|
Tripwire is a company based in Portland, Oregon which produces change auditing software. It is also a Linux open source intrusion-detection system based on a version of one of the company's products, first released publicly by Purdue University in 1992.
Open source tool
The open source tool called Tripwire is a host-based intrusion detection system. It is not so much concerned with detecting intrusion attempts at the periphery of a computing system (as in Network intrusion detection systems), but rather looks for and reports on the resultant changes of state in the computing system under observation.
Intruders usually leave traces of their activities (change system state). Tripwire looks for these by monitoring key attributes of files that should not change, including binary signature, size, expected change of size, etc. - and reporting its findings.
While useful for intrusion detection it can also be used for many other purposes such as integrity assurance, change management, policy compliance, and more.
Many techniques used for host-based intrusion detection were entirely or in part pioneered by Tripwire. In many senses recent efforts at managing security on computers, such as the Trusted Computing Group Trusted Platform Module are extensions of these ideas and techniques wrapped up in a piece of silicon that runs external to the CPU and is thus harder to crack.
External links
| 
