Check out the new USENIX Web site.

Writing, Supporting, and Evaluating Tripwire:
A Publically Available Security Tool

Gene H. Kim* and Eugene H. Spafford

COAST Laboratory
Department of Computer Sciences
Purdue University
West Lafayette, IN 47907-1398

Abstract

Tripwire is an integrity checking program written for the Unix environment that gives system administrators the ability to monitor file systems for added, deleted, and modified files. First released in November of 1992, Tripwire has undergone several updates and is in current use at thousands of machines worldwide.

This paper begins with a brief overview of what Tripwire does and how it works. We discuss how certain implementation decisions affected the course of Tripwire development. We also present other applications that have been found for Tripwire. These unanticipated uses guided the demands of some users, and we describe how we addressed some of these demands without compromising the ability of Tripwire to serve as a useful security tool.

We also discuss the process of releasing, and then supporting, a widely available and widely used tool across the Internet, and how meeting users' high expectations affects this process. How these issues affected Tripwire, done as as an independent study by an undergraduate, is also discussed. Software tools that were used in developing and maintaining Tripwire are presented. Finally, we discuss problems that remain unresolved and some possible solutions.

(*)Gene Kim is currently at the University of Arizona.

Download the full text of this paper in ASCII (2366 bytes) and POSTSCRIPT (183,016 bytes) form.

To Become a USENIX Member, please see our Membership Information.