Transcript Tripwire Enterprise Server - Getting Started
Tripwire Enterprise Server – Getting Started
Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006
Tripwire Topics
Introduction Demonstration Product description UC Tripwire license Hardware requirements
Tripwire Topics
Documentation How to ….
Server deployment considerations Next steps Contact information
Introduction
What is Tripwire?
Why use Tripwire?
Is it difficult to deploy Tripwire?
What is Tripwire?
Tripwire Enterprise audits changes by detecting all changes, reconciling these changes with authorized changes, and reporting on change activity. Agents can be any platform, including network devices like switches and routers.
Why Use Tripwire?
Monitors ‘important’ file and registry values and properties (like access times, flags, owner, etc) Enables Admins to detect files that are added, modified or deleted Provides a history of what changes during patching
Is it difficult to deploy?
Training sessions are helpful It will take time to tune the rule set for your systems You will need to incorporate Tripwire steps into system change and patching procedures as well as daily log checks
Demonstration
(Typical uses of server)
Product Description
Versions Components Operating Systems - Server Operating Systems - Client
Versions
Tripwire for Servers/Tripwire Manager Tripwire Enterprise 5.2 (5.5 just released). Adds reporting, multi-user, hosts + network devices * This course focuses on Tripwire Enterprise
TE Components
*File Server *Network Devices Desktop Directory (Active Directory, Sun One) Database (Oracle) * = UC licensed component
What can it operate on?
Server Platform
Solaris [sparc] 8, 9,10 Windows 2000 Server Windows 2003 Server Red Hat Linux Enterprise 3, 4 AS & ES
Operating Systems Client
Windows NT 4.0 SP6a Windows XP Professional (Service Pack 2) Windows 2000 Professional & Server (Service Pack 4) Windows 2003 Server (Service Pack 1) Windows 2003 Server x64 Edition (Standard, Enterprise & Datacenter)
Operating Systems Client
Solaris [sparc] 8, 9,10 Red Hat Linux Enterprise 3, 4 AS & ES IBM AIX 5.1, 5.2, or 5.3 HP-UX 11, 11i v1, 11i v2 SUSE Linux Enterprise Server 9 Cent OS 4.2
Fedora Core 2
UCOP Tripwire License
UCOP License Product options How to request the software
UCOP License
UCOP license, 5000 licensed nodes Funded through April, 2007 IET subsidized the campus license, $10,000.00 for three years Software Licensing will work on a future license agreement
Requesting the Software
Fill out the form available on the software licensing web site Dept name Requester information (contact info for person who will be receiving the license) License exchange or new license?
Requesting the Software
Server housing DB and web interface: Tripwire Enterprise Server. Order 1.
Clients that will be monitored: Tripwire Enterprise Server/FS. Order 1 for each client.
Network devices that will be monitored: Tripwire Enterprise Network Device. Order at least 1.
Requesting the Software
Email your request to [email protected]
before 3:00 PM on June 7 to receive the software license and download URL by June 9.
The download URL will allow you to generate a certificate for the server and download the software.
Hardware
Server Requirements - Windows Server Requirements - Solaris Server Requirements - Linux
Server Requirements Windows
3.0 GHz x86 processor or compatible 2 GB RAM 2 SATA or SCSI hard drives 3.2 GB free disk space 4 GB Data storage space 256 color display
Server Requirements Linux
3.0 GHz x86 processor or compatible 2 GB RAM 2 SATA or SCSI hard drives 3.2 GB free disk space 4 GB Data storage space 256 color display
Server Requirements Solaris
900 MHz UltraSPARC III processor 2 GB RAM 2 SCSI hard drives 3.2 GB free disk space 4 GB Data storage space X-Windows capable display 256 color display
How To …
Acquire and download software Install server software Change passwords Secure your tripwire server
Getting Tripwire software
Upon licensing you will be sent a link in email to your products, follow this link.
Download te_server and all agents. The server zip file will also contain all documentation files.
Installing Tripwire Server
Needs to be installed on console!
Pick install location with enough space, especially if running database on same server.
Installing Tripwire Server
Use name to be advertised (e.g. FQDN)
Installing Tripwire Server
Ports, pick and record choices
Installing Tripwire Server
Services pw - server/client interaction
Installing Tripwire Server
Wait a bit for service to initialize!
Access web console, e.g.
https://localhost:1443/
Installing Tripwire Server
First thing it wants is license cert!
Installing Tripwire Server
Follow license link, generate cert
Installing Tripwire Server
Change admin account password!
Store new admin account password Add new admin user(s) for daily work
Tripwire Firewall changes
Open https port to all hosts you will administrate from Open Services port to all hosts that will run the agent.
Tripwire information
3 PDF files included in server zip file, also on class CD.
Mailing list?
Assignment, due July 12
Order Tripwire software by June 7 Install Tripwire software on a server Think about: Why are you using Tripwire? It will guide your decisions on rules, nodes, users How should you group your nodes/systems?
Assignment, due July 12
Who should have access to Tripwire?
What kind of reports will be helpful?
July Training Schedule
July 12: adding and configuring a node using the basic rule set July 19: rules, tasks, and actions July 26: reports, dashboard, deployment steps
Q&A
Questions?
Contact Information
Vincent Fox [email protected]
Doreen Meyer [email protected]
Robert Ono, [email protected]