Catch Linux System Intruders with Tripwire

There's no doubt that Linux is a secure operating system. However, nothing is perfect. Millions of lines of code are churned through the kernel every second and it only takes a single programming mistake to open a door into the operating system. If that line of code happens to face the Internet, that's a backdoor […]

There's no doubt that Linux is a secure operating system. However, nothing is perfect. Millions of lines of code are churned through the kernel every second and it only takes a single programming mistake to open a door into the operating system. If that line of code happens to face the Internet, that's a backdoor to your server.

Tripwire generates checksums from all the essential binaries that are running on your system. Every file has a completely unique checksum. If a single bit of data changes in the file, the checksum it generates will be completely different.

These checksums can't be cracked or duplicated because they rely on a tried and tested method of encryption. Using this database of checksums, Tripwire will periodically recheck the value of each binary file in its database. If any file has changed, the wire is tripped and an alarm is signalled.

After installing the Tripwire packages, you'll be presented with the Tripwire configuration wizard. The first question asks whether you want to create or use your site passkey. This is the unique encryption key that's used to generate the checksum information for your files, and Tripwire uses two – one for files that are only going to be used on the installation machine (such as the Tripwire configuration files themselves), and another for files that may be accessed and used on other machines across a network. The next page of the wizard will ask you for these.

Full Article