SunWorld: Tripwire: The next generation of security tools [review]Mar 03, 2000, 18:56 (2 Talkback[s])
(Other stories by Carole Fennelly)
"A layered, or 'onion,' approach to security is preferred because no single security mechanism is without its flaws. Previous SunWorld articles... have discussed hardening the host to minimize security exposures; this one covers Tripwire, a method for intrusion detection on a host level."
"Tripwire is an integrity assessment software package that maintains a database of file attributes and sends alerts when any of those attributes change. Essentially, it tells you if your servers' files have changed since the previous day. Because it works on the host level, it should be integrated with other security mechanisms such as firewalls and network intrusion detection. While Tripwire's primary purpose is to provide security, it provides the administrator with some source control as well."
"Two versions of Tripwire are available: Tripwire 1.3.1 Academic Source Release (ASR) and the commercial version, Tripwire 2.2.1. Tripwire's ASR was developed at Purdue University in 1992 by Gene Kim and Gene Spafford. The release (it's still freely available; see Resources) is the most widely used piece of integrity assessment software in the world. However, the relatively static ASR isn't often upgraded. Tripwire does provide bug fixes and minor feature updates, but if you want support and the major new features, you'll have to pay for them ($495 per host)."