Tripwire Enterprise Server – Getting Started

Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006

Tripwire Topics

     Introduction Demonstration Product description UC Tripwire license Hardware requirements

Tripwire Topics

     Documentation How to ….

Server deployment considerations Next steps Contact information

Introduction

   What is Tripwire?

Why use Tripwire?

Is it difficult to deploy Tripwire?

What is Tripwire?

 Tripwire Enterprise audits changes by detecting all changes, reconciling these changes with authorized changes, and reporting on change activity. Agents can be any platform, including network devices like switches and routers.

Why Use Tripwire?

   Monitors ‘important’ file and registry values and properties (like access times, flags, owner, etc) Enables Admins to detect files that are added, modified or deleted Provides a history of what changes during patching

Is it difficult to deploy?

   Training sessions are helpful It will take time to tune the rule set for your systems You will need to incorporate Tripwire steps into system change and patching procedures as well as daily log checks

Demonstration

(Typical uses of server)

Product Description

    Versions Components Operating Systems - Server Operating Systems - Client

Versions

  Tripwire for Servers/Tripwire Manager Tripwire Enterprise 5.2 (5.5 just released). Adds reporting, multi-user, hosts + network devices * This course focuses on Tripwire Enterprise

TE Components

   *File Server *Network Devices Desktop   Directory (Active Directory, Sun One) Database (Oracle) * = UC licensed component

What can it operate on?

Server Platform

    Solaris [sparc] 8, 9,10 Windows 2000 Server Windows 2003 Server Red Hat Linux Enterprise 3, 4 AS & ES

Operating Systems Client

     Windows NT 4.0 SP6a Windows XP Professional (Service Pack 2) Windows 2000 Professional & Server (Service Pack 4) Windows 2003 Server (Service Pack 1) Windows 2003 Server x64 Edition (Standard, Enterprise & Datacenter)

Operating Systems Client

       Solaris [sparc] 8, 9,10 Red Hat Linux Enterprise 3, 4 AS & ES IBM AIX 5.1, 5.2, or 5.3 HP-UX 11, 11i v1, 11i v2 SUSE Linux Enterprise Server 9 Cent OS 4.2

Fedora Core 2

UCOP Tripwire License

   UCOP License Product options How to request the software

UCOP License

    UCOP license, 5000 licensed nodes Funded through April, 2007 IET subsidized the campus license, $10,000.00 for three years Software Licensing will work on a future license agreement

Requesting the Software

    Fill out the form available on the software licensing web site Dept name Requester information (contact info for person who will be receiving the license) License exchange or new license?

Requesting the Software

   Server housing DB and web interface: Tripwire Enterprise Server. Order 1.

Clients that will be monitored: Tripwire Enterprise Server/FS. Order 1 for each client.

Network devices that will be monitored: Tripwire Enterprise Network Device. Order at least 1.

Requesting the Software

  Email your request to [email protected]

before 3:00 PM on June 7 to receive the software license and download URL by June 9.

The download URL will allow you to generate a certificate for the server and download the software.

Hardware

   Server Requirements - Windows Server Requirements - Solaris Server Requirements - Linux

Server Requirements Windows

      3.0 GHz x86 processor or compatible 2 GB RAM 2 SATA or SCSI hard drives 3.2 GB free disk space 4 GB Data storage space 256 color display

Server Requirements Linux

      3.0 GHz x86 processor or compatible 2 GB RAM 2 SATA or SCSI hard drives 3.2 GB free disk space 4 GB Data storage space 256 color display

Server Requirements Solaris

       900 MHz UltraSPARC III processor 2 GB RAM 2 SCSI hard drives 3.2 GB free disk space 4 GB Data storage space X-Windows capable display 256 color display

How To …

    Acquire and download software Install server software Change passwords Secure your tripwire server

Getting Tripwire software

  Upon licensing you will be sent a link in email to your products, follow this link.

Download te_server and all agents. The server zip file will also contain all documentation files.

Installing Tripwire Server

  Needs to be installed on console!

Pick install location with enough space, especially if running database on same server.

Installing Tripwire Server

Use name to be advertised (e.g. FQDN)

Installing Tripwire Server

 Ports, pick and record choices

Installing Tripwire Server

 Services pw - server/client interaction

Installing Tripwire Server

  Wait a bit for service to initialize!

Access web console, e.g.

https://localhost:1443/

Installing Tripwire Server

 First thing it wants is license cert!

Installing Tripwire Server

 Follow license link, generate cert

Installing Tripwire Server

   Change admin account password!

Store new admin account password Add new admin user(s) for daily work

Tripwire Firewall changes

  Open https port to all hosts you will administrate from Open Services port to all hosts that will run the agent.

Tripwire information

  3 PDF files included in server zip file, also on class CD.

Mailing list?

Assignment, due July 12

    Order Tripwire software by June 7 Install Tripwire software on a server Think about: Why are you using Tripwire? It will guide your decisions on rules, nodes, users How should you group your nodes/systems?

Assignment, due July 12

  Who should have access to Tripwire?

What kind of reports will be helpful?

July Training Schedule

   July 12: adding and configuring a node using the basic rule set July 19: rules, tasks, and actions July 26: reports, dashboard, deployment steps

Q&A

 Questions?

Contact Information

     Vincent Fox [email protected]

Doreen Meyer [email protected]

Robert Ono, [email protected]

[email protected]

[email protected]