What is Tripwire?
Tripwire is a form intrusion detection system (IDS) that helps you keep tabs on the integrity of the files on your computer. Quite simply it will help identify files or modifications made to your system in the event someone compromised your system.
How does Tripwire work?
Tripwire works on a pretty easy to understand concept. Basically, when you install Tripwire on your linux box you tell it to scan your system and create a database of checksums and information. Once you have a good reference point or database setup, you then scan your system on a regular basis for modifications to your file system.
Why would I want run a file system integrity software?
If you have ever had your system compromised by a cracker, it's an extremely frustrating time. You never know what they have done, where they have been, or what files they have modified or installed. This type of application helps in the recovery process. Quite often crackers will installed a group of applications on your system called a rootkit. A rootkit overwrites many of your commonly used system files to help hide the tracks of the cracker, or leave a backdoor on your system so he can return at a later date. Often the types of files modified are ones such as ps and netstat. By installing their own version of applications like these they can hide the fact there is additional daemons and processes running the background.
How do I put Tripwire to practical use?
Tripwire can be configured to send you e-mails at a set time interval via Sendmail or SMTP. On small systems it wouldn't be unreasonable to have your system checked several times a day and have Tripwire e-mail you the results. If you don't want the results e-mailed you can store the information in a file for later review. I believe it is a handy tool to have the logs e-mailed to you, so a problem can be quickly identified.
Thought Tripwire won't protect you from hackers, it will help you identify the level of which your system has been compromised and if scanned at regular time intervals should help you reduce the amount of time for which your system has been compromised. If your system has been broken in to, then the best thing to do is isolate the machine from the network and rebuilt it from know good backups and try to determine the method of entry.
Ken Dennis
http://KenDennis-RSS.homeip.net/
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
article_text... Read More
Task Manager is a Windows system utility that displays thetasks or processes currently running on your computer... Read More
If you have Microsoft Great Plains as main accounting and ERP system you need to know some technical details on Great Plains version upgrade and what is going on behind the scenes, which options do you have in case of Dexterity, VBA, SQL customizations, ctree/Pervasive migration to MS SQL/MSDE... Read More
MSN messenger is a pretty cool invention... Read More
TCO (Total Cost Ownership) is the buzzword in today's business world... Read More
What is installation in the language of technology? Installation has server and client sides... Read More
It's no secret that software companies operate in a very competitive space where rivalry is increasingly fierce and where profit margins can be razor thin... Read More
I've been active in the Cisco Certification track for four years, working my way from the CCNA to the coveted Cisco Certified Internetwork Expert title, and during that time I've conducted job interviews and casual conversations with hundreds of CCNAs and CCNA candidates... Read More