Jump to content

Open Source Tripwire: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
History: clarify the cleanroom style
additional source
Line 32: Line 32:
During the installation, Open Source Tripwire asks the user to set the site-key and local key [[passphrase]]s. The site-key passphrase is used to protect files across several systems (policy and configuration files) and the local passphrase is used to protect files on a specific machine. The policy file contains the list of files and directories to scan and the rules (e.g. which [[File attribute|attribute]]s of the [[Directory structure|directory tree]] to get).<ref name="kwaku"/>
During the installation, Open Source Tripwire asks the user to set the site-key and local key [[passphrase]]s. The site-key passphrase is used to protect files across several systems (policy and configuration files) and the local passphrase is used to protect files on a specific machine. The policy file contains the list of files and directories to scan and the rules (e.g. which [[File attribute|attribute]]s of the [[Directory structure|directory tree]] to get).<ref name="kwaku"/>


Open Source Tripwire later asks for the local passphrase when creating an initial [[database]]. It runs the first scan of the system and saves the result to the database. Afterwards, it runs integrity checks and compares the result with the database. For example, if a new file is created then it will be listed in the subsequent integrity check report.<ref name="monitor"/> The database file is designed to be [[Human-readable medium and data|human-readable]], so that the user is able to verify properties of individual files or even check the database for potential tampering.<ref name="spafford">{{cite web |url=https://www.acsac.org/2022/program/artifacts_competition/Tripwire-final.pdf |title=Tripwire: Pioneering Integrity Scanning for Cybersecurity |publisher=Purdue University |first=Eugene H. |last=Spafford |author-link=Gene Spafford |access-date=January 14, 2024 |archive-url=https://web.archive.org/web/20230204221003/https://www.acsac.org/2022/program/artifacts_competition/Tripwire-final.pdf |archive-date=February 4, 2023 |url-status=live}}</ref>
Open Source Tripwire later asks for the local passphrase when creating an initial [[database]]. It runs the first scan of the system and saves the result to the database. Afterwards, it runs integrity checks and compares the result with the database. For example, if a new file is created then it will be listed in the subsequent integrity check report.<ref name="monitor"/> The database file is designed to be [[Human-readable medium and data|human-readable]], so that the user is able to verify properties of individual files or even check the database for potential tampering.<ref name="spafford">{{cite web |url=https://www.acsac.org/2022/program/artifacts_competition/Tripwire-final.pdf |title=Tripwire: Pioneering Integrity Scanning for Cybersecurity |publisher=Purdue University |first=Eugene H. |last=Spafford |author-link=Gene Spafford |access-date=January 14, 2024 |archive-url=https://web.archive.org/web/20230204221003/https://www.acsac.org/2022/program/artifacts_competition/Tripwire-final.pdf |archive-date=February 4, 2023 |url-status=live}}</ref> It is important that the database is initialized before the system is at risk of being compromised.<ref>{{cite journal |url=https://arxiv.org/ftp/arxiv/papers/0906/0906.5060.pdf |title=Incidence Handling and Response System |journal=International Journal of Computer Science and Information Security |author1=Prof. Dhananjay R. Kalbande |author2=Dr. G. T. Thampi |author3=Mr. Manish Singh |year=2009 |volume=2 |issue=1 |access-date=January 14, 2024 |archive-url=https://web.archive.org/web/20240114203525/https://arxiv.org/ftp/arxiv/papers/0906/0906.5060.pdf |archive-date=January 14, 2024 |url-status=live}}</ref>


A more sophisticated usage would include creating the so-called ''tripwire'' files and configuring Open Source Tripwire to track these files in order to catch snooping intruders. When the intruder reads these files, their [[timestamp]]s get updated and the security administrators get notified about this incident.<ref name="spafford"/>
A more sophisticated usage would include creating the so-called ''tripwire'' files and configuring Open Source Tripwire to track these files in order to catch snooping intruders. When the intruder reads these files, their [[timestamp]]s get updated and the security administrators get notified about this incident.<ref name="spafford"/>

Revision as of 20:38, 14 January 2024

For other uses, see Tripwire (disambiguation).
Open Source Tripwire
Developer(s)Tripwire, Inc.
Stable release
2.4.3.7 / 31 March 2018; 6 years ago (2018-03-31)
Repository
Written inC++, Perl
Operating systemLinux, all POSIX/UNIX Systems
TypeSecurity, Monitoring, HIDS
LicenseGPLv2[1]
Websitehttps://github.com/Tripwire/tripwire-open-source

Open Source Tripwire is a free software security and data integrity tool for monitoring and alerting on specific file change(s) on a range of systems.[2][3] The project is based on code originally contributed by Tripwire, Inc. in 2000.[4][5] It is released under the terms of GNU General Public License.[1]

History

The Tripwire was created by Dr. Eugene Spafford and Gene Kim in 1992 in response to a series of stealthy intrusions that occurred in early 1991. These attacks circumvented the existing security systems by infecting the shared libraries in a way that their CRC checksums were unchanged. Tripwire was designed to use message digest functions from different hash families to avoid the possibility of common vulnerabilities. The name "Tripwire" comes from the trap or tripwire files which alert administrators upon being accessed by intruders.[6]

Tripwire was written in C and its design emphasized the program and database portability. On November 2, 1992, it was released for a beta testing. In December 1993, the formal release was made after identifying and fixing several bugs. Early releases were developed in a cleanroom style, where Gene Kim did the development and Eugene Spafford ran the acceptance testing.[6]

The Tripwire was initially free and open-source, but it went commercial in 1997. Open Source Tripwire was released in October, 2000.[5]

On May 4, 2015, the source code was moved from SourceForge to GitHub.[7]

Overview

During the installation, Open Source Tripwire asks the user to set the site-key and local key passphrases. The site-key passphrase is used to protect files across several systems (policy and configuration files) and the local passphrase is used to protect files on a specific machine. The policy file contains the list of files and directories to scan and the rules (e.g. which attributes of the directory tree to get).[2]

Open Source Tripwire later asks for the local passphrase when creating an initial database. It runs the first scan of the system and saves the result to the database. Afterwards, it runs integrity checks and compares the result with the database. For example, if a new file is created then it will be listed in the subsequent integrity check report.[3] The database file is designed to be human-readable, so that the user is able to verify properties of individual files or even check the database for potential tampering.[6] It is important that the database is initialized before the system is at risk of being compromised.[8]

A more sophisticated usage would include creating the so-called tripwire files and configuring Open Source Tripwire to track these files in order to catch snooping intruders. When the intruder reads these files, their timestamps get updated and the security administrators get notified about this incident.[6]

Unlike Tripwire Enterprise, Open Source Tripwire is not available for Windows and has only basic policies.[9]

See also

References

  1. ^ a b "LICENSE". Github. Retrieved 5 September 2019.
  2. ^ a b Michael Kwaku Aboagye (January 18, 2018). "Securing the Linux filesystem with Tripwire". opensource.com. Archived from the original on May 6, 2023. Retrieved January 14, 2024.
  3. ^ a b Li, Hui; McGinty, Michael; Fu, Xinwen (2012). "Monitor and Secure Linux System with Open Source Tripwire" (PDF). University of Massachusetts Lowell. Archived (PDF) from the original on January 14, 2024. Retrieved January 14, 2024.
  4. ^ "Open Source Tripwire on SourceForge". Retrieved January 14, 2024.
  5. ^ a b Bauer, Mick (July 1, 2001). "Paranoid penguin: intrusion detection for the masses". Linux Journal. 2001 (87). Archived from the original on January 14, 2024. Retrieved January 14, 2024.
  6. ^ a b c d Spafford, Eugene H. "Tripwire: Pioneering Integrity Scanning for Cybersecurity" (PDF). Purdue University. Archived (PDF) from the original on February 4, 2023. Retrieved January 14, 2024.
  7. ^ "Initial commit of code from Sourceforge repository". Retrieved January 14, 2024.
  8. ^ Prof. Dhananjay R. Kalbande; Dr. G. T. Thampi; Mr. Manish Singh (2009). "Incidence Handling and Response System" (PDF). International Journal of Computer Science and Information Security. 2 (1). Archived (PDF) from the original on January 14, 2024. Retrieved January 14, 2024.
  9. ^ Sen, Kaushik (October 17, 2021). "Tripwire Enterprise vs Free Tripwire Open Source". UpGuard. Archived from the original on January 19, 2022. Retrieved January 14, 2024.
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Open_Source_Tripwire&oldid=1195667194"