home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud455e.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
3KB
|
52 lines
Date: Tue, 03 Nov 92 17:22:08 EST
>From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: File 5--Tripwire "Integrity Monitor"
This is to announce the first public release of "Tripwire."
Tripwire is an integrity-monitor for Unix systems. It uses several
checksum/signature routines to detect changes to files, as well as
monitoring selected items of system-maintained information. The
system also monitors for changes in permissions, links, and sizes of
files and directories. It can be made to detect additions or
deletions of files from watched directories.
The configuration of Tripwire is such that the system/security
administrator can easily specify files and directories to be monitored
or to be excluded from monitoring, and to specify files which are
allowed limited changes without generating a warning. Tripwire can
also be configured with customized signature routines for
site-specific checks.
Tripwire, once installed on a clean system, can detect changes from
intruder activity, unauthorized modification of files to introduce
backdoor or logic-bomb code, (if any were to exist) virus activity in
the Unix environment.
Tripwire is provided as source code with documentation. The system,
as delivered, performs no changes to system files and does not require
root privilege to run (in the general case). The code has been
beta-tested in a form close to that of this release at over 100 sites
world-wide. Tripwire should work on almost any version of Unix, from
Xenix on 80386-based machines to Cray and ETA-10 supercomputers.
Tripwire may be used without charge, but it may not be sold or
modified for sale. Tripwire was written as a project under the
auspices of the COAST Project at Purdue University. The primary
author was Gene Kim, with the aid and under the direction of Gene
Spafford (COAST director).
Copies of the Tripwire distribution may be ftp'd from
ftp.cs.purdue.edu from the directory pub/spaf/COAST/Tripwire. The
distribution is available as a compressed tar file, and as
uncompressed shar kits. The shar kit form of Tripwire version 1.0
will also be posted to comp.sources.unix on the Usenet. No mailserver
access currently exists for distribution, although we expect some
archive sites with such mechanisms will eventually provide access.
Questions, comments, complaints, bugfixes, etc may be directed to:
genek@mentor.cc.purdue.edu (Gene Kim)
spaf@cs.purdue.edu (Gene Spafford)
Downloaded From P-80 International Information Systems 304-744-2253