“A layered, or ‘onion,’ approach to security is preferred
because no single security mechanism is without its flaws. Previous
SunWorld articles… have discussed hardening the host to minimize
security exposures; this one covers Tripwire, a method for
intrusion detection on a host level.”
“Tripwire is an integrity assessment software package that
maintains a database of file attributes and sends alerts when any
of those attributes change. Essentially, it tells you if your
servers’ files have changed since the previous day. Because it
works on the host level, it should be integrated with other
security mechanisms such as firewalls and network intrusion
detection. While Tripwire’s primary purpose is to provide security,
it provides the administrator with some source control as
well.”
“Two versions of Tripwire are available: Tripwire 1.3.1 Academic
Source Release (ASR) and the commercial version, Tripwire 2.2.1.
Tripwire’s ASR was developed at Purdue University in 1992 by Gene
Kim and Gene Spafford. The release (it’s still freely available;
see Resources) is the most widely used piece of integrity
assessment software in the world. However, the relatively static
ASR isn’t often upgraded. Tripwire does provide bug fixes and minor
feature updates, but if you want support and the major new
features, you’ll have to pay for them ($495 per host).”