[ Thanks to Benjamin
D. Thomas for this link. ]
“A crude yet effective intrusion detection system such as
Tripwire can alert systems administrators to possible intrusion
attempts by periodically verifying the integrity of a server’s file
systems. Systems intruders will often use trojan binaries for
login, su, ps, and ls, etc. to cover their tracks and keep a low
profile on the system. Under normal circumstances even astute
systems administrators may not observe the intrusion because the
trojan binaries mimic the system binaries so well.”
“One tried and true method to alert systems administrators of
unexpected file system alterations is to use a software package
such as Tripwire to keep a database of checksums on the file sizes
of critical system files. Depending on the configuration, Tripwire
can notify appropriate personnel if a critical file or directory is
modified or deleted.”
“By using a strong checksum method similar to MD5, Tripwire can
identify with absolute certainty whether or not a file has been
modified, unlike similar programs that use weaker algorithms such
as CRC to calculate checksums.”