Help with setting up Tripwire?

[dareys]

Greetings,

I am in the process of installing UBUNTU because hacking of my XP System prevents me from connecting it to the Network, in either wireless or wired fashion. I know the hardware is sound because if I boot with Ubuntu, everything works. Since it is free, more secure, and I can re-install at will, inot a difficult decision.

So I have install Gufw, ClamTk, and now, I am trying to configure Tripwire, so I can find out if the system flies have been tampered with as with an embedded keylogger or the like.

However, I am very inexperienced with this and would preffer, the executable help is not very intuitive and I would appreciate it if you could provide me with some examples of a basic setup.

Thank you.

Jean-Pierre

[Dangertux]

Greetings,

I am in the process of installing UBUNTU because hacking of my XP System prevents me from connecting it to the Network, in either wireless or wired fashion. I know the hardware is sound because if I boot with Ubuntu, everything works. Since it is free, more secure, and I can re-install at will, inot a difficult decision.

So I have install Gufw, ClamTk, and now, I am trying to configure Tripwire, so I can find out if the system flies have been tampered with as with an embedded keylogger or the like.

However, I am very inexperienced with this and would preffer, the executable help is not very intuitive and I would appreciate it if you could provide me with some examples of a basic setup.

Thank you.

Jean-Pierre

Have you considered something along the lines of Suricatta or OSSec as a host based IDS system. Trip wire is pretty far reaching and usually also requires an additional network interface in promiscuous mode to function at its full potential.

Also at this stage of the game if you are new to security principles an IDS may cause more alarm than it's worth. You may wish to learn more about basic security principles first before journeying into this endeavor. That's just my opinion.

Here are some references that may help you.

Basic Ubuntu Desktop Security stuff - https://wiki.ubuntu.com/BasicSecurity
More Desktop/Server Security stuff (more in depth than the last) - http://ubuntuforums.org/showthread.php?t=510812

Host based IDS (this is what you likely want) - http://ubuntuforums.org/showthread.php?t=1477662
Network IDS (you might be interested in this as well) - http://ubuntuforums.org/showthread.php?t=1477696

Hopefully this is helpful. Also another disadvantage of Tripwire with Ubuntu is that it is designed to profile a more traditional Linux filesystem (like RHEL) , it's not as effective on Debian based distros like Ubuntu.

[dareys]

Dangertux,

Thank you for the response. A mouthful!

In my life, I have been lousy at, and in that order, philosophy and sales. I excell at them now, even though the subject matter is really not my speed. Now, I am getting hammered on security issues. So. not my topic, but it looks like I am going to have to become an expert to protect myself.

I have good refference material. Everythihng I know from UBUNTU comes from a book called "Ubuntu Unleashed". The information you sent me is great. I represents hours of study and experimentation. Fine, I reallly can't afford it, but, if that is what it is going to take to defeat hackers. So be it.

However, what I was looking for was a "hit the ground running" safety net. I get hacked left, right and center. Please somebody help? Ok, I can hit the books and figure it out. But I have lost three computers to hacking and I am getting tired of it. Gee, even MACs are hackable. They tell you not. I have proof.

So, if you can send me the quick refference gjuide, I would greatly appreciate it. Otheriwise, I greatly appreciate the answer, and I will hit. The books.

Thank you.

Jean-Pierre

[Dangertux]

Dangertux,

Thank you for the response. A mouthful!

In my life, I have been lousy at, and in that order, philosophy and sales. I excell at them now, even though the subject matter is really not my speed. Now, I am getting hammered on security issues. So. not my topic, but it looks like I am going to have to become an expert to protect myself.

I have good refference material. Everythihng I know from UBUNTU comes from a book called "Ubuntu Unleashed". The information you sent me is great. I represents hours of study and experimentation. Fine, I reallly can't afford it, but, if that is what it is going to take to defeat hackers. So be it.

However, what I was looking for was a "hit the ground running" safety net. I get hacked left, right and center. Please somebody help? Ok, I can hit the books and figure it out. But I have lost three computers to hacking and I am getting tired of it. Gee, even MACs are hackable. They tell you not. I have proof.

So, if you can send me the quick refference gjuide, I would greatly appreciate it. Otheriwise, I greatly appreciate the answer, and I will hit. The books.

Thank you.

Jean-Pierre

Well a couple of things here. One NOTHING is impenetrable, not windows, not mac, no Ubuntu, not RHEL, not IRIX or AIX. That's just how it goes.

That being said, I'm not really sure there is a "quick setup safety net" for tripwire. An Intrusion detection system or prevention system is only as effective as its configuration. Additionally either OSSec or Suricatta can be configured as a host based IDS similar to tripwire, and they can be updated with the latest emerging threats rules, which give you a pretty decent configuration out of the gate.

Now what I'm trying to explain here is -- I think you may be exaggerating the threat to your systems. I'm not discrediting your loss and though I stated nothing is inherently secure. The risk level in using Ubuntu as opposed to using Windows XP is considerably lower. I think that if you follow decent computing practices and take some basic measures (Firewall, NoScript, Appamor [this is more difficult], and strong credentials) you should be more than fine without configuring and complicated IDS solution.

Hope this helps.

[larrypg]

Hello,

Just a thought...you might want to step back a minute and think about why you are getting hacked left,right,and center. Even with a firewall, and noscript if you are constantly doing things such as warez or downloading files from unknown sources it might not help.

[dareys]

Dangertux and Larrypg,

Thank you for the responses.

1. I don't know who or why I am being hacked. People don't receive my messages. I don't get messages.
It can happen from my own computer, or from an internet join. I can open nothing but the standard.
Email, twitter, facebook, microsoft, ubuntu, etc.

2. I only need to setup Tripwire to verify that my Ubuntu system files have not been hacked with a
keylogger or something like that.

3. Thank you for confirming that EVERYTHING can be hacked.

The question is, how can I achieve 2.

Jean-Pierre