Tripwire software can help to ensure the integrity of critical system
files and directories by identifying all changes made to them.
Tripwire configuration options include the ability to receive alerts via
email if particular files are altered and automated integrity
checking via a cron job. Using Tripwire for intrusion detection and
damage assessment helps you keep track of system changes and can
speed the recovery from a break-in by reducing the number of files you
must restore to repair the system.
Tripwire compares files and directories against a baseline database of
file locations, dates modified, and other data. It generates the
baseline by taking a snapshot of specified files and directories in a
known secure state. (For maximum security, Tripwire should be
installed and the baseline created before the system is at risk from
intrusion.) After creating the baseline database, Tripwire compares
the current system to the baseline and reports any modifications,
additions, or deletions.
For additional information, see Tripwire.org
Back to Tripwire Documentation Home
Back to System Administrators' Information
