Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security SIG: Introduction to Tripwire Chris Harwood John Ives."— Presentation transcript:

1 Security SIG: Introduction to Tripwire Chris Harwood John Ives

2 What is Tripwire?  Monitors ‘important’ file and registry values and properties (like access times, flags, owner, etc)  Enables Admins to detect files that are added, modified or deleted  Provides a history of what changes during patching  Two Components (for today’s discussion) Tripwire for Servers (command line) Tripwire Manager (GUI front end)

3 What can run Tripwire?  Compaq Tru64 UNIX 4.0F, 4.0G, 5.0A, 5.1, 5.1A & 5.1B  FreeBSD 4.5, 4.6, 4.7, 4.10 & 5.3  HP-UX 10.20, 11.0, 11i v1 & 11i v2  IBM AIX 4.3.3, 5.1, 5.2 & 5.3  Linux (kernel 2.2 and glibc 2.x or higher)  Red Hat Enterprise Linux 3 & 4 AS, WS & ES  Solaris (SPARC) 2.6, 7, 8, 9 & 10  Windows NT 4.0, 2000, 2003 & XP Pro

4 How do you get Tripwire?  Licensed for use by all UC campuses  Locally it is distributed via http://softdist.berkeley.edu/  Fill out the form and fax in the appropriate paperwork  Download instructions are sent via email

5 Tripwire For Servers  Command Line Utility  Keeps encrypted database of File/Registry Attributes (including 4 hashing algorithms – HAVAL, MD5, SHA and CRC-32)  Can detect changes to 29 object properties and 21 Registry keys/values on windows and 21 object properties on UNIX  Can Notify of changes via syslog, email or SNMP  Can output results in XML or HTML

6 Object Properties - Windows  Archive flag  Read-only flag  Hidden flag  Offline flag  Temporary flag  System flag  Directory flag  Last access time  Last write time  Create time  File size  Turns on event tracking for that object  MS-DOS 8.3 name  NTFS Compressed flag  NTFS Owner SID  NTFS Group SID  NTFS DACL  NTFS SACL  Security descriptor control  Size of security descriptor  CRC-32  MD5  SHA  HAVAL  Number of NTFS streams  CRC-32 hash of all alternative data streams  MD5 hash of all alternative data streams  SHA hash of all alternative data streams  HAVAL hash of all alternative data streams

7 Registry Properties - Windows  Registry Key Objects Last write time Owner SID Group SID DACL SACL Security descriptor control Size of security descriptor for the key Name of class Number of subkeys Maximum length of subkey name Maximum length of classname Number of values Maximum length for value name Maximum length of data for any value in the key Turns on event tracking for that object  Registry Value Objects Type of value data Length of value data CRC-32 hash of value data MD5 hash of value data SHA hash of value data HAVAL hash of value data

8 Object Properties - UNIX  File permissions  Inode number  Number of links (inode reference count)  User ID of owner  Group ID of owner  File ize  Device number of the disk where the inode for the file is stored  For device object only; number of the device to which the inode points  Number of blocks allocated  Modification timestamp  Inode creation/modification timestamp  File size (violated if file is not larger than its last recorded size)  Access timestamp  Object Event tracking  Flags  CRC-32  MD5  SHA  HAVAL  ACL settings  Inode generation number

9 Pass Phrases  Local Passphrase Used to protect the Database and (optionally) report files  Site Passphrase Used to protect the policy and configuration files  Manager Passphrase Stores the local and site passwords of each server using triple-DES encryption with a 168 bit key length

10 Demonstration Installing Tripwire For Servers on Windows

11 Demonstration Tripwire For Servers Command Line Options and Default Policy

12 Installation on Linux  Glibc must be installed Up2date –u glibc or glibc-devel  Install the agent  Site key & local key  Mail method SMTP for relay Sendmail for localhost  SNMP set to no  IP address port 1169 Firewall rules manager to server ( 1024-65535 to 1169)  Startup scripts  Start agent  Register in Tripwire Manager

13 Demonstration Installing Tripwire for servers on Linux

14 Tripwire Manager  GUI for managing (Policy, Schedule, etc) on Tripwire for Servers  Written in Java (supported on Solaris 7-9, Windows NT4-2003 and RedHat Linux 7-9 & Enterprise Linux 3 & 4 AS, WS, & ES)  Can manage multiple Tripwire for Servers Installations  Uses SSL to communicate with Tripwire for Servers (bi-directional authentication)

15 Demonstration Installing Tripwire Manager on Windows

16 Registering a server  Add Machine Hostname Group Address Port

17 Demonstration Registering Server with Manager

18 Demonstration Using Tripwire Manager to edit Policy, Settings and Schedule

19 Initial Config  Edit config file Event tracking Mail no violation reports Global email  Initialize the database (8 min)  Perform integrity check (10 min)  Update policy file Don’t overwrite

20 Post Integrity Check  View Report Objects  UNIX  Windows  Update database Update, don’t approve violations  Re-run integrity check Continue until status is green

21 Automation & Reporting  Configure schedules Nightly  Full integrity check Periodical  System configuration files  Other critical application files or directories  Text or HTML reports Level 3 Concise Text format HTML reports can cause SMTP issues

22 Questions and Answer

Download ppt "Security SIG: Introduction to Tripwire Chris Harwood John Ives."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Managing Security and System Integrity. Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple.

Managing Security and System Integrity. Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Optinuity Confidential. All rights reserved. C2O Configuration Requirements.

Optinuity Confidential. All rights reserved. C2O Configuration Requirements.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.

Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
T RIP W IRE Karthik Mohanasundaram Wright State University.

T RIP W IRE Karthik Mohanasundaram Wright State University.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Security SIG August 19, 2010 Justin C. Klein Keane

Security SIG August 19, 2010 Justin C. Klein Keane
IT:Network:Applications Fall 2009.  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

Similar presentations

Ads by Google