[SUMMARY] Info/suggestions on Tripwire (commercial vs. open-source)

From: David Foster <foster_at_dim.ucsd.edu>
Date: Wed Apr 10 2002 - 20:17:19 EDT
Wanted info on the differences between the commercial
(www.tripwire.com) and open-source (www.tripwire.org)
versions of tripwire.

Turns out there is a third version, called Tripwire-ASR
(Academic Source Release), which will compile on most UNIX
systems. The open-source version is for Linux only. The
commercial version runs on many flavors of UNIX and Windows,
and they even have support for routers and network devices.

People generally favored the free version because:

  1) Have used it for years, no serious problems. It works.
  2) Free
  3) Open-source support and availability/scrutinizability of code
The advantages of the commercial version:

  1) Commercial support
  2) Management software available to make it much easier to
     monitor many systems simultaneously. One comment that this
     was not very impressive.
  3) Support for Windows.
  4) Added features. See the following for a feature comparison 
     between the commercial and ASR version:

Disadvantages to the commercial version:

  1) Commercial support!
  2) PRICE (100 servers and management software runs about $60,000)
One person suggested AIDE. The website claims it does more than
Tripwire, but lists two people as its "support". This version may
be more snazzy now, but I think I'll stick with Tripwire.


General comments:

  1) Default configurations were lacking, you should do some serious
     customization or you will get lots of "false-positives", and
     more seriously important files/dirs will not be checked.
  2) Use YASSP or JASSP for securing systems initially.
  3) The Tripwire salesdroids seem to like telling people that
     the open-source version is for Linux only; apparently they
     don't remember the academic version that you can download from
     their own website!
  4) Price isn't an issue?  Are you all hiring? :) 
Thanks to:

Steve Mickeler
Jennifer Stults
Christopher L. Barnard
Mike Salehi
Thomas M. Payerle
Vern Kyle
Roy Rapoport

> Looking to install Tripwire on our systems, and noticed both
> an open-source (www.tripwire.org) and commercial (www.tripwire.com)
> version.
> Can anyone provide information on the differences between these
> products...gotchas...suggestions...horror stories?
> Price isn't really an issue, but if we can get what we need from
> a free product that always makes my boss happy!
> Thanks, and of course I'll summarize.
> Dave

   << All opinions expressed are mine, not the University's >>

   David Foster    National Center for Microscopy and Imaging Research
    Programmer/Analyst     University of California, San Diego
    dfoster@ucsd.edu       Department of Neuroscience, Mail 0608
    (858) 534-7968         http://ncmir.ucsd.edu/

   "The reasonable man adapts himself to the world; the unreasonable one
   persists in trying to adapt the world to himself.  Therefore, all progress
   depends on the unreasonable."   -- George Bernard Shaw

sunmanagers mailing list
Received on Wed Apr 10 20:22:01 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:40 EST