Presentation is loading. Please wait.

Presentation is loading. Please wait.

2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University."— Presentation transcript:

1 2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University

2 Outline What, How and The Goal Overview Example Conclusion Information Networking Security and Assurance Lab National Chung Cheng University

3 Outline What, How and The Goal Overview Example Conclusion Information Networking Security and Assurance Lab National Chung Cheng University

4 Description Tripwire software is a tool that checks to see what has changed on your system Tripwire creates a database of advanced mathematical checksums to take a snapshot of a system’s file properties and contents The tripwire monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc

5 Web Site Open source  http://www.tripwire.org http://www.tripwire.org Commercial version  http://www.tripwire.com http://www.tripwire.com Latest version  http://sourceforge.net/projects/tripwire/ http://sourceforge.net/projects/tripwire/ Information Networking Security and Assurance Lab National Chung Cheng University

6 Outline What, How and The Goal Overview Example Conclusion Information Networking Security and Assurance Lab National Chung Cheng University

7 Three passwords you must set site keyfile passphrase local keyfile passphrase your site passphrase Information Networking Security and Assurance Lab National Chung Cheng University

8 The files you must know $HOSTNAME-local.key  Database and report files Site-key  Configuration and policy files tw.cfg  Binary file twcfg.txt  Clear text tw.pol  Binary file twpol.txt  Clear text

9 The command tripwire twadmin twprint siggen Information Networking Security and Assurance Lab National Chung Cheng University

10 The mode of tripwire Database initialization mode  #tripwire –m i [options] Integrity checking mode  #tripwire –m c [options] [object1 [object2…]] Database update mode  #tripwire –m u [options] Policy update mode  #tripwire –m p [options] policyfile.txt Test mode  #tripwire –m t [options]

11 The operation of twadmin Creating a configuration file  #twadmin –m F [options] cfg.txt Printing a configuration file  #twadmin –m f [options] Replacing a policy file  #twadmin –m P [options] policyfile.txt Printing a policy file  #twadmin –m p [options] Removing encryption from a file  #twadmin –m r [options] file1 [file2…] Encrypting a file  #twadmin –m E [options] file1 [file2…] Examine encryption of a file  #twadmin –m e [options] file1 [file2…] Generate a key  #twadmin –m G [options]

12 The mode of twprint Report printing mode  #twprint –m r [options] Database printing mode  #twprint –m d [options] Information Networking Security and Assurance Lab National Chung Cheng University

13 The operation of siggen A utility displays the hash function values for the specified files  #siggen [options] file1 [file2…] Information Networking Security and Assurance Lab National Chung Cheng University

14 Outline What, How and The Goal Overview Example Conclusion Information Networking Security and Assurance Lab National Chung Cheng University

15 Installation OS  Debian GNU/Linux The test directory  /root/test_attack exe.cpp, ifs.inc, quota, sc-bw.zip Get the package of tripwire  http://www.tripwire.org/downloads/index.php http://www.tripwire.org/downloads/index.php Untar and unzip the package Go to the tripwire directory

16 Installation Execute the script of installation License agreement The operation that tripwire will do

17 Installation Enter the site keyfile passphrase Enter the local keyfile passphrase Enter your site passphrase

18 Installation Succeed

19 Create a policy file testpolicy.txt The directory you want to check Indicate the configuration file The policy file you want to create Indicate the site keyflie The clear-text file

20 Check the policy file The crypted policy file No mistake… Information Networking Security and Assurance Lab National Chung Cheng University

21 Initial the database You must indicate the policy file The database file

22 Check your database file Indicate the database file The files are included in the /root/test_attack

23 Check your system The command You must care Information Networking Security and Assurance Lab National Chung Cheng University

24 Modify your system Operation  Modify the exe.cpp  Add the file “ceo” to /root/test_attack The operation you do

25 Update your database Indicate the latest report file Be sure the modification Information Networking Security and Assurance Lab National Chung Cheng University

26 The crontab Using “crontab” to run Tripwire check every day as 0:00 and the output will be mailed to m9335@cn.ee.ccu.edu.tw Information Networking Security and Assurance Lab National Chung Cheng University

27 /etc/tripwire/tw.cfg /etc/tripwire/tw.pol Information Networking Security and Assurance Lab National Chung Cheng University

28 Outline What, How and The Goal Overview Example Conclusion Information Networking Security and Assurance Lab National Chung Cheng University

29 Secure In-Depth Information Networking Security and Assurance Lab National Chung Cheng University

30 Reference http://www.linuxforum.com/ http://www.tslg.idv.tw/modules/freecontent/ index.php?id=12 http://www.tslg.idv.tw/modules/freecontent/ index.php?id=12 Information Networking Security and Assurance Lab National Chung Cheng University

Download ppt "2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Forensics: Tripwire Project Report Conor Harris Parth Jagirdar Zheng Fang.

Forensics: Tripwire Project Report Conor Harris Parth Jagirdar Zheng Fang.
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.

Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Computer & Network Forensics

Computer & Network Forensics
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/041 Auditing your Microsoft Windows system Host-Based Intrusion.

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/041 Auditing your Microsoft Windows system Host-Based Intrusion.
INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.

INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.
2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University

2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.
Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.

Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.
Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.

Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.

2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.

Similar presentations

Ads by Google