Scribd Logo
Carica

Benvenuto in Scribd!

  • Tripwire Gettingstarted

    Caricato da

    AlexMaldonad
    13 visualizzazioni61 pagine
    Tripwire Gettingstarted informacion

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Tripwire Gettingstarted informacion

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    13 visualizzazioni61 pagine

    Tripwire Gettingstarted

    Caricato da

    AlexMaldonad
    Tripwire Gettingstarted informacion

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 61

    Tripwire Enterprise

    Server Basic Tasks


    Doreen Meyer and Vincent
    Fox
    UC Davis, Information and
    Education Technology

    Topics

    o
    o
    o

    Server install Q&A


    Understanding the UI
    Settings manager
    Your first node!
    Importing useful rules
    Agent install
    The managers: nodes, rules, actions,
    tasks, logs
    Baselining, version Checks, promotion

    Server Install

    Single-server, just run the installer


    Dual-server, you will need to add
    parameters to the install command
    Windows cannot install over TS
    STORE THOSE PASSWORDS!
    *Note: in 5.5 problems using a
    Services Password > 8 chars

    Server firewall/NAT

    Firewall, see Installation Guide,


    Chapter 1. Network requirements
    NAT, see Reference Guide,
    Chapter 4. System Properties

    Tripwire UI

    The TE GUI has many elements of


    a familiar desktop, but is not. This
    can lead to frustration and broken
    mice.

    Zones of the console

    TE Console Areas

    TE Console Flubs

    Server Settings

    User preference settings


    System preferences
    Email server

    Useful Account Setting

    System Preferences

    Shorten session timeout to 10


    minutes

    Email Servers

    Administration
    Settings

    Configure login method


    Creating roles
    Creating a user group
    Creating users

    Configure Login
    Method

    Roles

    Modifying Roles

    Creating User Groups

    Functional groups usually by role


    Obvious groupings: staff/admins,
    operations, management

    Node Setup Tasks

    Import TFS and/or UCD-basic rulesets


    Install agent on a node
    Create an action
    Use tasks to associate rule, node,
    action, and schedule a time to run.
    Create a baseline for the node
    Wait. Example for a rule with 7,000
    elements stored, took ~600 seconds.

    Import Useful Rules

    TFS rules very generic, usually result in


    many elements stored.
    UCD rules leaner, meaner.
    Rule names need to be unique or
    collision will occur.

    Install the Agent


    Software

    Install as Administrator
    Enter port + services password
    Punch holes in firewall!
    There is a silent install option, see
    Users Guide, Ch. 2, Installation
    Procedures for TE Agent

    Agent Install

    Agent Install

    Firewall on Client

    Create Email Action

    Create Email Action

    Move Discovered Node

    Move Discovered Node

    Move Discovered Node

    Create First Task


    We just want a Check Rule Task for our example

    Create First Task

    Create First Task

    Create First Task

    Test That It Works

    Modify a watched element


    Run the task, or do a node check
    Note the change or check your
    email
    Take action on the intrusion! Or,
    just promote the changes.

    Node Manager

    Adding a node group


    Linking a node
    Elements for file system nodes
    Element versions
    Node viewing filter

    Adding a Node Group

    Linking a Node

    Link Symbol

    TE Symbols Exposed

    Node Elements

    Element Versions

    Node Viewing Filter

    Without filtering, TMI

    Now we can see the


    trees

    Viewing Rules

    Rule Specifiers

    Action Manager

    Viewing Actions
    Creating an email action
    Creating an SNMP action
    Creating an execution action
    (locally or on TE server)

    An Execution Action

    An Execution Action
    echoing the file name of
    a changed element to a
    file

    Task Manager

    Viewing tasks
    Creating and deleting tasks

    Task Manager

    Log Manager

    Viewing logs
    Sorting and filtering Logs

    Log Manager

    Log Manager - Search

    The Baseline- What is


    Happening?

    Baselining I/O intensive on DB disks


    Recommend baselining only a small
    number of systems at once.

    Snapshot defined

    Temporary record of the


    monitored objects current
    attributes. In a baseline
    execution, this would become the
    baseline version. In a version
    check this is the now state we
    compare the baseline against.

    Versio
    n
    Check

    Viewing Changes

    Difference Viewer

    Promotion

    Promote selected versions


    Promote by match
    Promote by reference
    Promote by package

    Promote Selected
    Versions

    Promote current snapshot(s) to


    baseline. Select using the GUI.

    Homework for July 26

    Install an agent and associate it


    with a basic rule or rule set and a
    task or action
    Practice the procedures
    Deployment options

    Training Schedule

    July 12: adding and configuring a


    node using the basic rule set
    July 26: creating and modifying
    rules
    Aug 1 or 8?: reports, dashboard,
    deployment steps

    Resources

    http://security.ucdavis.edu/tripwire.cfm
    - Rulesets and presentations
    ucdtripwire@ucdavis.edu - mailing list
    Vincent Fox - vbfox@ucdavis.edu
    Doreen Meyer - dimeyer@ucdavis.edu
    Bob Ono - raono@ucdavis.edu
    Software - software@ucdavis.edu

    Potrebbero piacerti anche