Date: Tue, 03 Nov 92 17:22:08 EST >From: Gene Spafford Subject: File 5--Tripwire "Integrity Monitor" This is to announce the first public release of "Tripwire." Tripwire is an integrity-monitor for Unix systems. It uses several checksum/signature routines to detect changes to files, as well as monitoring selected items of system-maintained information. The system also monitors for changes in permissions, links, and sizes of files and directories. It can be made to detect additions or deletions of files from watched directories. The configuration of Tripwire is such that the system/security administrator can easily specify files and directories to be monitored or to be excluded from monitoring, and to specify files which are allowed limited changes without generating a warning. Tripwire can also be configured with customized signature routines for site-specific checks. Tripwire, once installed on a clean system, can detect changes from intruder activity, unauthorized modification of files to introduce backdoor or logic-bomb code, (if any were to exist) virus activity in the Unix environment. Tripwire is provided as source code with documentation. The system, as delivered, performs no changes to system files and does not require root privilege to run (in the general case). The code has been beta-tested in a form close to that of this release at over 100 sites world-wide. Tripwire should work on almost any version of Unix, from Xenix on 80386-based machines to Cray and ETA-10 supercomputers. Tripwire may be used without charge, but it may not be sold or modified for sale. Tripwire was written as a project under the auspices of the COAST Project at Purdue University. The primary author was Gene Kim, with the aid and under the direction of Gene Spafford (COAST director). Copies of the Tripwire distribution may be ftp'd from ftp.cs.purdue.edu from the directory pub/spaf/COAST/Tripwire. The distribution is available as a compressed tar file, and as uncompressed shar kits. The shar kit form of Tripwire version 1.0 will also be posted to comp.sources.unix on the Usenet. No mailserver access currently exists for distribution, although we expect some archive sites with such mechanisms will eventually provide access. Questions, comments, complaints, bugfixes, etc may be directed to: genek@mentor.cc.purdue.edu (Gene Kim) spaf@cs.purdue.edu (Gene Spafford) Downloaded From P-80 International Information Systems 304-744-2253