As we know, Tripwire Enterprise (TE) is the de-facto go-to solution for File Integrity Monitoring (FIM). In normal operations, we deploy a TE agent to a system we want to monitor. TE then uses that agent to baseline the system against the appropriate rules, creating a known good state for that system. Moving forward, that system is monitored for change per the rules that were used to create the baseline. 

The list of supported operating systems for a given version of TE is fairly extensive, so most of what I may want to run in my datacenter will be supported.

FinConDX 2021

Agent-Based vs. Agentless Monitoring

Notice that I said “most” above and not “all.” This distinction is important because I’m not using an agent for everything. Agents sit on external devices that require O/S compatibility, notes Security Boulevard. As a result, my ability to scan some of my assets using agents is limited.

So, I might decide to go the agentless route. Doing so could allow me to conduct those assessments without needing to worry about compatibility issues. There’s a host of other security and operations reasons that could motivate me to make this choice, as well.

That raises an important question: can I still use Tripwire Enterprise for agentless monitoring? How do you enforce FIM on operating systems that have reached their end-of-life for support or on endpoints that aren’t able to have agents installed?

FreeBSD as an Example of Agentless Monitoring

Let’s use that FreeBSD system over there as an example. Can I use Tripwire Enterprise to monitor it? Well, yes. Yes, you can. TE provides the ability to monitor an unsupported system via SSH, or Secure SHell. Being that FreeBSD has never been a platform supported by TE and that there is no content (Read more...)