Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Install the Tripwire file system monitoring tool Apps
Many of you have probably heard of a file integrity product called Tripwire - it's basically a file system monitoring tool that can detect any and all deviations from an established baseline, and can notify you of these changes. It's developed by a private company that spun off a GPL'd version for Linux a couple years ago, but continued to develop and offer a commercial version. Their recent versions have (not surprisingly) many significant improvements over the Open Source release, but this release still works quite well on individual systems.

I use this product regularly at work, and one of my few gripes has been the distinct lack of any Macintosh support. But recently, a kind developer from the Open Source community released an OS X patch!

I have assembled a functioning version complete with an installation script - you can read the instructions and download the bundle here. If you prefer to roll your own, the source code for this package is also available. This package is derived from the original source available on SourceForge under the Tripwire project, and the patch is available separately as well.
    •    
  • Currently 1.83 / 5
  You rated: 3 / 5 (6 votes cast)
 
[12,400 views]  

Install the Tripwire file system monitoring tool | 4 comments | Create New Account
Click here to return to the 'Install the Tripwire file system monitoring tool' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Install the Tripwire file system monitoring tool
Authored by: gurple on Sep 30, '03 05:06:24PM

It's been a pretty long time since I've managed a Tripwire installation and I can't quite remember all that it can do. However, for basic secure comparison of MD5 checksums Checkmate is a great way to go. It's a PrefPane item so you interact with it through the System Preferences utility.

I've been using Checkmate for several years now and am quite happy with it. Just remember to update your checksums after a large OS update or whenever you make a change to one of the watched files.

http://personalpages.tds.net/~brian_hill/checkmate.html

Cheers,
gurple

---
--
We've secretly replaced his regular signature with Folgers Crystals®.



[ Reply to This | # ]
Install the Tripwire file system monitoring tool
Authored by: bluehz on Sep 30, '03 06:07:51PM

I have often thought of using Tripwire on my server - but never took the plunge because I can only imagine the huge cpu hit the machine must take while comparing 1000's of checksums. Is this true or not?



[ Reply to This | # ]
Install the Tripwire file system monitoring tool
Authored by: frodo on Sep 30, '03 07:14:04PM

It does hit the cpu, but it's not as bad as you might think. On my systems a full scan takes from 5-8 minutes to check about 240,000 files - and this is with seti@home running in the background.

The cpu load will stay between 20% and 60% in general, and you can always nice it down significantly to help mitigate the impact.

I usually have Tripwire run once a night, but I also came up with a shell script that will run Tripwire every few hours, provided that the screensaver is also running.... no screensaver, then the machine isn't idle and it'll bypass the scan until next time.

There are two primary ways to reduce cpu consumption - reduce the number of files you're watching (limiting recursion can help immensely here) and reduce the number of hashes you're harvesting on each object. Tripwire offers four, and anything other than crc32 and MD5 can *really* add to the scan length.

----------
Jason



[ Reply to This | # ]
Install the Tripwire file system monitoring tool
Authored by: Yelsmek on Oct 01, '03 12:00:25AM

Yet Another Snapshot Application...

File Buddy can take a snapshot of a disk and compare it with previous snapshots.



[ Reply to This | # ]