Tripwire was written for security, especially on Unix and Linux systems. It can watch files that contain users and groups definitions, encrypted passwords, and system configuration settings, as well as executable files to verify that they have not been edited or replaced. Here are a few other uses that I’ve come up with. They are listed in no particular order at this point, and some are specific uses that belong to more generic categories.
Event Notification. This is a generic category of uses that need not be security focused. Notification that a periodic report has been generated, for example, may be useful to any number of people for a variety of reasons.
Disk Health Monitor. Unexpected changes to files may be indicative of imminent hard drive failure. Tripwire should reside on a different physical disk than the files monitored. Good candidates to watch include any file that doesn’t change often, including data files.
Change Control. File changes made during software deployment can be reconciled with a list of files stored in a version control tool to verify that only the expected files actually changed. The need to clear scheduled updates should already be a consideration for using Tripwire as an IDS, but this check goes a little deeper, and should be performed by someone who is not a system admin to maintain segregation of duties.
Groupware. This is another generic category that includes any scenario in which a group of people share a common set of working files. Professional, academic, and volunteer/contributor-based efforts could benefit from this usage of the tool, especially when files being developed are prototypical or experimental in nature, or the organization is very small and does not have other controls in place.
Records Management. A company or department may have certain records that must be retained for various reasons, and especially legal ones. Whoever is responsible for controlling changes to these documents can be notified when changes are made. The resulting action will depend on company procedure. For example, reported changes may trigger a review and approval process if a pre-publishing/staging directory is being monitored.
Development. Daily e-mails listing the files changed in a development sandbox could keep developers informed about changes made by peers. This is particularly important for common code, such as shared libraries, interface definitions, database schemas, etc. Other tools (i.e. version control) may have file watch and notification capabilities, but this tool would work in a pinch.
Brandon's Notepad 