Tripwire Enterprise Tripwire Enterprise Server – Getting Server – Getting StartedStarted

Doreen Meyer and Vincent Doreen Meyer and Vincent FoxFox

UC Davis, Information and UC Davis, Information and Education TechnologyEducation Technology

June 6, 2006June 6, 2006

Tripwire TopicsTripwire Topics

IntroductionIntroduction DemonstrationDemonstration Product descriptionProduct description UC Tripwire licenseUC Tripwire license Hardware requirementsHardware requirements

Tripwire TopicsTripwire Topics

DocumentationDocumentation How to ….How to …. Server deployment considerationsServer deployment considerations Next stepsNext steps Contact informationContact information

IntroductionIntroduction

What is Tripwire?What is Tripwire? Why use Tripwire?Why use Tripwire? Is it difficult to deploy Tripwire?Is it difficult to deploy Tripwire?

What is Tripwire?What is Tripwire?

Tripwire Enterprise audits changes by Tripwire Enterprise audits changes by detecting all changes, reconciling detecting all changes, reconciling these changes with authorized these changes with authorized changes, and reporting on change changes, and reporting on change activity. Agents can be any platform, activity. Agents can be any platform, including network devices like including network devices like switches and routers.switches and routers.

Why Use Tripwire?Why Use Tripwire?

Monitors ‘important’ file and registry Monitors ‘important’ file and registry values and properties (like access values and properties (like access times, flags, owner, etc)times, flags, owner, etc)

Enables Admins to detect files that Enables Admins to detect files that are added, modified or deleted are added, modified or deleted

Provides a history of what changes Provides a history of what changes during patchingduring patching

Is it difficult to deploy?Is it difficult to deploy?

Training sessions are helpfulTraining sessions are helpful It will take time to tune the rule It will take time to tune the rule

set for your systemsset for your systems You will need to incorporate You will need to incorporate

Tripwire steps into system change Tripwire steps into system change and patching procedures as well and patching procedures as well as daily log checksas daily log checks

DemonstrationDemonstration

(Typical uses of server)(Typical uses of server)

Product DescriptionProduct Description

VersionsVersions ComponentsComponents Operating Systems - ServerOperating Systems - Server Operating Systems - ClientOperating Systems - Client

VersionsVersions

Tripwire for Servers/Tripwire Tripwire for Servers/Tripwire ManagerManager

Tripwire Enterprise 5.2 (5.5 just Tripwire Enterprise 5.2 (5.5 just released). Adds reporting, multi-released). Adds reporting, multi-user, hosts + network devicesuser, hosts + network devices

* This course focuses on Tripwire * This course focuses on Tripwire EnterpriseEnterprise

TE ComponentsTE Components

*File Server*File Server *Network Devices*Network Devices DesktopDesktop Directory (Active Directory, Sun Directory (Active Directory, Sun

One)One) Database (Oracle)Database (Oracle)

* = UC licensed component* = UC licensed component

What can it operate What can it operate on?on?

Server PlatformServer Platform

Solaris [sparc] 8, 9,10Solaris [sparc] 8, 9,10 Windows 2000 Server Windows 2000 Server Windows 2003 ServerWindows 2003 Server Red Hat Linux Enterprise 3, 4 AS Red Hat Linux Enterprise 3, 4 AS

& ES& ES

Operating Systems - Operating Systems - ClientClient Windows NT 4.0 SP6aWindows NT 4.0 SP6a Windows XP Professional (Service Windows XP Professional (Service

Pack 2)Pack 2) Windows 2000 Professional & Server Windows 2000 Professional & Server

(Service Pack 4)(Service Pack 4) Windows 2003 Server (Service Pack Windows 2003 Server (Service Pack

1)1) Windows 2003 Server x64 Edition Windows 2003 Server x64 Edition

(Standard, Enterprise & Datacenter)(Standard, Enterprise & Datacenter)

Operating Systems - Operating Systems - ClientClient Solaris [sparc] 8, 9,10Solaris [sparc] 8, 9,10 Red Hat Linux Enterprise 3, 4 AS Red Hat Linux Enterprise 3, 4 AS

& ES& ES IBM AIX 5.1, 5.2, or 5.3 IBM AIX 5.1, 5.2, or 5.3 HP-UX 11, 11i v1, 11i v2HP-UX 11, 11i v1, 11i v2 SUSE Linux Enterprise Server 9SUSE Linux Enterprise Server 9 Cent OS 4.2Cent OS 4.2 Fedora Core 2Fedora Core 2

UCOP Tripwire LicenseUCOP Tripwire License

UCOP LicenseUCOP License Product optionsProduct options How to request the softwareHow to request the software

UCOP LicenseUCOP License

UCOP license, 5000 licensed nodesUCOP license, 5000 licensed nodes Funded through April, 2007Funded through April, 2007 IET subsidized the campus license, IET subsidized the campus license,

$10,000.00 for three years $10,000.00 for three years Software Licensing will work on a Software Licensing will work on a

future license agreementfuture license agreement

Requesting the Requesting the SoftwareSoftware Fill out the form available on the Fill out the form available on the

software licensing web sitesoftware licensing web site Dept name Dept name Requester information (contact Requester information (contact

info for person who will be info for person who will be receiving the license)receiving the license)

License exchange or new license?License exchange or new license?

Requesting the Requesting the SoftwareSoftware Server housing DB and web Server housing DB and web

interface: Tripwire Enterprise interface: Tripwire Enterprise Server. Order 1.Server. Order 1.

Clients that will be monitored: Clients that will be monitored: Tripwire Enterprise Server/FS. Tripwire Enterprise Server/FS. Order 1 for each client.Order 1 for each client.

Network devices that will be Network devices that will be monitored: Tripwire Enterprise monitored: Tripwire Enterprise Network Device. Order at least 1.Network Device. Order at least 1.

Requesting the Requesting the SoftwareSoftware Email your request to Email your request to

software@ucdavis.edusoftware@ucdavis.edu before 3:00 before 3:00 PM on June 7 to receive the PM on June 7 to receive the software license and download software license and download URL by June 9.URL by June 9.

The download URL will allow you to The download URL will allow you to generate a certificate for the generate a certificate for the server and download the software.server and download the software.

HardwareHardware

Server Requirements - WindowsServer Requirements - Windows Server Requirements - SolarisServer Requirements - Solaris Server Requirements - LinuxServer Requirements - Linux

Server Requirements - Server Requirements - WindowsWindows 3.0 GHz x86 processor or compatible3.0 GHz x86 processor or compatible 2 GB RAM2 GB RAM 2 SATA or SCSI hard drives2 SATA or SCSI hard drives 3.2 GB free disk space3.2 GB free disk space 4 GB Data storage space4 GB Data storage space 256 color display256 color display

Server Requirements - Server Requirements - LinuxLinux 3.0 GHz x86 processor or compatible3.0 GHz x86 processor or compatible 2 GB RAM2 GB RAM 2 SATA or SCSI hard drives2 SATA or SCSI hard drives 3.2 GB free disk space3.2 GB free disk space 4 GB Data storage space4 GB Data storage space 256 color display256 color display

Server Requirements - Server Requirements - SolarisSolaris 900 MHz UltraSPARC III processor900 MHz UltraSPARC III processor 2 GB RAM2 GB RAM 2 SCSI hard drives2 SCSI hard drives 3.2 GB free disk space3.2 GB free disk space 4 GB Data storage space4 GB Data storage space X-Windows capable displayX-Windows capable display 256 color display256 color display

How To …How To …

Acquire and download softwareAcquire and download software Install server softwareInstall server software Change passwordsChange passwords Secure your tripwire serverSecure your tripwire server

Getting Tripwire Getting Tripwire softwaresoftware Upon licensing you will be sent a Upon licensing you will be sent a

link in email to your products, link in email to your products, follow this link.follow this link.

Download te_server and all Download te_server and all agents. The server zip file will agents. The server zip file will also contain all documentation also contain all documentation files.files.

Installing Tripwire Installing Tripwire ServerServer Needs to be installed on console!Needs to be installed on console! Pick install location with enough Pick install location with enough

space, especially if running space, especially if running database on same server.database on same server.

Installing Tripwire Installing Tripwire ServerServerUse name to be advertised (e.g. Use name to be advertised (e.g.

FQDN)FQDN)

Installing Tripwire Installing Tripwire ServerServer Ports, pick and record choicesPorts, pick and record choices

Installing Tripwire Installing Tripwire ServerServer Services pw - server/client Services pw - server/client

interactioninteraction

Installing Tripwire Installing Tripwire ServerServer Wait a bit for service to initialize!Wait a bit for service to initialize! Access web console, e.g.Access web console, e.g.

https://localhost:1443/https://localhost:1443/

Installing Tripwire Installing Tripwire ServerServer First thing it wants is license cert!First thing it wants is license cert!

Installing Tripwire Installing Tripwire ServerServer Follow license link, generate certFollow license link, generate cert

Installing Tripwire Installing Tripwire ServerServer Change admin account password!Change admin account password! Store new admin account Store new admin account

passwordpassword Add new admin user(s) for daily Add new admin user(s) for daily

workwork

Tripwire Firewall Tripwire Firewall changeschanges Open https port to all hosts you Open https port to all hosts you

will administrate fromwill administrate from Open Services port to all hosts Open Services port to all hosts

that will run the agent.that will run the agent.

Tripwire informationTripwire information

3 PDF files included in server zip 3 PDF files included in server zip file, also on class CD.file, also on class CD.

Mailing list?Mailing list?

Assignment, due July Assignment, due July 1212 Order Tripwire software by June 7Order Tripwire software by June 7 Install Tripwire software on a Install Tripwire software on a

serverserver Think about: Why are you using Think about: Why are you using

Tripwire? It will guide your Tripwire? It will guide your decisions on rules, nodes, usersdecisions on rules, nodes, users

How should you group your How should you group your nodes/systems?nodes/systems?

Assignment, due July Assignment, due July 1212 Who should have access to Who should have access to

Tripwire?Tripwire? What kind of reports will be What kind of reports will be

helpful?helpful?

July Training ScheduleJuly Training Schedule

July 12: adding and configuring a July 12: adding and configuring a node using the basic rule setnode using the basic rule set

July 19: rules, tasks, and actionsJuly 19: rules, tasks, and actions July 26: reports, dashboard, July 26: reports, dashboard,

deployment stepsdeployment steps

Q&AQ&A

Questions?Questions?

Contact InformationContact Information

Vincent Fox Vincent Fox vfox@ucdavis.eduvfox@ucdavis.edu Doreen Meyer Doreen Meyer

dimeyer@ucdavis.edudimeyer@ucdavis.edu Robert Ono, Robert Ono, raono@ucdavis.eduraono@ucdavis.edu software@ucdavis.edusoftware@ucdavis.edu support@tripwire.comsupport@tripwire.com