The design and implementation of tripwire: a file system integrity checker

At the heart of most computer systems is a file system. The file system contains user data, executable programs, configuration and authorization information, and (usually) the base executable version of the operating system itself. The ability to monitor file systems for unauthorized or unexpected changes gives system administrators valuable data for protecting and maintaining their systems. However, in environments of many networked heterogeneous platforms with different policies and software, the task of monitoring changes becomes quite daunting. Tripwire is tool that aids UNIX system administrators and users in monitoring a designated set of files and directories for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or altered files, so corrective actions may be taken in a timely manner. Tripwire may also be used on user or group files or databases to signal changes. This paper describes the design and implementation of the Tripwire tool. It uses interchangeable “signature” (usually, message digest) routines to identify changes in files, and is highly configurable. Tripwire is no-cost software, available on the Internet, and is currently in use on thousands of machines around the world.

[1]  Brian W. Kernighan,et al.  The m4 macro processor , 1977 .

[2]  Brian W. Kernighan,et al.  The C Programming Language , 1978 .

[3]  Maurice J. Bach The Design of the UNIX Operating System , 1986 .

[4]  Stephen G. Kochan,et al.  Unix System Security , 1986 .

[5]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..

[6]  Joe Campbell C Programmer's Guide to Serial Communications , 1987 .

[7]  Larry L. Crume UNIX system , 1987 .

[8]  Ralph Howard,et al.  Data Encryption Standard , 1987, Definitions.

[9]  Clifford Stoll,et al.  The Cuckoo's Egg , 1989 .

[10]  Eugene H. Spafford,et al.  The COPS Security Checker System , 1990, USENIX Summer.

[11]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[12]  Simson L. Garfinkel,et al.  Practical UNIX Security , 1991 .

[13]  Jennifer Seberry,et al.  HAVAL - A One-Way Hashing Algorithm with Variable Length of Output , 1992, AUSCRYPT.

[14]  Y. Radai Checksumming Techniques for Anti-Viral Purposes , 1992, IFIP Congress.

[15]  David A. Curry UNIX System Security: A Guide for Users and System Administrators , 1992 .

[16]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[17]  Lawrence E. Bassham,et al.  A Guide to the Selection of Anti-Virus Tools and Techniques , 1992 .

[18]  Massimo Cotrozzi,et al.  ATP - Anti-Tampering Program , 1993, USENIX Security Symposium.

[19]  David Safford,et al.  The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment , 1993, USENIX Security Symposium.

[20]  Andy Oram,et al.  Managing Projects with Make , 1993 .

[21]  Eugene H. Spafford,et al.  Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection , 1994 .

[22]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .

[23]  Eugene H. Spafford,et al.  Writing, supporting, and evaluating tripwire: a publically available security tool , 1994 .

[24]  Lance J. Hoffman,et al.  Answers to frequently asked questions about today's cryptography , 1995 .