[Omaha.pm] Tripwire "Replacement" In Perl

Travis McArthur travis at travisbsd.org
Wed Sep 5 18:28:07 PDT 2007


Hey Guys,

Not sure if there'll be any interest or not, but figured I'd throw this 
out there anyways.

I was bored this week and needed something to do integrity checks on my 
servers, something Tripwire-esque but more lightweight.  For those not 
in the know about Tripwire it's a company and piece of software that 
lets you basically create a series of hashes and monitor if anything on 
the system changes in comparison with these hashes.  This is quite 
useful as generally when files change that are in areas critical to the 
system (/bin, /sbin, etc) it means the system binaries have been 
replaced by rootkit binaries.  This system has, at least in my 
experience, been a pain to setup and configure.  So I decided to replace it.

With a little Perl-fu and some help from a useful utility called mtree 
comes CamelTrap.  Feedback is welcome, so if you're interested in giving 
some or just trying it out you can grab it from 
http://travis.travisbsd.org/pfiles/CamelTrap.tar

It requires mtree, Term::ReadKey, and of course Perl.

There's a brief README explaining usage, I'll shutup and let it explain 
the rest so I don't flood your inboxes anymore than I already have!

Best Regards,
Travis


More information about the Omaha-pm mailing list