Tripwire: The next generation of security tools; Host-level devices send up flares when files are changed

Two versions of Tripwire are available: Tripwire 1.3.1 Academic Source Release (ASR) and the commercial version, Tripwire 2.2.1. Tripwire's ASR was developed at Purdue University in 1992 by Gene Kim and Gene Spafford. The release (it's still freely available; see Resources) is the most widely used piece of integrity assessment software in the world. However, the relatively static ASR isn't often upgraded. Tripwire does provide bug fixes and minor feature updates, but if you want support and the major new features, you'll have to pay for them ($495 per host). The Tripwire policy file specifies the files, file characteristics, and directories that need to be checked. Both versions of Tripwire check all inode attributes, which include file permissions and signatures. Tripwire 2.2.1 has an expanded policy language that allows you to name and group rules, set severity levels, and provide email notification on a per-rule basis.