[ Thanks to Trevor
Warren for this link. ]
“In the first part of this series we had a laid the ground work
that took us a step further towards understanding the necessity of
a full fledged Intrusion Detection system (IDS). A good policy is
to mix and match the best to form a security grid that should be
difficult enough even for the expert cracker to penetrate. The
various IDS systems of interest to us throughout this series will
be purely Tripwire and Snort….”
“Tripwire works by checking for the integrity of the existing
File System against an existing baseline. Thus, it compares the
existing state of the File system against a baseline that has been
created and digitally signed by you using a Passphrase that you
mention during installation of the product. This digitally signed
database consists of encrypted information regarding the various
system files, system binaries and various other important files and
directories that you wanted to protect. You would normally create
the baseline consisting of the information of the various
components of your file system when you are sure that the security
status of the system has not been breached. E.g. Just after OS
installation. This baseline in general terms is a snapshot as taken
by Tripwire depending on the rules you have mentioned in your
POLICY file. As we mentioned earlier this happens in a simple two
step procedure. First, you install the binaries on your machine and
then get on to creating the snapshot.”