Tripwire是一款最为常用的开放源码的完整性检查工具，可用于实现安全管理系统，它生成目标文件的校验和并周期性的检查文件是否被更改。下面我们简单介绍一下Tripwire的运行机理。与大多数完整性检查程序相同，对于需要监视的文件，Tripwire会使用校验和来为文件的某个状态生成唯一的标识（又称为"快照"），并将其存放起来以备后用。当Tripwire程序运行时，它先计算新的标识，并于存放的原标识加以比较，如果发现不匹配的话，它就报告系统管理人员文件已经被修改。接下来，系统管理员就可以利用这个不匹配来判断系统是否遭到了入侵。例如，如果Tripwire已经为/bin/login和/bin/ls存放了快照，那么对它们的尺寸、inode号、权限以及其他属性的任何修改，都逃不过Tripwire的火眼金睛。尤其是对于文件内容的修改，即使只改变了一个字节，Tripwire也能察觉得到，因为校验和是针对文件整体的。-Tripwire is a most commonly used open source integrity checking tool can be used to implement a safety management system, it generates the target file checksum and periodic check whether a file was changed. Here we briefly explain the operation mechanism of Tripwire. Most of the integrity checker, Tripwire will need to monitor the file

Uses a checksum to generate a unique identifier for a state of the file (also known as a "snapshot"), and store them for later use. When the Tripwire program runs, it first calculates the new identity, and to compare the original logo in storage, if we find do not match, it is the reporting system management personnel file has been

Modified. Next, the system administrator can use this match to determine whether the system was the invasion. For example, if Tripwire/bin/login and/bin/ls stored snapshot, then any modification of their size, inode number, permissions and other attributes, can not escape at Tripwire eyes. Modify the contents of the file, ev