Tripwire Enterprise Server Basic Tasks - PowerPoint PPT Presentation

1 / 61
About This Presentation
Title:

Tripwire Enterprise Server Basic Tasks

Description:

Tripwire Enterprise Server Basic Tasks. Doreen Meyer and Vincent Fox ... Install an agent and associate it with a basic rule or rule set and a task or action ... – PowerPoint PPT presentation

Number of Views:468
Avg rating:3.0/5.0
Slides: 62
Provided by: Doreen78
Category:

less

Transcript and Presenter's Notes

Title: Tripwire Enterprise Server Basic Tasks


1
Tripwire Enterprise Server Basic Tasks
  • Doreen Meyer and Vincent Fox
  • UC Davis, Information and Education Technology
  • July 12, 2006

2
Topics
  • Server install QA
  • Understanding the UI
  • Settings manager
  • Your first node!
  • Importing useful rules
  • Agent install
  • The managers nodes, rules, actions, tasks, logs
  • Baselining, version Checks, promotion

3
Server Install
  • Single-server, just run the installer
  • Dual-server, you will need to add parameters to
    the install command
  • Windows cannot install over TS
  • STORE THOSE PASSWORDS!
  • Note in 5.5 problems using a Services Password
    gt 8 chars

4
Server firewall/NAT
  • Firewall, see Installation Guide, Chapter 1.
    Network requirements
  • NAT, see Reference Guide, Chapter 4. System
    Properties

5
Tripwire UI
  • The TE GUI has many elements of a familiar
    desktop, but is not. This can lead to frustration
    and broken mice.
  • Zones of the console

6
TE Console Areas
7
TE Console Flubs
8
Server Settings
  • User preference settings
  • System preferences
  • Email server

9
Useful Account Setting
10
System Preferences
  • Shorten session timeout to 10 minutes

11
Email Servers
12
Administration Settings
  • Configure login method
  • Creating roles
  • Creating a user group
  • Creating users

13
Configure Login Method
14
Roles
15
Modifying Roles
16
Creating User Groups
  • Functional groups usually by role
  • Obvious groupings staff/admins, operations,
    management

17
Node Setup Tasks
  • Import TFS and/or UCD-basic rulesets
  • Install agent on a node
  • Create an action
  • Use tasks to associate rule, node, action, and
    schedule a time to run.
  • Create a baseline for the node
  • Wait. Example for a rule with 7,000 elements
    stored, took 600 seconds.

18
Import Useful Rules
  • TFS rules very generic, usually result in many
    elements stored.
  • UCD rules leaner, meaner.
  • Rule names need to be unique or collision will
    occur.

19
Install the Agent Software
  • Install as Administrator
  • Enter port services password
  • Punch holes in firewall!
  • There is a silent install option, see Users
    Guide, Ch. 2, Installation Procedures for TE Agent

20
Agent Install
21
Agent Install
22
Firewall on Client
23
Create Email Action
24
Create Email Action
25
Move Discovered Node
26
Move Discovered Node
27
Move Discovered Node
28
Create First Task
We just want a Check Rule Task for our example
29
Create First Task
30
Create First Task
31
Create First Task
32
Test That It Works
  • Modify a watched element
  • Run the task, or do a node check
  • Note the change or check your email
  • Take action on the intrusion! Or, just promote
    the changes.

33
Node Manager
  • Adding a node group
  • Linking a node
  • Elements for file system nodes
  • Element versions
  • Node viewing filter

34
Adding a Node Group
35
Linking a Node
36
Link Symbol
37
TE Symbols Exposed
38
Node Elements
39
Element Versions
40
Node Viewing Filter
41
Without filtering, TMI
42
Now we can see the trees
43
Viewing Rules
44
Rule Specifiers
45
Action Manager
  • Viewing Actions
  • Creating an email action
  • Creating an SNMP action
  • Creating an execution action (locally or on TE
    server)

46
An Execution Action
47
An Execution Action echoing the file name of a
changed element to a file
48
Task Manager
  • Viewing tasks
  • Creating and deleting tasks

49
Task Manager
50
Log Manager
  • Viewing logs
  • Sorting and filtering Logs

51
Log Manager
52
Log Manager - Search
53
The Baseline- What is Happening?
  • Baselining I/O intensive on DB disks
  • Recommend baselining only a small number of
    systems at once.

54
Snapshot defined
  • Temporary record of the monitored objects
    current attributes. In a baseline execution, this
    would become the baseline version. In a version
    check this is the now state we compare the
    baseline against.

55
Version Check
56
Viewing Changes
  • Difference Viewer

57
Promotion
  • Promote selected versions
  • Promote by match
  • Promote by reference
  • Promote by package

58
Promote Selected Versions
  • Promote current snapshot(s) to baseline. Select
    using the GUI.

59
Homework for July 26
  • Install an agent and associate it with a basic
    rule or rule set and a task or action
  • Practice the procedures
  • Deployment options

60
Training Schedule
  • July 12 adding and configuring a node using the
    basic rule set
  • July 26 creating and modifying rules
  • Aug 1 or 8? reports, dashboard, deployment steps

61
Resources
  • http//security.ucdavis.edu/tripwire.cfm -
    Rulesets and presentations
  • ucdtripwire_at_ucdavis.edu - mailing list
  • Vincent Fox - vbfox_at_ucdavis.edu
  • Doreen Meyer - dimeyer_at_ucdavis.edu
  • Bob Ono - raono_at_ucdavis.edu
  • Software - software_at_ucdavis.edu
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Tripwire Enterprise Server Basic Tasks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!