Slide 15 of 21
Notes:
Tripwire builds a database that records information about the contents and directory entries of the indicated parts of your filesystem. It can be used at subsequent times to verify whether any unauthorised changes have occurred.
To be effective, you MUST be sure that you are initially running it on a clean system (no point in checkpointing a system that has already been compromised!), and you MUST keep the database somewhere that hackers cannot possibly interfere with it (a physically read-only file system would be ideal).
It was easy to build and looked easy to run; the hard part is planning which parts of your filesystem need to be defended, and working out a way of keeping the database secure.
We are definitely interested in this tool.