Open Source Tripwire

Stephen Yagielowicz
For those charged with ensuring that computer systems are safe and protected from malicious attacks, one of the handiest tools to have is an automated file integrity checker. These tools scan the files on your system, checking for any unauthorized changes to the specified files and report when possible attacks may have compromised those files.

According to its backers, the Open Source Tripwire software "is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems." This free version of the commercial Tripwire software is often referred to as "tripwire" with a lowercase "t" and is arguably the most popular integrity auditing system in use by professionals today.

For example, administrators of Linux-based web servers may find that detecting web pages that have been altered by hackers is easy and effective with Tripwire.

In use, the system is really quite simple; adding database entries for the files you specify and then later comparing them against those original snapshots to determine if changes were made beyond the authorized limits. The software then prepares a report outlining any changes that it has detected.

Most users will want to run Tripwire daily, during their site's lowest traffic periods, in order to maximize the software's impact while mitigating any performance hits. For best results, it should be installed on a fresh computer, immediately after the basic operating system and before any other applications are added or network connections enabled, to help prevent any malicious activity from occurring before the initial snapshot is made.