Security Information and Review

Collection of security information and review

Tripwire : Hardening Linux Server with Monitoring Integrity of Files

Author : Admin

Tripwire is a file and directory integrity checker that comparer a designated set of files and directory against information store in a previously generated database. It uses the baseline for comparison of files at scheduled intervals and if changes are detected, alerts are processed based on the configuration. It’s can notify system administrators of corrupted or tampered files, so damages control measures can be taken in a timely manner.

 

We will not discussion about how to install but how to securing and optimizing Tripwire in the Linux server. After installing Tripwire, we next step is verify or change, if necessary options in our Tripwire configuration files.

 

Tripwire configuration file in /etc/tw.config ( main configuration of Tripwire ) and /etc/cron.daily/tripwire ( schedule intervals ).

 

The main configuration of Tripwire, /etc/tw.conf where we decide and set which system files and directories that we want monitored. The Tripwire cron file, /etc/cron.daily/tripwire is small script executed automatically by the crond program of the Linux server each day to scan harddisk for possible changed files or directories and mail the results to the system administrator. For security reason, change the mode of the main configuration of Tripwire file to be 0400 and the Tripwire cron file to be 0700.

 

Tripwire, in the market there are two version, the commercial version and the open source version. See detail about the commercial version and the open source version and compare it at Tripwire web site.

 

 

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Linux
If you like this posts, please leave messages / comments.