Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Install the Tripwire file system monitoring tool' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Install the Tripwire file system monitoring tool
Authored by: bluehz on Sep 30, '03 06:07:51PM

I have often thought of using Tripwire on my server - but never took the plunge because I can only imagine the huge cpu hit the machine must take while comparing 1000's of checksums. Is this true or not?



[ Reply to This | # ]
Install the Tripwire file system monitoring tool
Authored by: frodo on Sep 30, '03 07:14:04PM

It does hit the cpu, but it's not as bad as you might think. On my systems a full scan takes from 5-8 minutes to check about 240,000 files - and this is with seti@home running in the background.

The cpu load will stay between 20% and 60% in general, and you can always nice it down significantly to help mitigate the impact.

I usually have Tripwire run once a night, but I also came up with a shell script that will run Tripwire every few hours, provided that the screensaver is also running.... no screensaver, then the machine isn't idle and it'll bypass the scan until next time.

There are two primary ways to reduce cpu consumption - reduce the number of files you're watching (limiting recursion can help immensely here) and reduce the number of hashes you're harvesting on each object. Tripwire offers four, and anything other than crc32 and MD5 can *really* add to the scan length.

----------
Jason



[ Reply to This | # ]