Tripwire Enterprise Server
– Getting Started
Doreen Meyer and Vincent Fox
UC Davis, Information and
Education Technology
June 6, 2006
Tripwire Topics





Introduction
Demonstration
Product description
UC Tripwire license
Hardware requirements
Tripwire Topics





Documentation
How to ….
Server deployment considerations
Next steps
Contact information
Introduction



What is Tripwire?
Why use Tripwire?
Is it difficult to deploy Tripwire?
What is Tripwire?

Tripwire Enterprise audits changes by
detecting all changes, reconciling
these changes with authorized
changes, and reporting on change
activity. Agents can be any platform,
including network devices like switches
and routers.
Why Use Tripwire?



Monitors ‘important’ file and registry
values and properties (like access
times, flags, owner, etc)
Enables Admins to detect files that are
added, modified or deleted
Provides a history of what changes
during patching
Is it difficult to deploy?



Training sessions are helpful
It will take time to tune the rule set for
your systems
You will need to incorporate Tripwire
steps into system change and patching
procedures as well as daily log checks
Demonstration
(Typical uses of server)
Product Description




Versions
Components
Operating Systems - Server
Operating Systems - Client
Versions
Tripwire for Servers/Tripwire Manager
 Tripwire Enterprise 5.2 (5.5 just
released). Adds reporting, multi-user,
hosts + network devices
* This course focuses on Tripwire
Enterprise

TE Components
*File Server
 *Network Devices
 Desktop
 Directory (Active Directory, Sun One)
 Database (Oracle)
* = UC licensed component

What can it operate on?
Server Platform




Solaris [sparc] 8, 9,10
Windows 2000 Server
Windows 2003 Server
Red Hat Linux Enterprise 3, 4 AS & ES
Operating Systems Client





Windows NT 4.0 SP6a
Windows XP Professional (Service Pack
2)
Windows 2000 Professional & Server
(Service Pack 4)
Windows 2003 Server (Service Pack 1)
Windows 2003 Server x64 Edition
(Standard, Enterprise & Datacenter)
Operating Systems Client







Solaris [sparc] 8, 9,10
Red Hat Linux Enterprise 3, 4 AS & ES
IBM AIX 5.1, 5.2, or 5.3
HP-UX 11, 11i v1, 11i v2
SUSE Linux Enterprise Server 9
Cent OS 4.2
Fedora Core 2
UCOP Tripwire License



UCOP License
Product options
How to request the software
UCOP License




UCOP license, 5000 licensed nodes
Funded through April, 2007
IET subsidized the campus license,
$10,000.00 for three years
Software Licensing will work on a
future license agreement
Requesting the Software




Fill out the form available on the
software licensing web site
Dept name
Requester information (contact info for
person who will be receiving the
license)
License exchange or new license?
Requesting the Software



Server housing DB and web interface:
Tripwire Enterprise Server. Order 1.
Clients that will be monitored:
Tripwire Enterprise Server/FS. Order 1
for each client.
Network devices that will be
monitored: Tripwire Enterprise
Network Device. Order at least 1.
Requesting the Software


Email your request to
[email protected] before 3:00 PM
on June 7 to receive the software
license and download URL by June 9.
The download URL will allow you to
generate a certificate for the server
and download the software.
Hardware



Server Requirements - Windows
Server Requirements - Solaris
Server Requirements - Linux
Server Requirements Windows






3.0 GHz x86 processor or compatible
2 GB RAM
2 SATA or SCSI hard drives
3.2 GB free disk space
4 GB Data storage space
256 color display
Server Requirements Linux






3.0 GHz x86 processor or compatible
2 GB RAM
2 SATA or SCSI hard drives
3.2 GB free disk space
4 GB Data storage space
256 color display
Server Requirements Solaris







900 MHz UltraSPARC III processor
2 GB RAM
2 SCSI hard drives
3.2 GB free disk space
4 GB Data storage space
X-Windows capable display
256 color display
How To …




Acquire and download software
Install server software
Change passwords
Secure your tripwire server
Getting Tripwire software


Upon licensing you will be sent a link
in email to your products, follow this
link.
Download te_server and all agents.
The server zip file will also contain all
documentation files.
Installing Tripwire Server


Needs to be installed on console!
Pick install location with enough
space, especially if running database
on same server.
Installing Tripwire Server
Use name to be advertised (e.g. FQDN)
Installing Tripwire Server

Ports, pick and record choices
Installing Tripwire Server

Services pw - server/client interaction
Installing Tripwire Server


Wait a bit for service to initialize!
Access web console, e.g.
https://localhost:1443/
Installing Tripwire Server

First thing it wants is license cert!
Installing Tripwire Server

Follow license link, generate cert
Installing Tripwire Server



Change admin account password!
Store new admin account password
Add new admin user(s) for daily work
Tripwire Firewall changes


Open https port to all hosts you will
administrate from
Open Services port to all hosts that
will run the agent.
Tripwire information


3 PDF files included in server zip file,
also on class CD.
Mailing list?
Assignment, due July 12




Order Tripwire software by June 7
Install Tripwire software on a server
Think about: Why are you using
Tripwire? It will guide your decisions
on rules, nodes, users
How should you group your
nodes/systems?
Assignment, due July 12


Who should have access to Tripwire?
What kind of reports will be helpful?
July Training Schedule



July 12: adding and configuring a
node using the basic rule set
July 19: rules, tasks, and actions
July 26: reports, dashboard,
deployment steps
Q&A

Questions?
Contact Information





Vincent Fox [email protected]
Doreen Meyer [email protected]
Robert Ono, [email protected]
[email protected]
[email protected]