(Tripwire is one of the most effective tools in UNIX security standards. Tripwire can detect as many as 10 kinds of UNIX file system attributes and more than 20 kinds of NT file system (including registry) attributes. Tripwire first uses a specific feature code function to build a feature database for the system files and directories to be monitored. The so-called feature code function is a function that uses any file as input to generate a fixed size of data (feature code). If the intruder/intruder repairs the file, even if the file size remains the same, the signature of the file will be damaged. Using this database, Tripwire can easily spot small changes to the system. And the signature of the file is almost impossible to forge, and any changes to the system cannot escape the monitoring of Tripwire. In order to avoid being tampered with, Tripwire encrypts and manages some important files of its own. There are two keys involved here: the site key and the local key. Among them, the former is used to maintain policy files and configuration files. If multiple machines have the same policy and configuration, they can use the same site key; the latter is used to maintain databases and reports, so different machines have the same site key. It is necessary to use a different local key.
Tripwire_for_linux.doc)