In this lesson, we introduced host-based Intrusion Detection System.
Host Intrusion Detection System is a software program
run within a host machine.
It can be server, it can be local user machine.
It aims at detecting and examining malicious activities by
periodically monitoring and analyze log,
detecting escalating of privilege from a user or system.
For example, you switch from normal user to the one with
system admin privilege like or switching to super users.
The third one, perform the integrity check on critical file.
What are those?
Password file, configuration file,library, shell commands,
pki certificates and private key.
Network Intrusion Detection System cannot see or
interpret such actions which takes place within the host.
So host,intrusion deduction has its memory.
Tripwire is a host intrusion detection system.
The original version was developed by Purdue University in 1992 by Dr.
Eugene Spafford and his master student Gene Kim,
who is the former CTO of Tripwire.
Here is a site for downloading older versions of Tripwire.
Version 2.4.2.2 is on sourceforge.
Given the set of files to be monitored,
tripwire produces the multiple hashes of the same file,
and it saves them for future periodically verification.