Securing Your Files with Tripwire

What kind of files should you watch with Tripwire? You should be keeping an eye on any files that shouldn't be changing regularly, such as important system executables (ls, df, login, and cmd.exe), libraries and DLLs, and configuration files (/etc/inetd.conf, /etc/passwd, and the like). You can also watch files that should be changing in a predictable manner for example, making sure that logfiles are growing and never shrinking. Make sure that none of your users put full read/write access on their home directories by watching file permissions on /home/*.

When you're first using Tripwire, it's a good idea to start with a broad file base. You'll probably end up swamped with false positives at first, but as you go through the Tripwire reports and see the files that are being changed, you'll learn to build a better database, monitoring only those changes that could indicate a serious violation on the system.



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net