 |
 |
Tripwire on Mac OS X
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2001
Location: Middle Earth
Status:
Offline
|
|
Many of you have probably heard of a file integrity product called Tripwire - it's basically a file system monitoring tool that can detect any/all deviations from an established baseline, and can notify you of these changes. It's developed by a private company ( www.tripwire.com) that spun off a GPL'd version for Linux a couple years ago, but continue to develop and offer a commercial version. Their recent versions have (not surprisingly) many significant improvements over the Open Source release, but this release still works quite well on individual systems.
I use this product regularly at work, and one of my few gripes has been the distinct lack of any Macintosh support... But recently, a kind developer from the Open Source community released an OS X patch!
I have assembled a functioning version complete with an installation script - you can download the bundle here. If you prefer to roll your own, the source code for this package is also available. This package is derived from the original source available on SourceForge under the Tripwire project, and the patch is available separately.
-----------
Jason
frodo@macguru.net
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2002
Status:
Offline
|
|
Cool - I always wondered why this one hadn't made it to the Mac.
Still a little unnerving when a person with one post places a pre-compiled security app. with presumably full root access, on a Mac message board. I mean if you were going to r00t a few boxes, it is how I'd do it - mmm... Thanks for the idea. 
|
|
I have Mac
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2000
Status:
Offline
|
|
Check out radmind ( http://www.radmind.org ) as an alternative to tripwire. radmind is even more powerful: if it finds changes to the filesystem, it can optionally reverse the change.
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2001
Location: Middle Earth
Status:
Offline
|
|
Believe me, I understand your reluctance to just leap into unverified and untrusted installations... I've had to deal with the repercussions when (Windows-using) family committed lesser gaffes.
I originally planned to simply post links to the source code, but it seemed unlikely that more than a few % of Mac users would go to the effort of compiling and configuring. Nevertheless, the source code is available concurrently if you have any concerns whatsoever.
I actually have tried working with radmind, but was never quite able to make it do what I wanted: protect just one or two systems without *lots* of overhead and administration. Radmind looks great for a centrally managed environment where config management is of more importance than security, but it didn't scale down well (at least for me).
Besides, it's kind of telling when radmind describes *itself* "as a tripwire", and I figured that since alternatives can only foster improvement, it wouldn't hurt to spread the word about this patch.
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
Sweet deal!!! I've been mucking around with it but I'm not much of a coder really so I was fumbling through it. I'll let you know if I find anything broken. Many thanks.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Madison, WI
Status:
Offline
|
|
|
|
|
OS X: Where software installation doesn't require wizards with shields.
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2001
Location: Middle Earth
Status:
Offline
|
|
I haven't actually used CheckMate, but based on a brief tour of the product, the following differences are apparent:
- Tripwire watches 19 attributes, CheckMate watches one (MD5)
- Tripwire can recurse through directories
- Tripwire can monitor 'dynamic' files - watches ownership, permissions, etc to verify that access to changing files is maintained
- Tripwire has a great deal of internal security, and resists tampering to an extraordinary degree
On the other hand:
- CheckMate is integrated with the System preferences, and doesn't require command-line manipulations
- CheckMate allows you to offload the 'database' to an external location and reload it later. You can do this with Tripwire, it's just not as seamless.
So it really depends on which one appeals to you more - security/flexibility, or ease of setup.
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Apr 2001
Location: Middle Earth
Status:
Offline
|
|
I haven't actually used CheckMate, but based on a brief tour of the product, the following differences are apparent:
- Tripwire watches 19 attributes, CheckMate watches one (MD5)
- Tripwire can recurse through directories
- Tripwire can monitor 'dynamic' files - watches ownership, permissions, etc to verify that access to changing files is maintained
- Tripwire has a great deal of internal security, and resists tampering to an extraordinary degree
On the other hand:
- CheckMate is integrated with the System preferences, and doesn't require command-line manipulations
- CheckMate allows you to offload the 'database' to an external location and reload it later. You can do this with Tripwire, it's just not as seamless.
So it really depends on which one appeals to you more - security/flexibility, or ease of setup.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
