Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006.

Published byJosie Alway Modified over 10 years ago

Similar presentations

Presentation on theme: "Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006."— Presentation transcript:

1 Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006

2 Topics Server install Q&A Server install Q&A Understanding the UI Understanding the UI Settings manager Settings manager Your first node! Your first node! o Importing useful rules o Agent install o The managers: nodes, rules, actions, tasks, logs o Baselining, version Checks, promotion

3 Server Install Single-server, just run the installer Single-server, just run the installer Dual-server, you will need to add parameters to the install command Dual-server, you will need to add parameters to the install command Windows cannot install over TS Windows cannot install over TS STORE THOSE PASSWORDS! STORE THOSE PASSWORDS! *Note: in 5.5 problems using a Services Password > 8 chars *Note: in 5.5 problems using a Services Password > 8 chars

4 Server firewall/NAT Firewall, see Installation Guide, Chapter 1. Network requirements Firewall, see Installation Guide, Chapter 1. Network requirements NAT, see Reference Guide, Chapter 4. System Properties NAT, see Reference Guide, Chapter 4. System Properties

5 Tripwire UI The TE GUI has many elements of a familiar desktop, but is not. This can lead to frustration and broken mice. The TE GUI has many elements of a familiar desktop, but is not. This can lead to frustration and broken mice. Zones of the console Zones of the console

6 TE Console Areas

7 TE Console Flubs

8 Server Settings User preference settings User preference settings System preferences System preferences Email server Email server

9 Useful Account Setting

10 System Preferences Shorten session timeout to 10 minutes Shorten session timeout to 10 minutes

11 Email Servers

12 Administration Settings Configure login method Configure login method Creating roles Creating roles Creating a user group Creating a user group Creating users Creating users

13 Configure Login Method

14 Roles

15 Modifying Roles

16 Creating User Groups Functional groups usually by role Functional groups usually by role Obvious groupings: staff/admins, operations, management Obvious groupings: staff/admins, operations, management

17 Node Setup Tasks Import TFS and/or UCD-basic rulesets Import TFS and/or UCD-basic rulesets Install agent on a node Install agent on a node Create an action Create an action Use tasks to associate rule, node, action, and schedule a time to run. Use tasks to associate rule, node, action, and schedule a time to run. Create a baseline for the node Create a baseline for the node Wait. Example for a rule with 7,000 elements stored, took ~600 seconds. Wait. Example for a rule with 7,000 elements stored, took ~600 seconds.

18 Import Useful Rules TFS rules very generic, usually result in many elements stored. TFS rules very generic, usually result in many elements stored. UCD rules leaner, meaner. UCD rules leaner, meaner. Rule names need to be unique or collision will occur. Rule names need to be unique or collision will occur.

19 Install the Agent Software Install as Administrator Install as Administrator Enter port + services password Enter port + services password Punch holes in firewall! Punch holes in firewall! There is a silent install option, see Users Guide, Ch. 2, Installation Procedures for TE Agent There is a silent install option, see Users Guide, Ch. 2, Installation Procedures for TE Agent

20 Agent Install

21

22 Firewall on Client

23 Create Email Action

24

25 Move Discovered Node

26

27

28 Create First Task We just want a Check Rule Task for our example

29 Create First Task

30

31

32 Test That It Works Modify a watched element Modify a watched element Run the task, or do a node check Run the task, or do a node check Note the change or check your email Note the change or check your email Take action on the intrusion! Or, just promote the changes. Take action on the intrusion! Or, just promote the changes.

33 Node Manager Adding a node group Adding a node group Linking a node Linking a node Elements for file system nodes Elements for file system nodes Element versions Element versions Node viewing filter Node viewing filter

34 Adding a Node Group

35 Linking a Node

36 Link Symbol

37 TE Symbols Exposed

38 Node Elements

39 Element Versions

40 Node Viewing Filter

41 Without filtering, TMI

42 Now we can see the trees

43 Viewing Rules

44 Rule Specifiers

45 Action Manager Viewing Actions Viewing Actions Creating an email action Creating an email action Creating an SNMP action Creating an SNMP action Creating an execution action (locally or on TE server) Creating an execution action (locally or on TE server)

46 An Execution Action

47 An Execution Action echoing the file name of a changed element to a file

48 Task Manager Viewing tasks Viewing tasks Creating and deleting tasks Creating and deleting tasks

49 Task Manager

50 Log Manager Viewing logs Viewing logs Sorting and filtering Logs Sorting and filtering Logs

51 Log Manager

52 Log Manager - Search

53 The Baseline- What is Happening? Baselining I/O intensive on DB disks Baselining I/O intensive on DB disks Recommend baselining only a small number of systems at once. Recommend baselining only a small number of systems at once.

54 Snapshot defined Temporary record of the monitored objects current attributes. In a baseline execution, this would become the baseline version. In a version check this is the now state we compare the baseline against. Temporary record of the monitored objects current attributes. In a baseline execution, this would become the baseline version. In a version check this is the now state we compare the baseline against.

55 Version Check

56 Viewing Changes Difference Viewer Difference Viewer

57 Promotion Promote selected versions Promote selected versions Promote by match Promote by match Promote by reference Promote by reference Promote by package Promote by package

58 Promote Selected Versions Promote current snapshot(s) to baseline. Select using the GUI. Promote current snapshot(s) to baseline. Select using the GUI.

59 Homework for July 26 Install an agent and associate it with a basic rule or rule set and a task or action Install an agent and associate it with a basic rule or rule set and a task or action Practice the procedures Practice the procedures Deployment options Deployment options

60 Training Schedule July 12: adding and configuring a node using the basic rule set July 12: adding and configuring a node using the basic rule set July 26: creating and modifying rules July 26: creating and modifying rules Aug 1 or 8?: reports, dashboard, deployment steps Aug 1 or 8?: reports, dashboard, deployment steps

61 Resources http://security.ucdavis.edu/tripwire.cfm - Rulesets and presentations http://security.ucdavis.edu/tripwire.cfm - Rulesets and presentations http://security.ucdavis.edu/tripwire.cfm ucdtripwire@ucdavis.edu - mailing list ucdtripwire@ucdavis.edu - mailing list ucdtripwire@ucdavis.edu Vincent Fox - vbfox@ucdavis.edu Vincent Fox - vbfox@ucdavis.eduvbfox@ucdavis.edu Doreen Meyer - dimeyer@ucdavis.edu Doreen Meyer - dimeyer@ucdavis.edudimeyer@ucdavis.edu Bob Ono - raono@ucdavis.edu Bob Ono - raono@ucdavis.eduraono@ucdavis.edu Software - software@ucdavis.edu Software - software@ucdavis.edu

Download ppt "Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Tripwire Enterprise Server Network Nodes, Reports, and Dashboards Vincent Fox and Doreen Meyer UC Davis, Information and Educational Technology August.

Tripwire Enterprise Server Network Nodes, Reports, and Dashboards Vincent Fox and Doreen Meyer UC Davis, Information and Educational Technology August.
MySQL Installation Guide. MySQL Downloading MySQL Installer.

MySQL Installation Guide. MySQL Downloading MySQL Installer.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Installation and Deployment in Microsoft Dynamics CRM 4.0

Installation and Deployment in Microsoft Dynamics CRM 4.0
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Chapter 11: Maintaining and Optimizing Windows Vista

Chapter 11: Maintaining and Optimizing Windows Vista
SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Designed By: Technical Training Department

Designed By: Technical Training Department

Similar presentations

Ads by Google