Scribd
Upload
195 views

3 Working of Tripwire

Tripwire is software that monitors changes to critical system files and directories. It works by: 1. Installing Tripwire and customizing a policy file to specify which files to monitor. 2. Initializing a Tripwire database containing file attributes. 3. Running integrity checks that compare the database to current files, looking for unauthorized changes in reports.

Uploaded by

Hemangi Priya Devi Dasi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
195 views

3 Working of Tripwire

Tripwire is software that monitors changes to critical system files and directories. It works by: 1. Installing Tripwire and customizing a policy file to specify which files to monitor. 2. Initializing a Tripwire database containing file attributes. 3. Running integrity checks that compare the database to current files, looking for unauthorized changes in reports.

Uploaded by

Hemangi Priya Devi Dasi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

09IT47

WORKING OF TRIPWIRE

FIG.3.1: FLOW CHART SHOWING THE WORKING OF TRIPWIRE

CSPIT-IT
3

09IT47
WORKING OF TRIPWIRE

3. WORKING OF TRIPWIRE
1. Install Tripwire and customize the policy file
Install the Tripwire software into the system and then specify the files to be checked by writing the
policy files. Using the version 4.0 writing the policy file is made very easy.
2. Initialize the Tripwire database
The database is initialized with the important key attribute in the file to be checked. Build database
of critical system files to monitor based on the contents of the new, signed Tripwire policy file.
3. Run the integrity check
Compare the newly created Tripwire database with the actual system files, looking for missing or
altered files, according to the integrity check timing specified by in the policy file for different files
that are to be monitored.
4. Examine the Tripwire report file
View the Tripwire report file to note any integrity violations.
5. If unauthorized integrity violations occur, take appropriate security measures
If monitored files have been altered inappropriately, the system administrator have to take
immediate action, you can either replace the original files from backup copies reinstall the program,
or completely reinstall the operating system.
6. If the file alterations were valid, verify and update the Tripwire database file.
If the changes made to monitor files are intentional, edit Tripwires database file to ignore those
changes in subsequent report.
7. If the policy file fails verification, update the Tripwire policy file
To change the list of files Tripwire monitors or how it treats integrity violations, update the supplied
policy file, regenerate a signed copy, and update the Tripwire database.

CSPIT-IT
4

You might also like