1. “TRIPWIRE”
A Seminar Report
Submitted by
P.A.A. KAREEMULLA(09751A0587)
In partial fulfillment for the award of the degree
of
BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING
At
SREENIVASA INSTITUTE OF TECHNOLOGY AND
MANAGEMENT STUDIES,CHITTOOR-517127
(Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi)
DEC – 2012
1
2. SREENIVASA INSTITUTE OF TECHNOLOGY AND
MANAGEMENT STUDIES
(Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi)
Thimmasamudhram, Chittoor - 517127
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
CERTIFICATE
This is to certify that the seminar entitled “TRIPWIRE” that is being
submitted by Mr.P.A.A. KAREEMULLA, bearing roll no 09751A0587 in partial
fulfillment of degree of IV B.Tech in CSE to JNTU Anantapur is a record of
bonafied work carried by him under my supervision.
1.
2.
3.
Seminar Supervisors Head of the Department
2
3. ABSTRACT
Tripwire is an intrusion detection system. It is a software tool that checks to see what has changed on
your system. The program monitors the key attributes of files that should not change, including the
size, binary signature, expected change of size, and other related important data’s. Tripwire is an open
source program created to monitor changes in a key subset of files identified by the user and report on
any changes in any of those files. When changes are detected the system Administrator can determine
whether those changes occurred due to normal, permitted activity, or whether they were caused by a
break-in. If the former, the administrator can update the system baseline to the new files. If the latter,
then repair and recovery activity begins. Tripwire’s principle is simple enough. The system
administrator identifies key files and causes Tripwire to record checksum for those files. Administrator
also puts a cron job to scan those files at intervals (daily or more frequently), comparing to the original
checksum. Any changes, addition, or deletion are reported, so the proper action can be taken.
3
4. TABLE OF CONTENTS
1.INTRODUCTION………………………………………………………………………….…6
1.1.MOTIVATION………………………………………………………………………………7
2. BASIC PURPOSE OF TRIPWIRE …………………………………………………………..8
2.1 TRIPWIRE RELATED TOPICS……………. ………………………………………….….9
3. ACTUTAL WORKING OF THE TRIPWIRE SYSTEM…….………………………….….10
3.1. MONITORING DYNAMIC BEHAVIOUR……….……………………………………..10
3.2.MONITORING STATE……………………………………………………………………10
3.3.TECHNIQUES……………………………………………………………………………..11
4. OPERATION OF TRIPWIRE…………….…………………………………………………12
4.1. PROTECTING THE HIDS……………………………………………………………...…12
4.2. FLOWCHART SHOWING THE WORKING OF TRIPWIRE…………………………..14
5.TRIPWIRE MANAGER………………………………………………………………………17
6.TRIPWIRE FOR SERVERS…………………………………………………………………..19
6.1. FLEXIBLE POLICY LANGUAGE………………………………………………………..19
7. TRIPWIRE FOR NETWORK DEVICES…………………………………………………….21
8. HOW TO INSTALL AND USE THE TRIPWIRE SYSTEM………………………….……23
9. HOW TO USE TRIPWIRE…………………………………………………………………..24
10. ADVANTAGES OF TRIPWIRE…………………………………………………………..35
11.CONCLUSION………………………………………………………………………………36
12.REFERENCES………………………………………………………………………………37
ACKNOWLEDGEMENT
4