HPE Community
Operating System - HP-UX
1847566 Members
3422 Online
110265 Solutions
New Discussion

Tripwire on HPUX 11i

 
SOLVED
Go to solution
douglas stradford
Occasional Advisor

‎05-09-2005 05:43 AM

‎05-09-2005 05:43 AM

Tripwire on HPUX 11i

I am working on tripwire on HP UX 11i servers. I am mainly working in area of the event tracking that Tripwire is supposed to do, and working at same time with the auditing of HP. Tripwire has said there is a big issues with the auditing of events as they dont track complete pathnames. Tripwire gives confusing information when gathering information on deleted files, updated file. Anyone deep into this also?
Thanks
Doug
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎05-09-2005 05:52 AM

‎05-09-2005 05:52 AM

Re: Tripwire on HPUX 11i

One of the last things I did on my last job was Tripwire on a trusted system.

I didn't see any point in monitoring the audit files, since Tirpwire.

Tripwire can establish a good database of binary files, even configuration files. audit files are data files, which are supposed to change a lot. Not sure tripwire is the right tool for monitoring them.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎05-09-2005 05:59 AM

‎05-09-2005 05:59 AM

Re: Tripwire on HPUX 11i

I'm running Tripwire on non-trusted 11iv1 servers with no issues at all...

I look at Application, OS, and DB files...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
douglas stradford
Occasional Advisor

‎05-09-2005 06:01 AM

‎05-09-2005 06:01 AM

Re: Tripwire on HPUX 11i

We monitor a lot of files, application and os. But, I want specifics on who/when someone say, removes a file. Without hp auditing, you cant get all that information.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-09-2005 06:03 AM

‎05-09-2005 06:03 AM

Solution

Re: Tripwire on HPUX 11i

I agree.

Tripwire is the wrong tool for the job.

Tripwire spots changes in files, binary and config. It is really good at that.

Tripwire is not good at dealing with things that change a lot, like oracle databases and the audit files.

I think you need to write a script to monitor that audit database for issues you deem important.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
douglas stradford
Occasional Advisor

‎05-09-2005 06:09 AM

‎05-09-2005 06:09 AM

Re: Tripwire on HPUX 11i

Steve
You may be correct. Will have to knock it around here and see what information tripwire and hp can provide reliably. Tripwire does tout being able to track things down to who and when.
Thanks for you thoughts.
Doug
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.