1 / 24

TRIPWIRE

TRIPWIRE. A Host-Based Intrusion Detection software Website: http://www.tripwire.com/. Description. What is “ rootkit ” ? A collection of modified system binaries that are designed to hide the attacker ’ s activities on your system.

johana
Download Presentation

TRIPWIRE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TRIPWIRE A Host-Based Intrusion Detection software Website: http://www.tripwire.com/ INSA lab, Kai

  2. Description • What is “rootkit”? A collection of modified system binaries that are designed to hide the attacker’s activities on your system. • How do you know if you can trust the information your system is giving you? INSA lab, Kai

  3. Description • Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents. • RFC 1321 - The MD5 Message-Digest Algorithm INSA lab, Kai

  4. Description • With some critical files, such as the password file. It is imperative to regularly update the checksum database. • The database made by tripwire should be secured in such a way that an attacker aan not alter it. Ex: CD-R drives or removable, write-disabled discs. INSA lab, Kai

  5. Requirements for Tripwire 2.3.1 • Hardware: • Intel based PC • OS: • Linux (RH 7, Caldera 2.4/w, Turbolinux 6.0.1, SuSE 6.4) • FreeBSD 4.2 INSA lab, Kai

  6. Requirements for Tripwire 1.3.1 • Hardware: • Intel based PC, SPARC, alpha, MIPS…etc. • OS: • Linux, FreeBSD, OpenBSD, SunOS, Solaris, HP-UX, IRIX, SCO. • Tripwire Academic Source Release (ASR) INSA lab, Kai

  7. How to install • FreeBSD and waiting a while for compile INSA lab, Kai

  8. Install on FreeBSD INSA lab, Kai

  9. Create the site keyfile password Create the local keyfile password INSA lab, Kai

  10. Sign the Tripwire configuration file Sign the Tripwire policy file INSA lab, Kai

  11. Creating Tripwire database and wait a while to create database… finish INSA lab, Kai

  12. How to install • Linux • Select the tripwire rpm for each linux distribution and install it. rpm –I tripwire-[version].i386.rpm • After complete the installation, create the site keyfile password and the local keyfile password sh /etc/tripwire/twinstall.sh INSA lab, Kai

  13. Install on Linux • Sign the Tripwire configuration file • Sign the Tripwire policy file • Install the default policy /usr/sbin/twadmin –m P /etc/tripwire/twpol.txt • Generate the initial checksum database /usr/sbin/tripwire –m I • Edit the default site policy file vi /ec/tripwire/twpol.txt INSA lab, Kai

  14. Test Tripwire • Ex: create a new root user and check by tripwire INSA lab, Kai

  15. Scheduling function • Using “crontab” to run Tripwire check every day as 1 a.m. and the output will be mailed to root at same time. • Edit /etc/crontab with root and restart /usr/sbin/cron INSA lab, Kai

  16. INSA lab, Kai

  17. INSA lab, Kai

  18. INSA lab, Kai

  19. INSA lab, Kai

  20. What do you learn? INSA lab, Kai

  21. Screen shot of tripwire configure file /usr/local/etc/tripwire/twcfg.txt INSA lab, Kai

  22. Screen shot of tripwire policy file /usr/local/etc/tripwire/twpol.txt INSA lab, Kai

  23. Configure file and policy file which has been encrypted by site key INSA lab, Kai

  24. Site key file and local key file which has been encrypted INSA lab, Kai

More Related