Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tripwire Agents for IOS/PIX/CatOS?

My client is installing Tripwire, and they've got the Solaris agents done and are now looking at my Network devices.

Does anyone have any experience with this? I can't find any useful information on the web about how these "agents" work. I'm almost expecting an agent that lives on a server and logs in to get the latest configuration, rather than a process running on the box itself. However, if this IS a process that runs on the hardware platform, is it supported by Cisco, or will the first thing I hear from tech support be "De-install that Tripwire agent and see if the problem goes away."?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Tripwire Agents for IOS/PIX/CatOS?

I'm assuming you mean Tripwire Enterprise.

Tripwire supports an "agent-less" node. This is how they handle most network devices I believe. The TE (frontend) server has an agent installed on it and it initiates the connections and sends commands.

Tripwire calls them COVR rules (Command Output Validation Rule). Essentially a ssh session is opened and then a "sh run" is sent and then parsed using a regex. You can also use the regex to do search and replace of certain config lines (like uptime). Something I've seen when implementing MARS is that there is a max login banner being size. I haven't ran into this with Tripwire but if your connections are failing, try shrinking your login banner.

I would highly recommend using SSH and SCP. You can set it up to use TFTP too, but if you have SSH enabled on the device, it's just cleaner. Also, make sure you use variables for the login credentials. Tripwire really got that one right (unlike MARS). You can create global username and password variables and then pull them in for the credentials when creating the node. That means you set (or reset) the username/password in 1 place instead of 500.

Make sure your client has licenses for network nodes. You can't interchange network and server nodes. Also, make sure you get the network device rules from Tripwire.

4 REPLIES

Re: Tripwire Agents for IOS/PIX/CatOS?

No I'm sure nothing runs on the Cisco box itself.

Regards

Farrukh

New Member

Re: Tripwire Agents for IOS/PIX/CatOS?

I'm assuming you mean Tripwire Enterprise.

Tripwire supports an "agent-less" node. This is how they handle most network devices I believe. The TE (frontend) server has an agent installed on it and it initiates the connections and sends commands.

Tripwire calls them COVR rules (Command Output Validation Rule). Essentially a ssh session is opened and then a "sh run" is sent and then parsed using a regex. You can also use the regex to do search and replace of certain config lines (like uptime). Something I've seen when implementing MARS is that there is a max login banner being size. I haven't ran into this with Tripwire but if your connections are failing, try shrinking your login banner.

I would highly recommend using SSH and SCP. You can set it up to use TFTP too, but if you have SSH enabled on the device, it's just cleaner. Also, make sure you use variables for the login credentials. Tripwire really got that one right (unlike MARS). You can create global username and password variables and then pull them in for the credentials when creating the node. That means you set (or reset) the username/password in 1 place instead of 500.

Make sure your client has licenses for network nodes. You can't interchange network and server nodes. Also, make sure you get the network device rules from Tripwire.

New Member

Re: Tripwire Agents for IOS/PIX/CatOS?

Terrific. Thanks for the confirmation.

New Member

Re: Tripwire Agents for IOS/PIX/CatOS?

Chris's description is spot on. All the real work is done on the Tripwire server itself not on the router/device. It yanks the configuration and audits it for changes.

2015
Views
4
Helpful
4
Replies