“TRIPWIRE”

A Seminar ReportSubmitted by

P.A.A. KAREEMULLA(09751A0587)

In partial fulfillment for the award of the degree

of

BACHELOR OF TECHNOLOGY

IN

COMPUTER SCIENCE AND ENGINEERING

At

SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES,CHITTOOR-517127

(Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi)

DEC – 2012

1

SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES

(Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi)

Thimmasamudhram, Chittoor - 517127

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CERTIFICATE

This is to certify that the seminar entitled “TRIPWIRE” that is being submitted by Mr.P.A.A. KAREEMULLA, bearing roll no 09751A0587 in partial fulfillment of degree of IV B.Tech in CSE to JNTU Anantapur is a record of bonafied work carried by him under my supervision.

1.

2.

3.

Seminar Supervisors Head of the Department

2

ABSTRACT

Tripwire is an intrusion detection system. It is a software tool that checks to see what has changed on

your system. The program monitors the key attributes of files that should not change, including the

size, binary signature, expected change of size, and other related important data’s. Tripwire is an open

source program created to monitor changes in a key subset of files identified by the user and report on

any changes in any of those files. When changes are detected the system Administrator can determine

whether those changes occurred due to normal, permitted activity, or whether they were caused by a

break-in. If the former, the administrator can update the system baseline to the new files. If the latter,

then repair and recovery activity begins. Tripwire’s principle is simple enough. The system

administrator identifies key files and causes Tripwire to record checksum for those files. Administrator

also puts a cron job to scan those files at intervals (daily or more frequently), comparing to the original

checksum. Any changes, addition, or deletion are reported, so the proper action can be taken.

3

TABLE OF CONTENTS

1.INTRODUCTION………………………………………………………………………….…6

1.1.MOTIVATION………………………………………………………………………………7

2. BASIC PURPOSE OF TRIPWIRE …………………………………………………………..8

2.1 TRIPWIRE RELATED TOPICS……………. ………………………………………….….9

3. ACTUTAL WORKING OF THE TRIPWIRE SYSTEM…….………………………….….10

3.1. MONITORING DYNAMIC BEHAVIOUR……….……………………………………..10

3.2.MONITORING STATE……………………………………………………………………10

3.3.TECHNIQUES……………………………………………………………………………..11

4. OPERATION OF TRIPWIRE…………….…………………………………………………12

4.1. PROTECTING THE HIDS……………………………………………………………...…12

4.2. FLOWCHART SHOWING THE WORKING OF TRIPWIRE…………………………..14

5.TRIPWIRE MANAGER………………………………………………………………………17

6.TRIPWIRE FOR SERVERS…………………………………………………………………..19

6.1. FLEXIBLE POLICY LANGUAGE………………………………………………………..19

7. TRIPWIRE FOR NETWORK DEVICES…………………………………………………….21

8. HOW TO INSTALL AND USE THE TRIPWIRE SYSTEM………………………….……23

9. HOW TO USE TRIPWIRE…………………………………………………………………..24

10. ADVANTAGES OF TRIPWIRE…………………………………………………………..35

11.CONCLUSION………………………………………………………………………………36

12.REFERENCES………………………………………………………………………………37

ACKNOWLEDGEMENT

4