Writing, supporting, and evaluating tripwire: a publically available security tool

Tripwire is an integrity checking program written for the Unix environment that gives system administrators the ability to monitor file systems for added, deleted, and modified files. First released in November of 1992, Tripwire has undergone several updates and is in current use at thousands of machines worldwide. This paper begins with a brief overview of what Tripwire does and how it works. We discuss how certain implementation decisions affected the course of Tripwire development. We also present other applications that have been found for Tripwire. These unanticipated uses guided the demands of some users, and we describe how we addressed some of these demands without compromising the ability of Tripwire to serve as a useful security tool. We also discuss the process of releasing, and then supporting, a widely available and widely used tool across the Internet, and how meeting users' high expectations affects this process. How these issues affected Tripwire, done as as an independent study by an undergraduate, is also discussed. Software tools that were used in developing and maintaining Tripwire are presented. Finally, we discuss problems that remain unresolved and some possible solutions