Ubuntu Security :: Install Tripwire On Computer?

May 1, 2011

I am going to try to install Tripwire on my computer. I do not know why or how to configure Tripwire policy and configuration files.

View 1 Replies


Security :: Tripwire Initial Configuration - New Policy - P

Jul 29, 2009

I have just installed tripwire. I have created a baseline db using the default policy file. Then I checked the output of the db to see what I did not have on my filesystem that db was searching for (according to the default policy when tripwire was installed), I then changed my default clear text policy file accordingly and used twadmin to generate a new tw.pol file.

Next I come grinding to a halt after this (assuming the next thing is to update the policy in tripwire right? )


View 2 Replies View Related

Security :: Periodic Update Of Tripwire Policy File?

Jul 1, 2010

I have tripwire running on one of our servers on a daily basis, and I was curious to know if it is good practice to periodically update the policy file. The reason for my asking that is while the daily reports that I get indicate there have been changes to files on a daily basis, there are also files that have not been modified for over a month. My thinking is an update of the policy file will establish an updated baseline, and those files that have not been changed for so long will not be reported on until they get changed again.

View 1 Replies View Related

Security :: Shell Login Tripwire - Optimal Place?

Jul 11, 2010

I have disabled root login in my remote shell and I have a pretty strong password. I am not happy though. I want to increase security. I've been thinking about installing some basic tripwire rig, like say, send myself an email every time I (or anyone) log in. My questions:

- What kind of data would be useful to be sent in that email? Anything else besides "user so-and-so logged in at {date and time}"?

- How would I achieve that? Is it enough to include it in .tcshrc (because my shell is tcsh)? Should I add it to other shells as well (.bashrc, .csh etc.) even though nobody uses the other shells? Is it better placed in some other file, like .login? What is the optimal place?

- Would that be enough? Can I make that whole idea more secure in any way?

View 11 Replies View Related

Fedora Security :: Tripwire Revealed File Size Differences?

May 14, 2009

Recently I decided to utilize an IDS system. So I installed Open Source Tripwire. Not that I am too worried about anyone gaining a successful foothold on my system. But I wanted to learn and experience this IDS system. And no, this is not a new server install but I have never seen anything that resembles illegal activity. My server is an installed CentOS 5.3 with SELinux in targeted mode.

Tripwire has brought to light some interesting things. Installation states to verify rpm packages using rpm -Va. I have found that many of my system binaries are not the same size as if I were to replace them via yum. Most of the binaries are like twice the size compared to a newly installed package, of the same version. I'm not sure what to make of this. These programs are the original installs (CentOS 5.1) and I keep the system up to date regularly via yum.

I wonder if perhaps these system files installed are perhaps different then individual package size installed via yum? I have a hard time believing this as a package is a package. The only other possibility that comes to mind is that nearly my entire system has been hacked with new system files, and in a way that has revealed and suggest nothing. I find that far fetched as I have run this server for some time now and I should think I would know a problem as not a morning goes by that I haven't review my logs, as they are emailed to me. Thoughts about the difference in file sizes? Those installed via CentOS DVD verses those installed via yum?

View 3 Replies View Related

Ubuntu :: How To Install The Tripwire

Jul 2, 2010

I'm trying to install Tripwire, but everytime I run the apt-get command, I receive an error.

How do I fix this and get Tripwire installed?

EDIT: I'm getting the same error trying to install updates. I've never seen this error before and am not sure what could be causing this.

View 1 Replies View Related

Red Hat :: How To Copy Tripwire From Rh9 Install

May 17, 2010

Can someone please tell me how to copy tripwire from my rh9 install and tranfer it to Fedora Core 5??

View 3 Replies View Related

Ubuntu Security :: Computer Shutdown During 11.04 Install?

Apr 29, 2011

My laptop randomly shuts off, at first I thought it was an issue with the laptop overheating but during the install of 11.04 I made sure the laptop had a fan blowing on it constantly and checked it and determined it couldn't have overheated. My problem now is that I was able to use a live cd to access my old files but was presented with only two files stating that my files were encrypted, I'm don't ever recall encrypting my files and so I'm without a passphrase.

What I'm wondering, is there a way to gain access without the passphrase? Or is there a way to fix the corrupt install?

View 4 Replies View Related

Software :: Excluding Directories And Files In Tripwire?

Jul 12, 2010

I have tripwire 2.4.1 up and running on one of our servers, and I am now in the process of configuring it to exclude some files and/or directories that are known to change periodically between integrity checks.

I did some reading on the subject, and one file that came up was the tw.config file. However, when I did a search for the file, there was no instance of it on the server. My next thought was to modify the tw.pol file, and I did try to list some files to be excluded. However, when I tried to update the policy, I got an error message which indicated the syntax that I entered within the tw.pol file was incorrect.

If the tw.config file does not exist, can I create it, and modify the tw.pol file to indicate where the file is located on the server?

View 1 Replies View Related

Ubuntu :: Install Windows Xp On Computer In Virtual Machine - Watch Netflix On Computer

Jun 30, 2010

so here's my problem. I am trying to install windows xp on my computer in virtual machine so i can watch netflix on my computer. The disk will not start up, if I restart and try to boot from load i just sits there and says boot from cd. The disk drive plays music cd's fine, so i dont really know what the issue is.

I dont know that much aboutut ubuntu. a tech friend put it on hard drive he gave me after mine crashed. also i should ad that i took the disk to someone else's house that haswidnows installed and the disk worked just fine, so its not a disk problem

View 8 Replies View Related

Software :: Tripwire Reports Huge In Size / Reduce / Prune Them?

Jan 21, 2009

I have been asked to investigate some of our servers that run tripwire 2.3.0 on Red Hat Linux Advanced Server release 2.1AS (Pensacola)

We have the reports emailed to us using cron and twprint -m r -r report -t 4, it has been growing steadily and today it was 9mb It seems the database records go back to before 2004 and are being compared against today's files.

I really need to be informed what needs to be done to tripwire to keep it serviced through cron. I have tried to google this but could not find any information that seemed to answer my questions.

Looking at the following guide url step 6 talks about "Updating the Database after an Integrity Check" using

# tripwire --update --twrfile /var/lib/tripwire/report/<name>.twr Should I be using this command or should I be re-creating the db every month or so and using the #tripwire -init?

Extract from report -


Section: Unix File System

Rule Name Severity Level Added Removed
--------- -------------- ----- ------- --------
Invariant Directories 66 0 0 0

I need to understand how to change the expected to the observed so the db will be up to date.

I would also like some of the rules explained:What does removed and added mean? Is it removed as it has not changed and added if it finds a new one that has?


Rule Name: System boot changes (/lib/modules)
Severity Level: 100
Added Objects: 3075

View 1 Replies View Related

Red Hat :: Rhel 4.8 - Nc: Connecting - Cannot Get The Tripwire Server To Talk To The Agent On The Red Hat Machine

Dec 7, 2010

I have tripwire enterprise (not open source) agent running on one of my rhel4.8 web servers (I have actually tried with two servers with same results). The agent is a simple install rpm bin file and appears to be running as it should and the server for tripwire enterprise is set up accordingly. A windows tripwire enterprise agent is also on a windows machine that works perfectly well. But I cannot seem to get the tripwire server to talk to the agent on the red hat machine.

I can connect to port 9898 on the server, but the agent who also talks over the same port doesn't appear to be responding to the server on this port. There are no iptables set up to block the requests, there is no firewall set up (disabled) . Network team can see the packet requests being sent over the routers fine... So can't see why there would be a problem. So i reverted to the use of net cat.

Nc -l 9898 (on the agent machine)
Telnet <agent> 9898

But I get connection refused. Is there anything I could be missing here? Redhat is not my Linux of preference and it may be something obvious!

View 4 Replies View Related

Ubuntu Security :: Possible Backdoor On Computer?

Apr 13, 2010

I was looking at my firewall(firestarter) logs. It shows that a program named Master's Paradise has been trying to make connections to outside from my computer on port 3129. Why would I have something like this on my machine? Is this something I need to be worried about?? Or is some legitimate program using port 3129 and the firewall log is still showing it as Master's Paradise?

View 9 Replies View Related

Ubuntu Security :: My Computer Is Being Hacked / What To Fix It?

Feb 27, 2011

I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a

My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .

Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.

Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP

only thing I can find on it http://whatismyipaddress.com/ip/

It is Limestone Networks in Dallas.

Some strang things have been happing to my computer in past 4 months and is getting worse.

I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.

View 9 Replies View Related

Ubuntu Security :: Gufw - Cannot See The Other Computer Files

Jan 1, 2010

VERY GREEN to Ubuntu. My setup:

1. computer A connects to the internet through usb dial up modem
2. computer A & B are wirelessly networked through an ADHOC network.
3. computer B doesnot need to connect to the internet.

I've installed the GUFW. If I enable it I can not see the other computer files. I use static IPs for both. I tried setting a rule but I get stumped were it asks for the port. I'm not all that familiar with ports.

View 9 Replies View Related

Ubuntu Multimedia :: Set Up As Security Camera On Computer?

Jan 8, 2010

I have a creative pc cam 300 that i have been trying to set up as a security camera, on a computer running ubuntu 9.10. I tried installing the spca5xx driver, but i can only find it for old versions of ubuntu and it doesnt work. Does anyone know how to get the driver working?

View 3 Replies View Related

Ubuntu Security :: Boot Usb On Work Computer ?

Feb 11, 2010

I work in a retail store at which there is a computer set up in the corner for customers to browse the stores website on. The problem is that that is all it will let me do. I get board, and want to do other stuff. Once windows starts, it skips the logon on screen and once loaded the only thing that can be done on the computer is browse the stores website.

However, if I unplug the computer I can while its starting up get into BIOS. So here im wondering two things. 1) If I put in the USB, boot from it, and load ubuntu (even though I will only be able to use the default programs as theres no way I would want to install it on the work computer), will I get fired? In other words, is there a way if there monitoring the computers to know what im doing or because its a different OS will I be fine. 2) Alternatively, in BIOS there is an option to disable network administration.

For this my question is the same, if I disable it, do fun stuff on the computer all day, the re-enable it before I leave is there a high change of the network administration catching on to this or no.

View 2 Replies View Related

Ubuntu Security :: Make Computer More Secure?

Dec 9, 2010

I have very little security and networking experience. What can I do to make my computer more secure?

View 5 Replies View Related

Ubuntu Security :: ISP Keeps Complaining About Infected Computer

Feb 27, 2011

For a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.

View 4 Replies View Related

Ubuntu Security :: Computer Has Been Hacked / Monitored?

Mar 22, 2011

my computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.

Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.

When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!

Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...

If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.

View 9 Replies View Related

Ubuntu Security :: How To Know If An Intruder Had Attacked Computer

Aug 2, 2011

How does one know if an intruder had secretly accessed one's system? Does system log help? It seems it does but I am yet to figure out how to understand those files. Can anybody please help? Or are there other ways to confirm that. It may happen that the intruder had accessed some vital information but so far had not done anything malicious.

View 2 Replies View Related

Ubuntu Security :: Can Flash Player Bug Take Control Of Computer

Jun 6, 2010

Reading from this article New Flash Bug Exploited By Hackers : How to avoid it? In particular the article said


A new attack on a Flash bug has surfaced that would give attackers control of a victim´┐Żs computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.

View 4 Replies View Related

Ubuntu Security :: Broke Into Computer - Verify Attack?

Dec 28, 2010

mpg123 suddenly started playing a police siren occationly. I checked the process once I heard it, and root was the process owner. How could this happen? Have someone broke into my computer? If so - how could I verify an attack? I run Ubuntu 9.10.

View 2 Replies View Related

Fedora Security :: How To Tell If Computer Is Being Attacked

May 16, 2010

[URL] This web page says: "The team set up weak security on four Linux computers with Internet access, then recorded what happened as the individual machines were attacked. They discovered the vast majority of attacks came from relatively unsophisticated hackers using "dictionary scripts," a type of software that runs through lists of common usernames and passwords attempting to break into a computer."

How did they "record what happened as the individual machines were attacked"? How did they figure out that "the vast majority of attacks came from relatively unsophisticated hackers using 'dictionary scripts'"? What I am really getting at is that I've searched the net and found lots of advice on how to detect if your computer has been hacked but I haven't found ways to know if your computer is being attacked. Obviously, this group did that.

View 6 Replies View Related

Security :: Computer Is INFECTED According To ClamAV?

Apr 11, 2010

I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,

View 3 Replies View Related

Security :: Computer Has Been Infected With Trojans?

Jan 7, 2010

I'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.

View 14 Replies View Related

Ubuntu Security :: Access Remote Hard Drive From Another Computer

Jan 12, 2010

What I want to do is pull data from any of the hard drives attached to my Linux box from my Windows machine. I have been moving small amounts of data from the drives to my OS drive and those parts share easily, but I want to move away from that method to move large amounts of data at the same time.I have tried using Samba as it is used for file sharing between systems and that I have to give my Windows box permission through Samba.

Trick is, I'm not sure where to start, though I have an idea and wanted to know if this is the right track before I start editing my file system.

View 3 Replies View Related

Ubuntu Security :: Which Process Make Sudo Gconftool On Computer

Jan 29, 2010

On my HTPC/Server unbuntu box I have installed logwatch in order to get a daily look on my computer activity.

And I often have this line in the report :


root => my_user
/usr/bin/gconftool - 3 Times.

The corresponding line in auth.log are :


./auth.log:Jan 28 07:59:31 sweetBox sudo: root : TTY=unknown ; PWD=/ ; USER=my_user ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/use_http_proxy
./auth.log:Jan 28 07:59:32 sweetBox sudo: root : TTY=unknown ; PWD=/ ;


View 6 Replies View Related

Ubuntu Security :: Innocent Website Tries To 'scan' Computer / Should I Get Protection?

May 6, 2010

So I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.

Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.

View 6 Replies View Related

Ubuntu Security :: Scan Windows Computer From Laptop Via Network?

Aug 30, 2010

How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?

View 5 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved