TRIPWIRE File Integrity Checks
description
Transcript of TRIPWIRE File Integrity Checks
![Page 1: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/1.jpg)
TRIPWIREFile Integrity Checks
Teknik InformatikaPoliteknik Elektronika Negeri Surabaya
![Page 2: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/2.jpg)
Objective
Overview Tripwire Manfaat Tripwire Komponen Konfigurasi Variabel File Konfigurasi Membaca Laporan Tripwire
![Page 3: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/3.jpg)
Distribusi Tripwire
Debian RedHat Caldera Turbolinux SuSE BSD FreeBSD
![Page 4: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/4.jpg)
Overview Tripwire Salah satu tool untuk pemeriksaan integritas sistem Digunakan untuk memonitor perubahan yang terjadi
pada sebuah sistem
![Page 5: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/5.jpg)
Mengapa Tripwire penting ?
Cracker mungkin menambah, mengubah file atau hak akses (permission) file, menginstall program, menghapus file atau program
Tripwire mampu mengecek file atau program dan membandingkannya dengan database sebelumnya
![Page 6: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/6.jpg)
Bagaimana Tripwire Bekerja ?
Tripwire bekerja dengan membuat sebuah database informasi semua file sistem dan menyimpannya pada suatu file
Setiap kali tripwire dijalankan untuk melakukan pengecekan file sistem hasil pemeriksaan akan dibandingkan dengan database yang pernah dibuat
![Page 7: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/7.jpg)
Apa yang dikerjakan Tripwire ?
File Integrity Checking Tripwire mamppu mendeteksi perubahan
file Tripwire membandingkan antara database
file sebelum pengecekan dengan sesudah pengecekan
![Page 8: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/8.jpg)
Apa yang tidak dikerjakan Tripwire ? Tripwire tidak dapat menghalangi
perubahan file/system False positif karena salah setting pada file
policy, file konfigurasi, atau tidak update database
Triwire bukan antivirus Tripwire dapat dimanipulasi
![Page 9: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/9.jpg)
Source Tripwire
www.tripwire.org http://sourceforge.net/projects/tripwire/ http://www.tripwire.com/
![Page 10: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/10.jpg)
Dimana Tripwire Dipasang?
Terlindung Media Read Only
![Page 11: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/11.jpg)
![Page 12: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/12.jpg)
4 Komponen File Konfigurasi
File KonfigurasiDigunakan untuk melakukan konfigurasi tripwireFile /etc/tripwire/tw.cfgFile /etc/tripwire/twcfg.txt
File PolicyAdmin dapat menentukan bagaimana tripwire
melakukan cek thd sistemFile /etc/tripwire/tw.polFile /etc/tripwire/twpol.txt
![Page 13: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/13.jpg)
File DatabaseDigunakan untuk menyimpan database
informasi sistemDiperoleh waktu pertama installasiFile /var/lib/tripwire/<comp>.<domain>.twd
![Page 14: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/14.jpg)
File ReportDiperoleh dari hasil pengecekanLaporan file termasuk perubahan yang
terjadi di sistemFile
/var/lib/tripwire/report/<comp>.<domain> -<yymmdd>-<time>.twr
![Page 15: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/15.jpg)
Site Key & Local Key Password
Site key password melindungi file configurasi dan policy
Local key password melindungi file database dan report
![Page 16: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/16.jpg)
Troubleshooting Tripwire
Install dan customisasi file konfigurasi dan policy
Inisialisasi database Melaksanakan cek integritas system Periksa hasil report dari hasil cek, bila
pelanggaran terjadi, periksalah apakah pelanggaran tersebut terjadi karena administrator melakukan perubahan sistem
![Page 17: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/17.jpg)
Bila pelanggaran di luar kuasa admin, lakukan
tindakan pencegahan yang diperlukan Bila pelanggaran karena admin mengubah sistem,
cek apakah error disebabkan oleh file policy. Jika bukan disebabkan file policy, update databe
tripwire Jika disebabkan file policy, update file policy
![Page 18: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/18.jpg)
Inisialisasi database
/usr/sbin/tripwire --init Perintah ini akan membangun database ttg
konfigurasi sistem Diperoleh waktu pertama installasi tripwire
File /var/lib/tripwire/<comp>.<domain>.twd Print file database
/usr/sbin/twprint -m d --print-dbfile | less Print file tertentu
/usr/sbin/twprint -m d --print-dbfile /etc/hosts
![Page 19: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/19.jpg)
Cek Integritas System
/usr/sbin/tripwire --check Dengan menggunakan cron, admin mengatur
pengecekan sistem secara berkala Hasil pengecekan bisa diemailkan secara
otomatis Print hasil cek :
twprint -m r --twrfile /var/lib/tripwire/report/
nama-file-report.twr
![Page 20: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/20.jpg)
Melakukan update policy
Edit file /etc/tripwire/twpol.txt Beri comment baris-baris dengan #
# /etc/smb.conf -> $(SEC_CONFIG) ;HOSTNAME=<comp_name>.<domain>
Bila file twpol.txt tidak ada, generate dengan twadmin --print-polfile > /etc/tripwire/twpol.txt
![Page 21: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/21.jpg)
Generate file tw.pol dengan /usr/sbin/twadmin --create-polfile -S site.key
/etc/tripwire/twpol.txt Mengupdate file tw.pol :
tripwire --update-policy /etc/tripwire/twpol.txt
![Page 22: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/22.jpg)
Update database
Hapus file database yang lamarm /var/lib/tripwire/nama-file.twd
Buat file database baru /usr/sbin/tripwire --init
Update file database : /usr/sbin/tripwire --update --twrfile
/var/lib/tripwire/report/nama-file.twr
![Page 23: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/23.jpg)
Tripwire Interaktif
Mengupdate database interaktif : /usr/sbin/tripwire --interactive
Cek dan membandingkan dg databasetripwire --check --interactive
![Page 24: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/24.jpg)
Tripwire dan email Edit policy file :
(
rulename = "Networking Programs",
severity = $(SIG_HI),
emailto = [email protected];
) Emailkan :
/usr/sbin/tripwire --test --email [email protected];
![Page 25: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/25.jpg)
Tripwire dan cron
Masukkan skrip runtw.sh di /usr/local/bin #!/bin/sh /usr/sbin/tripwire -m c | mail -s
"Tripwire Report from HOST" root@localhost Edit tabel crontab dg crontab -e Jadwalkan skrip runtw.sh agar berjalan pukul
1:01 pagi dg perintah :1 1 * * * /usr/local/bin/runtw.sh
![Page 26: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/26.jpg)
Tripwire Report
![Page 27: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/27.jpg)
![Page 28: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/28.jpg)
![Page 29: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/29.jpg)
![Page 30: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/30.jpg)
![Page 31: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/31.jpg)
Aplikasi File Integrity Checkers
AIDE NABOU Integrit Samhain ViperDB
http://www.resentment.org/projects/viperdb/ FCHECK
http://sites.netscape.net/fcheck/fcheck.html Sentinel
http://zurk.netpedia.net/zfile.html
![Page 32: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/32.jpg)
![Page 33: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/33.jpg)
![Page 34: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/34.jpg)
Selamat Belajar !!!
![Page 35: TRIPWIRE File Integrity Checks](https://reader035.fdocuments.us/reader035/viewer/2022081520/56815a74550346895dc7dc86/html5/thumbnails/35.jpg)