Tripwire Enterprise is an industry leading tool that is commonly implemented as a File Integrity Monitoring (FIM) solution. The original software concept was developed back in 1992 as part of an academic project at Purdue, and has since been transformed into a configuration management suite that has been adopted by many.
In a recent project, West Monroe Partners implemented Tripwire Enterprise as a FIM solution intended to detect changes to critical files on systems supporting a line-of-business SaaS application. This scope included web, application, and Microsoft SQL database servers. One of the difficulties faced during this deployment was following Tripwire’s documentation when adding MS SQL database nodes to the system. The documentation dictates that (service) accounts must be manually assigned permissions and mapped to a database(s) using SQL Server Management Studio (SSMS). This process is clearly outlined in the documentation, but is not sustainable when the service account has to be mapped to many databases.
In the case of this project, a business process dictated that a separate database be created for each customer. Some database instances had over 150 databases, each requiring manual effort to map the user account that Tripwire would use to execute rule checks. With the environment containing 15+ database instances, we quickly found that some level of automation would be required. To address this, a Transact-SQL script was created.
The requirements for the script were:
- Map the service account that Tripwire will use to the db_reader role for all databases on a given instance
- Add the “alter trace” permission
- Add the “view any definition” permission (to monitor all logins)
Executing the following in SSMS will achieve the above, allowing a database node to be successfully created and all of the corresponding databases to be monitored in Tripwire Enterprise. Replace <domain\user> with the domain and user account you are instructing Tripwire to leverage.
Now that the pre-work is done, the next step is to create the database instance node in Tripwire Enterprise, and add the database specific rules so that critical files, permissions, functions, etc. are monitored. As you may expect, the task of adding database-specific rules also involves much manual effort unless automation is leveraged. The second post in this series will describe how to create the needed database specific rules, leveraging the import/export rule functionality within Tripwire Enterprise and a Python script.