Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Tripwire  (Read 8512 times)

0 Members and 1 Guest are viewing this topic.

Godwin

  • Guest
Tripwire
« on: December 01, 2014, 06:41:44 pm »
Tripwire
   

   Open Source Tripwire is a free software security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

All Tripwire associated files are kept in location, /etc/tripwire directory.
The Tripwire distribution includes several binaries. The first one is /etc/tripwire/twcfg.txt.
/etc/tripwire/twpol.txt. It contains policy that declares all the objects that must be monitored and what to do when one of them is lost or altered.
Local key is used to signing in the database files.
The installation script creates default policy and configuration file is stored in location , /etc/tripwire as twpol.txt and twcfg.txt.
Tripwire works by using modes. A mode is a function Tripwire can execute.
To initialize database, tripwire -m I
Check mode : tripwire -m c
To see database in it's current form then, twprint -m d





TRIPWIRE FOR SERVERS

IMPROPER CHANGE DETECTION
Detects improper change, including additions to, deletions from and modifications of file systems.
It also determines what changed and where and when the change was made.
In addition, it helps support change management processes, audits and data forensics by identifying the source of improper change through correlating event logs to Tripwire integrity reports.
Identifies Source of Improper Change by correlating event logs to Tripwire integrity reports, helping support change management processes, audits and data forensics.

EASY MANAGEMENT OF CHANGE MONITORING POLICIES
Simplifies and eases management of change monitoring policies with an intuitive interface that allows rapid set-up and "noise" reduction from non-critical alerts. It also lets users easily add, delete, or modify policies.

IMPROPER CHANGE ALERTS
Alerts to improper change when and where needed with alerts sent in multiple ways–email, syslog, SNMP traps, XML and HTML output to the Tripwire Manager console–to ensure IT receives them.

APPROPRIATE DETAIL LEVEL OF INFORMATION
Provides just the right level of information with high-level views that provide management with a picture of overall health and drill down to details that help technical staff remediate issues.

AUTOMATED ROLLBACK
Supports automated rollback by triggering custom command line scripts that automatically restore files to the last known good state. Support for command line scripts can also extend reporting and notification capabilities.

BROAD PLATFORM SUPPORT
Offers broad platform support, monitoring machines–even virtual machines–running Windows, Linux, Solaris, HP-UX, and AIX. And when used with Tripwire Manager, Tripwire for Servers provides a single point of control to manage change to servers and desktops across the enterprise.