We briefly discussed the basics of Tripwire rules and provided explanations of t

Question

We briefly discussed the basics of Tripwire rules and provided explanations of their structure in the Tutorial notes. Tripwire rule examples are widely available for Linux machines which specify various severity levels to different system or user files and folders. Tripwire documentation also provides comprehensive guidelines on creating policies for various types of systems.
For this assignment, students are required to write tripwire rules for the following Windows 7 files and directories. The rules should at least contain 1) proper name 2) severity level 3) Associated variables 4) specific folder/subfolder with associated severity level. Students should also explain briefly why a given variable and severity was given to a specific folder/program.

explorer.exe
iexplorer.exe
WindowsTemp
netstat.exe
System
INF
Regedit.exe
Program filesInternet Explorer
system32mspaint.exe
msports.dll
program filesWindows Defender
Your Backup Folder
Users folder (C:Users)
WindowsWindowsUpdate.log
Program filesNotepad++

You may look at examples of tripwire rules for Linux systems and Linux Filesystem and directory structure (the important system files and folders, e.g. /boot for Kernel and bootloader files) to get an idea of the importance of the files/folder and their associated severity levels.

Hope this will be helpfull

(

   rulename = "Binaries",

   severity = $(SIG_HI),

)

{

      $ C:Windowsexplorer.exe -> $(SEC_CRIT);

}

need to explain why we use severity = $(SIG_HI) and (SEC_CRIT)

We briefly discussed the basics of Tripwire rules and provided explanations of their structure in the Tutorial notes. Tripwire rule examples are widely available for Linux machines which specify various severity levels to different system or user files and folders. Tripwire documentation also provides comprehensive guidelines on creating policies for various types of systems. For this assignment, students are required to write tripwire rules for the following Windows 7 files and directories. The rules should at least contain 1) proper name 2) severity level 3) Associated variables 4) specific foldersubfolder with associated severity level. Students should also explain briefly why a given variable and severity was given to a specific folder/program. .explorer.exe iexplorer.exe .WindowsTemp netstat.exe System INF . Regedit.exe .Program filesVnternet Explorer syste32 mspaint.exe msports.dll .program filesWindows Defender Your Backup Folder Users folder (CAUsers) Windows WindowsUpdate.log . .Program files Notepadtt You may look at examples of tripwire rules for Linux systems and Linux Filesystem and directory structure (the important system files and folders, e.g. /boot for Kernel and bootloader files) to get an idea of the importance of the files/folder and their associated severity levels.

Explanation / Answer

Tripwire is an intrusion detection system (IDS), which, constantly and automatically, keeps your critical system files and reports under control if they have been destroyed or modified. It allows the system administrator to know immediately what was compromised and fix it.

rulename is used to assign a meaningful name to a rule

severity is used to set the severity level of the rule. Severity level vary from 0 to 10,000.

$(SIG_HI) - is a variable that is used to define high severity level. Used for critical files that are significant points of vulnerability

(SEC_CRIT) - critical files - we can't afford to miss any changes in these fiiles

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.