Both open source and commercially available. Tripwire is a System integrity verifier (not an IDS!!) It looks at files on your system and report any anomalies. You figure out what "normal" files/permissions are and let Tripwire know. Tripwire will store this information via a hash representation in a secure database. One a regular basis (daily, for eg.), Tripwire will compute a new hash and compare this with the hash in the database. If there is a change, it will report this to you and you can check into this. Open source version missing a lot of the GUIs in the commercial version. Beware that if you install a patch on your system, you may potentially see thousands of changes. You may want to retune Tripwire to represent the files after the patch.
Main steps
1. Tripwire establishes a baseline of your data
2. Periodically performs an integrity check of baseline against data
3. Reports any changes
4. Administrator should examine changes to determine if they are appropriate
The Open Source Tripwire will suffice for monitoring a small number of servers where central reporting and management is not necessary. To download the open source version, go to http://www.tripwire.com/products/enterprise/ost/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment