Tripwire (software)
Encyclopedia
Open Source Tripwire is a free software
security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.
Open Source Tripwire functions as a host-based intrusion detection system
. Rather than attempting to detect intrusions at the network interface level (as in network intrusion detection system
s), Open Source Tripwire detects changes to file system objects.
When first initialized, Open Source Tripwire scans the file system as directed by the administrator and stores information on each file scanned in a database. At a later date the same files are scanned and the results compared against the stored values in the database. Changes are reported to the user. Cryptographic hashes
are employed to detect changes in a file without storing the entire contents of the file in the database.
While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management
, and policy compliance.
Other open source projects exist that provide similar functionality. Examples include OSSEC
, AIDE
and Samhain
.
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.
Open Source Tripwire functions as a host-based intrusion detection system
Host-based intrusion detection system
A host-based intrusion detection system is an intrusion detection system that monitors and analyzes the internals of a computing system as well as the network packets on its network interfaces...
. Rather than attempting to detect intrusions at the network interface level (as in network intrusion detection system
Network intrusion detection system
A Network Intrusion Detection System is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring of network traffic.A NIDS reads all the incoming packets and tries to...
s), Open Source Tripwire detects changes to file system objects.
When first initialized, Open Source Tripwire scans the file system as directed by the administrator and stores information on each file scanned in a database. At a later date the same files are scanned and the results compared against the stored values in the database. Changes are reported to the user. Cryptographic hashes
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
are employed to detect changes in a file without storing the entire contents of the file in the database.
While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management
Change management
Change management is a structured approach to shifting/transitioning individuals, teams, and organizations from a current state to a desired future state. It is an organizational process aimed at helping employees to accept and embrace changes in their current business environment....
, and policy compliance.
Other open source projects exist that provide similar functionality. Examples include OSSEC
OSSEC
OSSEC is a free, open source host-based intrusion detection system . It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD,...
, AIDE
Advanced Intrusion Detection Environment
The Advanced Intrusion Detection Environment was initially developed as a free replacement for Tripwire licensed under the terms of the GNU General Public License ....
and Samhain
Samhain (software)
Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful stealth features to run undetected in memory, using steganography.-Main features:* Complete integrity...
.