The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/COAST/Tripwire

No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

Gene H. Kim, Eugene H. Spafford, Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection
Abstract: This paper begins by motivating the need for an integrity checker by presenting a hypothetical situation any system administrator could face. An overview of Tripwire is then described, emphasizing the salient aspects of Tripwire configuration that supports its use at sites employing modern variants of the UNIX operating system. Experiences with how Tripwire has been used in "in the field" are then presented, along with some conjectures on the prevalence and extent of system breakin. Novel uses of Tripwire and no-table configurations of Tripwire are also presented.

Gene H. Kim, Eugene H. Spafford, Writing, Supporting, and Evaluating Tripwire: A Publically Available Security Tool
Abstract: This paper begins with brief overview of what Tripwire does and how it works. It discuss how certain implementation decisions affected the course of Tripwire development, also presents other applications that have been found for Tripwire.

Gene H. Kim, Eugene H. Spafford, The Design and Implementation of Tripwire: A File System Integrity Checker
Abstract: This paper describes the design and implementation of the Tripwire tool. It uses interchangeable "signature" routines to identify changes in files, and is h highly configurable.

Gene H. Kim, Eugene H. Spafford, Tripwire v1.2
Abstract: Tripwire is a highly portable, configurable tool to monitor changes in a Unix filesystem. It keeps a database of inode information and message digests of file and directory contents based on a user-designed configuration file. When rerun, Tripwire will compare the stored values against the configuration flags and warn the operator of any deviations (changes, additions, accesses, etc). Tripwire is extensively documented, has been ported to over 30 varieties of Unix, and is highly recommended by anyone who uses it.


O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page. (COAST Security Archive)