12-01-2011, 04:55 PM
Tripwire software can help to ensure the integrity of critical system files and directories by identifying all changes made to them.
Tripwire configuration options include the ability to receive alerts via email if particular files are altered and automated integrity
checking via a cron job. Using Tripwire for intrusion detection and damage assessment helps you keep track of system changes and can
speed the recovery from a break-in by reducing the number of files you must restore to repair the system.
Tripwire compares files and directories against a baseline database of file locations, dates modified, and other data. It generates the
baseline by taking a snapshot of specified files and directories in a known secure state. (For maximum security, Tripwire should be
installed and the baseline created before the system is at risk from intrusion.) After creating the baseline database, Tripwire compares
the current system to the baseline and reports any modifications, additions, or deletions.