1 / 61

Tripwire Enterprise Server – Basic Tasks

Tripwire Enterprise Server – Basic Tasks. Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006. Topics. Server install Q&A Understanding the UI Settings manager Your first node! Importing useful rules Agent install

kiley
Download Presentation

Tripwire Enterprise Server – Basic Tasks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006

  2. Topics • Server install Q&A • Understanding the UI • Settings manager • Your first node! • Importing useful rules • Agent install • The managers: nodes, rules, actions, tasks, logs • Baselining, version Checks, promotion

  3. Server Install • Single-server, just run the installer • Dual-server, you will need to add parameters to the install command • Windows cannot install over TS • STORE THOSE PASSWORDS! • *Note: in 5.5 problems using a Services Password > 8 chars

  4. Server firewall/NAT • Firewall, see Installation Guide, Chapter 1. Network requirements • NAT, see Reference Guide, Chapter 4. System Properties

  5. Tripwire UI • The TE GUI has many elements of a familiar desktop, but is not. This can lead to frustration and broken mice. • Zones of the console

  6. TE Console Areas

  7. TE Console Flubs

  8. Server Settings • User preference settings • System preferences • Email server

  9. Useful Account Setting

  10. System Preferences • Shorten ‘session timeout’ to 10 minutes

  11. Email Servers

  12. Administration Settings • Configure login method • Creating roles • Creating a user group • Creating users

  13. Configure Login Method

  14. Roles

  15. Modifying Roles

  16. Creating User Groups • Functional groups usually by role • Obvious groupings: staff/admins, operations, management

  17. Node Setup Tasks • Import TFS and/or UCD-basic rulesets • Install agent on a node • Create an action • Use tasks to associate rule, node, action, and schedule a time to run. • Create a baseline for the node • Wait. Example for a rule with 7,000 elements stored, took ~600 seconds.

  18. Import Useful Rules • TFS rules very generic, usually result in many elements stored. • UCD rules leaner, meaner. • Rule names need to be unique or collision will occur.

  19. Install the Agent Software • Install as Administrator • Enter port + services password • Punch holes in firewall! • There is a silent install option, see Users Guide, Ch. 2, Installation Procedures for TE Agent

  20. Agent Install

  21. Agent Install

  22. Firewall on Client

  23. Create Email Action

  24. Create Email Action

  25. Move Discovered Node

  26. Move Discovered Node

  27. Move Discovered Node

  28. Create First Task We just want a Check Rule Task for our example

  29. Create First Task

  30. Create First Task

  31. Create First Task

  32. Test That It Works • Modify a “watched” element • Run the task, or do a ‘node check’ • Note the change or check your email • Take action on the intrusion! Or, just promote the changes.

  33. Node Manager • Adding a node group • Linking a node • Elements for file system nodes • Element versions • Node viewing filter

  34. Adding a Node Group

  35. Linking a Node

  36. Link Symbol

  37. TE Symbols Exposed

  38. Node Elements

  39. Element Versions

  40. Node Viewing Filter

  41. Without filtering, TMI

  42. Now we can see the trees

  43. Viewing Rules

  44. Rule Specifiers

  45. Action Manager • Viewing Actions • Creating an email action • Creating an SNMP action • Creating an execution action (locally or on TE server)

  46. An Execution Action

  47. An Execution Action echoing the file name of a changed element to a file

  48. Task Manager • Viewing tasks • Creating and deleting tasks

  49. Task Manager

  50. Log Manager • Viewing logs • Sorting and filtering Logs

More Related