Title: Automated System Monitoring and Notification With Swatch
Authors: Stephen E. Hansen E. Todd Atkins
Abstract:
- This paper describes an approach to monitoring events on a large
number of servers and workstations. While modern UNIX systems are
capable of logging a variety of information concerning the health and
status of their hardware and operating system software, they are
generally not configured to do so . Even when this information is
logged, it is often hidden in places that are either not monitored
regularly or are susceptible to deletion or modification by a
successful intruder. Also, a system administrator must often monitor
several, perhaps dozens, of systems. To address these problems, our
approach begins with the modification of certain system programs to
enhance their logging capabilities. In addition, our approach calls
for the logging facilities on each of these systems to be configured
in such a way as to send a copy of the critical system and security
related information to a dependable, secure, central logging host
system . As one might expect, this central log can see a megabyte or
more of data in a single day. To keep a system administrator from
being overwhelmed by a large quantity of data we have developed an
easily configurable log file filter/monitor, called swatch . Swatch
monitors log files and acts to filter out unwanted data and take one
or more user specified actions (ring bell, send mail, execute a
script, etc .) based upon patterns in the log .
Title: Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection
Authors: Gene H. Kim Eugene H. Spafford
Abstract:
- This paper begins by motivating the need for an integrity checker by
presenting a hypothetical situation any system administrator could
face. An overview of Tripwire is then described, emphasizing the
salient aspects of Tripwire configuration that supports its use at
sites employing modern variants of the UNIX operating
system. Experiences with how Tripwire has been used in "in the field"
are then presented, along with some conjectures on the prevalence and
extent of system breakin. Novel uses of Tripwire and no-table
configurations of Tripwire are also presented.
Title: Pass or Fail: A New Test for Password Legitimacy
Authors: Andrew Cherry Mark W. Henderson William K. Nickless Robert Olson Gene Rackow
Abstract:
- While other programs check for bad passwords after the fact, it
is important to have good passwords at all times, not just after the
latest Crack run. To this end the author have modified Larry Wall's
Perl password program and added, among other features, the ability to
check a sorted list of all the "bad passwords" that Crack will
generate, given all the dictionaries that we could get our hands on
(107 MB of unique words, so far). The combination of improvements has
turned publicly available code into a powerful tool that can aid sites
in the maintenance of local security.
Title: The Cops Security Check System
Authors: Daniel Framer Eugene H. Spafford
Abstract:
- This paper briefly describes the Cop Security Check System. Included
are the underlying design goals, the functions provided by the tool,
possible extensions, and some experiences gained from its use. It also
include information on how to obtain a copy of the initial Cops
release.
Title: The Design and Implementation of Tripwire: A File System Integrity Checker
Authors: Gene H. Kim Eugene H. Spafford
Abstract:
- This paper describes the design and implementation of the Tripwire
tool. It uses interchangeable "signature" routines to identify changes
in files, and is h highly configurable.
Title: The Operator Shell: A Means of Privilege Distribution Under Unix
Authors: Michael Neuman Gray Christoph
Abstract:
- This paper describes the design, features, security considerations,
internals, and applications of the Operator Shell.
Title: The S/KEY One-Time Password System
Authors: Neil M. Haller
Abstract:
- This paper is used at a later time to attack the system. The author
have developed a prototype software system, the S/KEY one-line
password system, to counter this type of attack and have been using it
experimentally for external access to a research computer complex at
Bellcore.
Title: TIS Firewall Toolkit
Authors:
Abstract:
- The TIS Firewall Toolkit is a set of programs and configuration
practices designed to facilitate the building of facilitate the
building of network firewalls. Components of the toolkit, while
designed to work together, can be used in isolation or can be combined
with other firewall components. The toolkit software is designed to
run on UNIX systems using TCP/IP with a Berkeley-style 'socket'
interface.
Title: Writing, Supporting, and Evaluating Tripwire: A Publically Available Security Tool
Authors: Gene H. Kim Eugene H. Spafford
Abstract:
- This paper begins with brief overview of what Tripwire does and how
it works. It discuss how certain implementation decisions affected
the course of Tripwire development, also presents other applications
that have been found for Tripwire.
|