Tripwire
Tripwire´Â Purdue University¿¡¼ Á¦ÀÛÇÑ ÈÀÏ°ú µð·ºÅ丮ÀÇ ¹«°á¼º(integrity)¸¦ °Ë»çÇÏ´Â µµ±¸ÀÌ´Ù. ÀÌ À¯Æ¿¸®Æ¼´Â ÀÌÀü¿¡ ¸¸µé¾îÁø µ¥ÀÌÅͺ£À̽º¿¡ ÀúÀåµÈ Á¤º¸¿Í ÇöÀç Á¸ÀçÇÏ´Â ÈÀÏ°ú µð·ºÅ丮ÀÇ Á¤º¸¸¦ ºñ±³ÇÑ´Ù. ±× °á°ú·Î ³ª¿À´Â ¸ðµç ´Ù¸¥ Á¡µéÀ» loggingÇÑ´Ù. ½Ã½ºÅÛ °ü¸®ÀÚ´Â Tripwire¸¦ ÅëÇÏ¿© È®ÀεÇÁö ¾ÊÀº ´©±º°¡(cracker)¿¡ ÀÇÇÏ¿© ÈÀÏÀ̳ª µð·ºÅ丮°¡ ¼öÁ¤µÇ¾ú´ÂÁö ±×·¸Áö ¾Ê¾Ò´ÂÁö¿¡ ´ëÇÏ¿© Á» ´õ È®½ÅÀ» °¡Áú ¼ö ÀÖ°Ô µÈ´Ù.
ftp://coast.cs.purdue.edu/pub/COAST/Tripwire/tripwire-1.2.tar.Z
¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
1) ¼³Ä¡´Â
README ¸¦ ÀÐ¾î º»´Ù.
Makefile¿¡¼ ´ÙÀ½ »çÇ×À» ¾Ë¸Â°Ô ¼öÁ¤ÇÑ´Ù.
DESTDIR ½ÇÇà ÈÀÏÀÌ ÀúÀåµÉ µð·ºÅ丮
MANDIR ¸Þ´º¾óÀÌ ¼³Ä¡µÉ µð·ºÅ丮
./configs µð·ºÅ丮¿¡ ÀÖ´Â conf-<OS>.h¶ó´Â ÈÀÏÀ» ã¾Æ¼ ÀÚ½ÅÀÇ ½Ã½ºÅÛ¿¡ ÇØ´çÇϴ ȲÀÏÀÌ ÀÖ´ÂÁö »ìÆ캸°í ./include/config.h ÈÀÏ¿¡ ±× Çì´õ ÈÀÏÀ» include ÇÑ´Ù.
./include/config.h ÈÀÏ¿¡¼ TripwireÀÇ ¼³Á¤ ÈÀϵéÀÇ °æ·Î¿Í À̸§À» ÁöÁ¤ÇÑ´Ù. ±×¸®°í °æ·Î¸¦ È®ÀÎÇÑ´Ù.
./configs µð·ºÅ丮¿¡¼ tw.conf.<OS> ÈÀÏÀ» ã¾Æ ÀÚ½ÅÀÇ ½Ã½ºÅÛ¿¡ ¸Â°Ô ¼öÁ¤ ÇÑÈÄ tw.config¶õ ÈÀϸíÀ¸·Î copyÇÑ´Ù.
¸ð´ÏÅÍÇÏ°í ½ÍÀº ÈÀÏÀ» tw.config¿¡ Ãß°¡ ½ÃŲ´Ù.
tw.config ÈÀÏÀ» ./include/config.hÈÀÏÀÇ 99, 100¹ø° ÁÙ¿¡ Ç¥½ÃµÈ À§Ä¡·Î ¿Å±ä´Ù.
make¶ó°í ŸÀÌÇÎÇÏ¸é ½ÇÇà ÈÀϵéÀÌ ¸¸µé¾î Áø´Ù.
2) ½ÇÇà
Tripwire´Â µ¥ÀÌŸº£À̽º »ý¼º, ¹«°á¼º Á¶»ç, µ¥ÀÌŸº£À̽º °»½Å, ´ëÈ½Ä °»½ÅÀÇ 4°¡Áö ¸ðµå·Î ÀÛµ¿µÈ´Ù. ¹«°á¼º Á¶»ç¸¦ À§Çؼ´Â ¸ÕÀú µ¥ÀÌŸº£À̽º°¡ »ý¼º µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. µ¥ÀÌŸº£À̽º¸¦ »ý¼ºÇÏ·Á¸é ¸ÕÀú tw.conf¸¦ ÆíÁýÇÏ¿©¾ß ÇÑ´Ù.
ÀÚ½ÅÀÌ ÁöÄѺ¸±â¸¦ ¿øÇÏ´Â ¸ðµç ÈÀϵéÀ» tw.conf¿¡ Àû´Â´Ù. ÀÌ ¼³Á¤ ÈÀÏÀÇ ¹®¹ýÀº ÈÀÏ ¸Ç ù ºÎºÐÀ̳ª ¸Þ´º¾ó ÆäÀÌÁö¿¡ ³ª¿Í ÀÖÀ¸´Ï Âü°íÇϱ⠹ٶõ´Ù. ÆíÁýÀÌ ³¡³ª¸é ´ÙÀ½°ú °°ÀÌ Ãʱâȸ¦ ÇØÁØ´Ù.
°¨½ÃÇÒ ÈÀϵéÀÇ signature ¸ñ·ÏÀ» ¸¸µå´Â ºÎºÐ, ´ÙÀ½ ¸í·ÉÀ¸·Î ÀÛµ¿ÇÑ´Ù.
% tripwire -initialize
½ÇÇà½ÃŲ À§Ä¡¿¡¼ µ¥ÀÌŸº£À̽º°¡ »ý¼ºµÇ°í ±×¾È¿¡ te.db_hostname ÇüÅÂÀÇ µ¥ÀÌŸº£À̽º°¡ ¸¸µé¾î Áø´Ù.
ÀÌ ÈÀÏÀÇ À§Ä¡°¡ ./include/config.h ÈÀÏÀÇ DATABASE_PATH¿¡ Ç¥½ÃµÈ À§Ä¡¿Í ´Ù¸£¸é Ç¥½ÃµÈ À§Ä¡·Î ¿Å°ÜÁØ´Ù.
±× ´ÙÀ½¿¡´Â tripwire¸¦ ŸÀÌÇÎÇÔÀ¸·Î½á ¹«°á¼ºÀ» Á¶»çÇÒ ¼ö ÀÖ´Ù.
´ÙÀ½Àº ÁÖ¿ä ¿É¼ÇÀÌ´Ù.
-initialize µ¥ÀÌŸº£À̽º¸¦ »ý¼º½ÃŲ´Ù.
-interactive ´ëȽÄÀ¸·Î ¹«°á¼º¸¦ Á¶»çÇÑ´Ù.
-d datavasefile µ¥ÀÌŸº£À̽º ÈÀÏÀ» Á¤ÇØÁØ´Ù.
-c configfile ¼³Á¤ÈÀÏÀ» Á¤ÇØÁØ´Ù
-update entry ÁÖ¾îÁø entry¸¦ °»½ÅÇØ ÁØ´Ù.
3) »ç¿ë ¿¹
info tripwire > tripwire -initialize
### Warning: creating ./databases directory!
###
### Phase 1: Reading configuration file
### Phase 2: Generating file list
tripwire: /.rhosts: No such file or directory
tripwire: /.profile: No such file or directory
tripwire: /.logout: No such file or directory
tripwire: /.forward: No such file or directory
tripwire: /.netrc: No such file or directory
tripwire: /etc/dfs/sharetab: No such file or directory
tripwire: /etc/hosts.equiv: No such file or directory
tripwire: /etc/rmtab: No such file or directory
tripwire: /usr/bin/su: No such file or directory
### Phase 3: Creating file information database
###
### Warning: Database file placed in ./databases/tw.db_info.
###
### Make sure to move this file file and the configuration
### to secure media!
###
### (Tripwire expects to find it in '/usr/adm/tripwire/databases'.)
info tripwire >
info tripwire > tripwire
### Phase 1: Reading configuration file
### Phase 2: Generating file list
/usr/local/bin/tripwire: /.rhosts: No such file or directory
/usr/local/bin/tripwire: /.profile: No such file or directory
/usr/local/bin/tripwire: /.logout: No such file or directory
/usr/local/bin/tripwire: /.forward: No such file or directory
/usr/local/bin/tripwire: /.netrc: No such file or directory
/usr/local/bin/tripwire: /etc/dfs/sharetab: No such file or directory
/usr/local/bin/tripwire: /etc/hosts.equiv: No such file or directory
/usr/local/bin/tripwire: /etc/rmtab: No such file or directory
/usr/local/bin/tripwire: /usr/bin/su: No such file or directory
### Phase 3: Creating file information database
### Phase 4: Searching for inconsistencies
###
### Total files scanned: 4173
### Files added: 0
### Files deleted: 0
### Files changed: 3890
###
### After applying rules:
### Changes discarded: 3890
### Changes remaining: 0
info tripwire >
|