Hi!, If you're new here, you may want to subscribe to our RSS feed or sign up for free email updates.. Thanks for visiting!

In term of security, there are many basic security tools that you can add. Tripwire is one of the best file system monitoring tools around. In a nutshell, Tripwire helps to record information about important files (such as checksums) in a database. If anything changes in those files, Tripwire will catch the change when it runs (configure it as often as you like with cron) and will alert you.

Tripwire OpenSource project is based on codes that is originally contributed by Tripwire, Inc. in 2000. Tripwire can alert systems administrators whenever there is any possible intrusion attempts by periodically verifying the integrity of a server’s file systems. It is known that most systems intruders will often use trojan binaries for login, su, ps, and ls, etc. to cover their tracks and keep a low profile on the system. Thus, under normal circumstances even astute systems administrators may not observe the intrusion because the trojan binaries mimic the system binaries so well. By using a strong checksum method similar to MD5,

Tripwire can identify with absolute certainty whether or not a file has been modified, unlike similar programs that use weaker algorithms such as CRC to calculate checksums. While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management, and policy compliance.

Installation

To install Tripwire, you may issue the following commands as root:

  tar xvzf tripwire-2.3-47.i386.tar.gz

  rpm -ivh tripwire-2.3-47.i386.rpm

Once the software is installed with rpm, the installation shell script will need to be executed to finish the Tripwire installation. This is done by issuing the command:

  /etc/tripwire/twinstall.sh

as root. Note that all Tripwire associated files are kept in the /etc/tripwire directory.

Download Tripwire