Table of Contents
Advertisement
Section 11.1:How to Use Tripwire
11 Installing and Configuring Tripwire
Tripwire software can help to ensure the integrity of critical system files and directories by identifying
all changes made to them. Tripwire configuration options include the ability to receive alerts via email
if particular files are altered and automated integrity checking via a cron job. Using Tripwire for
intrusion detection and damage assessment helps you keep track of system changes and can speed the
recovery from a break-in by reducing the number of files you must restore to repair the system.
Tripwire compares files and directories against a baseline database of file locations, dates modified,
and other data. It generates the baseline by taking a snapshot of specified files and directories in a
known secure state. (For maximum security, Tripwire should be installed and the baseline created
before the system is at risk from intrusion.) After creating the baseline database, Tripwire compares
the current system to the baseline and reports any modifications, additions, or deletions.
While a valuable tool when auditing the security state of your system,
Tripwire is not supported by Red Hat, Inc.. Contact Tripwire, Inc., (
http://www.tripwire.com) for support options.
11.1 How to Use Tripwire
The following flowchart illustrates how Tripwire should be used:
WARNING
167
Advertisement
Table of Contents
