52 lines
2.4 KiB
Plaintext
52 lines
2.4 KiB
Plaintext
This is to announce the first public release of "Tripwire."
|
|
|
|
Tripwire is an integrity-monitor for Unix systems. It uses several
|
|
checksum/signature routines to detect changes to files, as well as
|
|
monitoring selected items of system-maintained information. The
|
|
system also monitors for changes in permissions, links, and sizes of
|
|
files and directories. It can be made to detect additions or
|
|
deletions of files from watched directories.
|
|
|
|
The configuration of Tripwire is such that the system/security
|
|
administrator can easily specify files and directories to be monitored
|
|
or to be excluded from monitoring, and to specify files which are
|
|
allowed limited changes without generating a warning. Tripwire can
|
|
also be configured with customized signature routines for
|
|
site-specific checks.
|
|
|
|
Tripwire, once installed on a clean system, can detect changes from
|
|
intruder activity, unauthorized modification of files to introduce
|
|
backdoor or logic-bomb code, (if any were to exist) virus activity in
|
|
the Unix environment.
|
|
|
|
Tripwire is provided as source code with documentation. The system,
|
|
as delivered, performs no changes to system files and does not require
|
|
root privilege to run (in the general case). The code has been
|
|
beta-tested in a form close to that of this release at over 100 sites
|
|
world-wide. Tripwire should work on almost any version of Unix, from
|
|
Xenix on 80386-based machines to Cray and ETA-10 supercomputers.
|
|
|
|
Tripwire may be used without charge, but it may not be sold or
|
|
modified for sale. Tripwire was written as a project under the
|
|
auspices of the COAST Project at Purdue University. The primary
|
|
author was Gene Kim, with the aid and under the direction of Gene
|
|
Spafford (COAST director).
|
|
|
|
Copies of the Tripwire distribution may be ftp'd from
|
|
ftp.cs.purdue.edu from the directory pub/spaf/COAST/Tripwire. The
|
|
distribution is available as a compressed tar file, and as
|
|
uncompressed shar kits. The shar kit form of Tripwire version 1.0
|
|
will also be posted to comp.sources.unix on the Usenet.
|
|
|
|
A mailserver exists for distribution and to support a Tripwire mailing
|
|
list. To use the mail server, send e-mail to
|
|
"tripwire-request@cs.purdue.edu" with a message body consisting solely
|
|
of the word "help". The server will respond with instructions on how
|
|
to get source, patches, and how to join the mailing list.
|
|
|
|
Questions, comments, complaints, bugfixes, etc may be directed to:
|
|
genek@mentor.cc.purdue.edu (Gene Kim)
|
|
spaf@cs.purdue.edu (Gene Spafford)
|
|
|
|
3 November 1992
|