local keyfile passphrase


Installation3
Installation

Succeed


Create a policy file
Create a policy file

testpolicy.txt

The directory you want to check

Indicate the configuration file

Indicate the site keyflie

The policy file you want to create

The clear-text file


Check the policy file

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Check the policy file

The crypted policy file

No mistake…


Initial the database
Initial the database

You must indicate the policy file

The database file


Check your database file
Check your database file

Indicate the database file

The files are included in the /root/test_attack


Check your system

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Check your system

The command

You must care


Modify your system
Modify your system

  • Operation

    • Modify the exe.cpp

    • Add the file “ceo” to /root/test_attack

The operation you do


Update your database

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Update your database

Indicate the latest report file

Be sure the modification


The crontab

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

The crontab

Using “crontab” to run Tripwire check every day as 0:00

and the output will be mailed to m9335@cn.ee.ccu.edu.tw


INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

/etc/tripwire/tw.cfg

/etc/tripwire/tw.pol


Outline4

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Outline

  • What, How and The Goal

  • Overview

  • Example

  • Conclusion


Secure in depth

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Secure In-Depth


Reference

INSA

Information Networking Security and Assurance Lab

National Chung Cheng University

Reference

  • http://www.linuxforum.com/

  • http://www.tslg.idv.tw/modules/freecontent/index.php?id=12