TRIPWIRE - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

TRIPWIRE

Description:

Intel based PC, SPARC, alpha, MIPS...etc. OS: ... Install on Linux. Sign the Tripwire configuration file. Sign the Tripwire policy file ... – PowerPoint PPT presentation

Number of Views:1242
Avg rating:3.0/5.0
Slides: 25
Provided by: insaCom
Category:
Tags: tripwire

less

Transcript and Presenter's Notes

Title: TRIPWIRE


1
TRIPWIRE
  • A Host-Based Intrusion Detection software
  • Website http//www.tripwire.com/

2
Description
  • What is rootkit?
  • A collection of modified system binaries that
    are designed to hide the attackers activities on
    your system.
  • How do you know if you can trust the information
    your system is giving you?

3
Description
  • Tripwire creates a database of advanced
    mathematical checksums to take a snapshot of a
    systems file properties and contents.
  • RFC 1321 - The MD5 Message-Digest Algorithm

4
Description
  • With some critical files, such as the password
    file. It is imperative to regularly update the
    checksum database.
  • The database made by tripwire should be secured
    in such a way that an attacker aan not alter it.
    Ex CD-R drives or removable, write-disabled
    discs.

5
Requirements for Tripwire 2.3.1
  • Hardware
  • Intel based PC
  • OS
  • Linux (RH 7, Caldera 2.4/w, Turbolinux 6.0.1,
    SuSE 6.4)
  • FreeBSD 4.2

6
Requirements for Tripwire 1.3.1
  • Hardware
  • Intel based PC, SPARC, alpha, MIPSetc.
  • OS
  • Linux, FreeBSD, OpenBSD, SunOS, Solaris, HP-UX,
    IRIX, SCO.
  • Tripwire Academic Source Release (ASR)

7
How to install
  • FreeBSD
  • and waiting a while for compile

8
Install on FreeBSD
9
  • Create the site keyfile password
  • Create the local keyfile password

10
  • Sign the Tripwire configuration file
  • Sign the Tripwire policy file

11
  • Creating Tripwire database
  • and wait a while to create database
  • finish

12
How to install
  • Linux
  • Select the tripwire rpm for each linux
    distribution and install it.
  • rpm I tripwire-version.i386.rpm
  • After complete the installation, create the site
    keyfile password and the local keyfile password
  • sh /etc/tripwire/twinstall.sh

13
Install on Linux
  • Sign the Tripwire configuration file
  • Sign the Tripwire policy file
  • Install the default policy
  • /usr/sbin/twadmin m P /etc/tripwire/twpol.txt
  • Generate the initial checksum database
  • /usr/sbin/tripwire m I
  • Edit the default site policy file
  • vi /ec/tripwire/twpol.txt

14
Test Tripwire
  • Ex create a new root user and check by tripwire

15
Scheduling function
  • Using crontab to run Tripwire check every day
    as 1 a.m. and the output will be mailed to root
    at same time.
  • Edit /etc/crontab with root and restart
    /usr/sbin/cron

16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
What do you learn?
21
Screen shot of tripwire configure file
/usr/local/etc/tripwire/twcfg.txt
22
Screen shot of tripwire policy file
/usr/local/etc/tripwire/twpol.txt
23
Configure file and policy file which has been
encrypted by site key
24
Site key file and local key file which has been
encrypted
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "TRIPWIRE" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!