FreeOS.com: Intrusion Detection Systems for your network: Part II - Installing TripwireJan 30, 2001, 22:52 (0 Talkback[s])
(Other stories by Trevor Warren)
[ Thanks to Trevor Warren for this link. ]
"In the first part of this series we had a laid the ground work that took us a step further towards understanding the necessity of a full fledged Intrusion Detection system (IDS). A good policy is to mix and match the best to form a security grid that should be difficult enough even for the expert cracker to penetrate. The various IDS systems of interest to us throughout this series will be purely Tripwire and Snort...."
"Tripwire works by checking for the integrity of the existing File System against an existing baseline. Thus, it compares the existing state of the File system against a baseline that has been created and digitally signed by you using a Passphrase that you mention during installation of the product. This digitally signed database consists of encrypted information regarding the various system files, system binaries and various other important files and directories that you wanted to protect. You would normally create the baseline consisting of the information of the various components of your file system when you are sure that the security status of the system has not been breached. E.g. Just after OS installation. This baseline in general terms is a snapshot as taken by Tripwire depending on the rules you have mentioned in your POLICY file. As we mentioned earlier this happens in a simple two step procedure. First, you install the binaries on your machine and then get on to creating the snapshot."