Tripwire Intrusion Detection

Jul 30, 2007

I downloaded the tripwire version 2.4.1.1 but after the installation the /etc/tripwire/twinstall.sh file is not generated after the installation. I checked the contents of the RPM I downloaded and the script is not there.

How can I prepare the cfg file without this script?

[root@user]# rpm -qpl tripwire-2.4.1.1-1.i386.rpm

/etc/cron.daily/tripwire-check
/etc/tripwire
/etc/tripwire/twcfg.txt
/etc/tripwire/twpol.txt
/usr/sbin/siggen
/usr/sbin/tripwire
/usr/sbin/tripwire-setup-keyfiles
/usr/sbin/twadmin
/usr/sbin/twprint
/usr/share/doc/tripwire-2.4.1.1
/usr/share/doc/tripwire-2.4.1.1/COMMERCIAL
/usr/share/doc/tripwire-2.4.1.1/COPYING
/usr/share/doc/tripwire-2.4.1.1/ChangeLog
/usr/share/doc/tripwire-2.4.1.1/License-Issues
/usr/share/doc/tripwire-2.4.1.1/README.Fedora
/usr/share/doc/tripwire-2.4.1.1/TRADEMARK
/usr/share/doc/tripwire-2.4.1.1/policyguide.txt
/usr/share/doc/tripwire-2.4.1.1/tripwire.gif
/usr/share/man/man4/twconfig.4.gz
/usr/share/man/man4/twpolicy.4.gz
/usr/share/man/man5/twfiles.5.gz
/usr/share/man/man8/siggen.8.gz
/usr/share/man/man8/tripwire.8.gz
/usr/share/man/man8/twadmin.8.gz
/usr/share/man/man8/twintro.8.gz
/usr/share/man/man8/twprint.8.gz
/var/lib/tripwire
/var/lib/tripwire/report

View 3 Replies


ADVERTISEMENT

IDS - Intrusion Detection System

Sep 25, 2007

I have recently been using snort but I need something ideally graphically based so that it is easy to use and find your way around.

Can anyone recommend an IDS product that has a GUI?

View 1 Replies View Related

Intrusion Detection Tool Request

Jul 25, 2007

Is there a tool for intrusion detection where a central machine is responsible for requesting clients for file and directory information and reporting changes?

Do you know of any open source package preferable are available for RHEL4 and 5?

View 1 Replies View Related

Server Intrusion: Quick Fixes & What To Do

Nov 7, 2008

server intrusion: quick fixes

View 12 Replies View Related

Rootkit Detection On A Windows VPS

May 4, 2007

My Windows VPS has come under heavy attack by hackers trying to get through MSFTPSVC for the past month and they finally managed to somehow get in 2 days ago. Somehow, the "Allow anonymous login" setting was selected in my FTP settings and they got in.

They even managed to turn off my firewall. I guessing they used a buffer overflow or some other Windows Server 2003 weakness that was fixed in SP2 (too bad SP2 is'nt supported by SWSoft yet).

The attacks began less than 1 week after I had signed up with Virpus. I did'nt even have my domain name pointing to the server or a site up when the first set of dictionary attacks began. How common is that 0_0 ?

Anyway, since I now know they've gotten in I've run a virus check and everything looks clean but I really want to run some kind of root kit detection software. I've tried everything suggested on the antirootkit website but none of them seem to work on a VPS.

View 10 Replies View Related

Brute Force Detection (bfd)

Apr 6, 2007

ive just installed bfd on a new server:

[url]

And im getting the following in an email every 10 minutes:

Code:
/usr/local/bfd/conf.bfd: line 26:
: command not found
/usr/local/bfd/conf.bfd: line 38:
: command not found
/usr/local/bfd/conf.bfd: line 47:
: command not found
/usr/local/bfd/conf.bfd: line 59:
: command not found
/usr/local/bfd/conf.bfd: line 60:
: command not found
/usr/local/bfd/conf.bfd: line 76:
: command not found
/usr/local/bfd/conf.bfd: line 88:
: command not found
The email is being sent from:

Cron Daemon <root@hostname.com> (replaced hostname myself)

Now i know this isnt r-fx networks support but none of there support options seem to work so i figured id post here considering the amount of users that are likely to be using bfd (or you should be)

View 3 Replies View Related

Hacker Detection On Apache Log Files

Jul 2, 2009

I have a client that is certain someone is trying to hack her web-portal. I need to set up something that will alert me on suspicious activity on the server. For example someone fiddling with requests trying to make SQL / shell .. injection and similar threats.

Does any tool (for example bash script with grep) exist that would parse the raw apache logs and report if something is suspicious. Apache logs don't show the POST data so I am talking to admin to setup dump_io apache mod that enables this.

Or am I going into wrong direction here and there is whole another way to do this? I searched the web and forums for anything like this and didn't find anything.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved