52ky 发表于 2022-9-19 18:53:35

Tripwire for linux

Tripwire是UNIX安全标准中最有效的工具之一,Tripwire可检测多达10多种的UNIX文件系统属性和20多种的NT文件系统(包括注册表)属性。Tripwire首先使用特定的特征码函数为需要监视的系统文件和目录建立一个特征数据库,所谓特征码函数即是使用任意的文件作为输入,产生一个固定大小的数据(特征码)的函数。入/侵者假如对文件进行了修复,即便文件大小不变,也会损坏文件的特征码。利用这个数据库,Tripwire可以很容易地发现系统的一点点纤细的改变。并且文件的特征码几乎是不可能假造的,系统的任何改变都逃不过Tripwire的监视。为了避免被篡改,Tripwire对其本身的一些重要文件进行了加密和签名管理。这儿涉及到两个密钥:site密钥和local密钥。其间,前者用于维护策略文件和配置文件,假如多台机器具有一样的策略和配置的话,那么它们就可以使用一样的site密钥;后者用于维护数据库和报告,因而不一样的机器有必要使用不一样的local密钥。
Tripwire_for_linux.doc

(Tripwire is one of the most effective tools in UNIX security standards. Tripwire can detect as many as 10 kinds of UNIX file system attributes and more than 20 kinds of NT file system (including registry) attributes. Tripwire first uses a specific feature code function to build a feature database for the system files and directories to be monitored. The so-called feature code function is a function that uses any file as input to generate a fixed size of data (feature code). If the intruder/intruder repairs the file, even if the file size remains the same, the signature of the file will be damaged. Using this database, Tripwire can easily spot small changes to the system. And the signature of the file is almost impossible to forge, and any changes to the system cannot escape the monitoring of Tripwire. In order to avoid being tampered with, Tripwire encrypts and manages some important files of its own. There are two keys involved here: the site key and the local key. Among them, the former is used to maintain policy files and configuration files. If multiple machines have the same policy and configuration, they can use the same site key; the latter is used to maintain databases and reports, so different machines have the same site key. It is necessary to use a different local key.
Tripwire_for_linux.doc)




页: [1]
查看完整版本: Tripwire for linux