Brandon's Notepad

July 14, 2014

Other Uses For Tripwire

Filed under: Computer Software,Linux — Brandon @ 11:06 am
Tags: , ,

Short URL:
Home > My Lists > Technical Notes > Tripwire > Other Uses For Tripwire

Tripwire was written for security, especially on Unix and Linux systems. It can watch files that contain users and groups definitions, encrypted passwords, and system configuration settings, as well as executable files to verify that they have not been edited or replaced. Here are a few other uses that I’ve come up with. They are listed in no particular order at this point, and some are specific uses that belong to more generic categories.

Event Notification. This is a generic category of uses that need not be security focused. Notification that a periodic report has been generated, for example, may be useful to any number of people for a variety of reasons.

Disk Health Monitor. Unexpected changes to files may be indicative of imminent hard drive failure. Tripwire should reside on a different physical disk than the files monitored. Good candidates to watch include any file that doesn’t change often, including data files.

Change Control. File changes made during software deployment can be reconciled with a list of files stored in a version control tool to verify that only the expected files actually changed. The need to clear scheduled updates should already be a consideration for using Tripwire as an IDS, but this check goes a little deeper, and should be performed by someone who is not a system admin to maintain segregation of duties.

Groupware. This is another generic category that includes any scenario in which a group of people share a common set of working files. Professional, academic, and volunteer/contributor-based efforts could benefit from this usage of the tool, especially when files being developed are prototypical or experimental in nature, or the organization is very small and does not have other controls in place.

Records Management. A company or department may have certain records that must be retained for various reasons, and especially legal ones. Whoever is responsible for controlling changes to these documents can be notified when changes are made. The resulting action will depend on company procedure. For example, reported changes may trigger a review and approval process if a pre-publishing/staging directory is being monitored.

Development. Daily e-mails listing the files changed in a development sandbox could keep developers informed about changes made by peers. This is particularly important for common code, such as shared libraries, interface definitions, database schemas, etc. Other tools (i.e. version control) may have file watch and notification capabilities, but this tool would work in a pinch.

Open Source Tripwire Reference

Filed under: Computer Software,Linux — Brandon @ 10:34 am
Tags: , , , , ,

Home > My Lists > Technical Notes > Tripwire > Open Source Tripwire Reference

There is a lot of reference material on the Web about Open Source Tripwire. This page includes references to the sources I’ve used to understand how the system works.

How-To Guides

Writing Policy Files

Linux Man Pages


Filed under: Computer Software,Linux — Brandon @ 10:29 am
Tags: , , , , ,

Short URL:
Home > My Lists > Technical Notes > Tripwire

Tripwire is an intrusion detection system. It monitors file systems and stores various attributes about the files for later comparison. When it detects that a monitored file has changed since the baseline scan, it alerts someone (e.g. system administrator, data security, etc.) via e-mail who can either verify that the change was authorized and update the baseline, or have the change reversed. The Open Source product is based on code provided by Tripwire Inc.. The commercial offering includes a robust reporting and security policy management built around the core product.

Open Source Tripwire Reference
How Tripwire Works In Plain English (future post)
Other Uses For Tripwire

Blog at