______________________________________________________________________________

HONEYNET/HONEYPOT PROJECT
______________________________________________________________________________

Meeting: 4/29/06 8:00pm, ITL
Attendees: Leslie, Todd, Patty, Creigh
Meeting Duration: Approx. 3.5 hours

______________________________________________________________________________

Accomplishments:
______________________________________________________________________________

1) Made a diagram of our honeypot VM architecture in dia.

2) Installed VMware Tools for Windows (in the honeypot VM).

3) Printed the Tripwire documentation (all 172 pages!). :)

4) Initialized the database:

   tripwire --init

5) It gave errors. It couldn't find a few objects that it was looking for.

6) Wrote the policy file to a text file.

   twadmin --print-polfile > policy_errors.txt

7) Went into the policy file and commented out those paths that gave errors.

8) Updated the policy file.

   tripwire --update-policy --secure-mode medium policy_errors.txt

9) Still couldn't find a few registry keys.

10) Did an integrity check.

   tripwire --check --report-file "C:\Program Files\Tripwire\TFS\Report\report01-04292006.twr"

11) The check came out correctly.

12) Printed out the report file into an HTML file.

    twprint --print-report --report-file "C:\Program Files\Tripwire\TFS\Report\report01-04292006.twr" -F html -o report01-04292006.html

13) Repeated until there were no errors. Tripwire is now configured to run.

14) Downloaded and ran regmon in the honeypot VM.

15) Snort is already installed in the monitoring VM. Need to tune the ruleset (next time).