Review: Tripwire

By on

A complete Tripwire system consists of two components: Tripwire for Servers, which is an agent that must be installed on all servers that are to be protected; and Tripwire Manager, which provides central management for any number of Tripwire for Servers agents. Communications between server agents and management workstation are secured using the secure sockets layer (SSL) protocol.

A complete Tripwire system consists of two components: Tripwire for Servers, which is an agent that must be installed on all servers that are to be protected; and Tripwire Manager, which provides central management for any number of Tripwire for Servers agents. Communications between server agents and management workstation are secured using the secure sockets layer (SSL) protocol.

Tripwire for Servers monitors changes on the servers on which it is installed. It works by comparing data with known good source files in the Tripwire database. If it detects a changed file, it automatically notifies you and can even tell you who made the change. What to monitor is controlled by policies set using Tripwire Manager. Included are default policy files for each supported OS to make it easy to set up which files should be monitored.

Tripwire Manager offers an intuitive graphic user interface for managing multiple servers, which may be gathered together in groups to make management quick and easy. The grouping can even be multi-level to facilitate the control of large numbers of server agents. The interface is really very graphical with pie charts displaying changes, which are grouped based on severity or type. Filters combine with an excellent reporting engine to deliver highly customizable reports that are also exportable as XML or HTML files.

Tripwire Manager allows the scheduling of integrity checks in a flexible way. For example, web site content might need to be checked for defacement every 15 minutes, while operating system files are checked daily. Any changes detected can be compared quickly across multiple servers to identify those that may have suffered the same change. Authorized changes may be accepted so that they are not flagged any more. Recovery (or roll-back) is also easy. SNMP traps and other events (syslog and email) may be triggered by the detection of changes.

Tripwire for Servers is available for servers running MS Windows XP/2000/NT4, Linux, Sun Solaris for SPARC, HP-UX, AIX, Tru64 and FreeBSD. Tripwire Manager is written in Java so that it is also platform-independent and the following platforms are supported: Microsoft Windows XP/2000/NT4, Linux and Sun Solaris for SPARC. It also integrates with common management tools.

For:

Integrates with existing management infrastructures, such as IBM Tivoli and HP OpenView.


Against:

Does not actively prevent changes.


Verdict:

A good solution for managing changes, authorized or unauthorized, and manually reverting back to known good configurations.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?