Tripwire is an integrity checking program written for the UNIX environment. It gives system administrators the ability to monitor file systems for added, deleted, and modified files. Intended to aid intrusion detection, Tripwire was officially released on November 2, 1992. It is being actively used at thousands of sites around the world. Published in volume 26 of comp.sources.unix on the USENET and archived at numerous FTP sites around the world, Tripwire is widely available and widely distributed. It is recommended by various computer security response teams, including the CERT and CIAC. This paper begins by motivating the need for an integrity checker by presenting a hypothetical situation any system administrator could face. An overview of Tripwire is then described, emphasizing the salient aspects of Tripwire configuration that supports its use at sites employing modern variants of the UNIX operating system. Experiences with how Tripwire has been used in “in the field” are then presented, along with some conjectures on the prevalence and extent of system breakins. Novel uses of Tripwire and notable configurations of Tripwire are also presented. This paper appeared as [8]
[1]
Brian W. Kernighan,et al.
The m4 macro processor
,
1977
.
[2]
Stephen G. Kochan,et al.
Unix System Security
,
1986
.
[3]
Clifford Stoll,et al.
The Cuckoo's Egg
,
1989
.
[4]
Eugene H. Spafford,et al.
The COPS Security Checker System
,
1990,
USENIX Summer.
[5]
Simson L. Garfinkel,et al.
Practical UNIX Security
,
1991
.
[6]
David A. Curry.
UNIX System Security: A Guide for Users and System Administrators
,
1992
.
[7]
Ronald L. Rivest,et al.
The MD4 Message-Digest Algorithm
,
1990,
RFC.
[8]
Ronald L. Rivest,et al.
The MD5 Message-Digest Algorithm
,
1992,
RFC.
[9]
Massimo Cotrozzi,et al.
ATP - Anti-Tampering Program
,
1993,
USENIX Security Symposium.
[10]
Eugene H. Spafford,et al.
Monitoring File Sys-tem Integrity on UNIX Platforms
,
1993
.
[11]
H. Gene,et al.
Tripwire A File System Integrity Checker
,
1994,
CCS 1994.
[12]
Eugene H. Spafford,et al.
The design and implementation of tripwire: a file system integrity checker
,
1994,
CCS '94.