Tripwire Enterprise and IBM i

Many of the world's largest companies rely on IBM i operating on IBM Power Servers as their strategic platform for business-critical activities such as retail, distribution, logistics, banking, manufacturing planning, healthcare, insurance, hospitality management, government administration, and legal case management. Given the widespread use of the IBM i operating system, advanced cybersecurity solutions are essential to protect organizations from targeted cyberattacks.  

Fortra’s Tripwire® Enterprise continuously monitors for suspicious changes that could indicate compromise while automating the arduous work of regulatory compliance, giving you a complete integrity management and compliance solution that covers not only platforms like IBM i, but your entire infrastructure including files, databases, servers, endpoints, ephemeral assets, and even industrial OT environments.  

 

What Is Tripwire Enterprise?

Tripwire Enterprise is the leading compliance monitoring solution, using file integrity monitoring (FIM) and security configuration management (SCM). Backed by decades of experience, it's capable of advanced use cases unmatched by other solutions. This fully integrated suite of solutions for policy compliance, system integrity, and remediation management reaches far beyond simple compliance. It enables teams to rapidly achieve an increased level of security across the entire enterprise.  

 

How Tripwire Monitors IBM i Integrity 

Tripwire Enterprise can be configured for IBM i using a Secure Shell (SSH) connection. This connection is configurable for public-key encryption to secure the commands while in transit across the network. While the majority of nodes created within Tripwire Enterprise are based on the Tripwire Axon® agent, the IBM i solution runs via a Tripwire Enterprise Network Device. 

The Tripwire Enterprise Network Device and SSH connection directly link to the IBM i's Portable Application Solutions Environment (PASE for i), which offers an AIX shell for command execution. This approach doesn’t require code installations and provides scalability while decreasing the need for IBM i administrator oversight.  

The PASE shell can then run IBM i OS system commands and direct information to the Tripwire Enterprise console using Command Output Validation Rules (COVRs). When these COVRs are run, they provide you with point-in-time snapshots of your IBM i instance and compare the results to earlier runs to identify noteworthy changes in objects, attributes, and configuration settings, including: 

APPN Attributes

IPL Attributes

Reply List Entries

Active Profile Lists

Libraries (User/Application)

Security Attributes

Adopted Program Authority

Libraries w/PUBLIC Auth

Security Audit Attributes

Authorization Lists

Job Descriptions

Software Resources

Authorized Users

Journal Attributes

Subsystem Descriptions

Configuration Lists

License Key Info

System Values

Connection Lists

Line Descriptions

Trigger Programs

Controller Descriptions

Network Attributes

User Profile Group Members

Device Descriptions

Objects owned by QDFTOWN

User Profiles

Edit Descriptions

OS Version

Users with*SPLCTL(Special Auth)

Firmware Status

PTFs

IBM Supplied Users(Q*) 

Function Usage

Registry Exit Points

Users w/ default passwords 

Hardware Resources

Relational DB Entries

SSHD Configuration 

 

Superior Security: Continuous Integrity Management 

Through this connection, Tripwire Enterprise can continuously monitor IBM i systems for unauthorized and suspicious changes against a known and secure baseline state. It then guides you through rapid remediation and provides root cause drill-down to investigate the nature of significant changes. 

 

Continuous Compliance: Automate PCI DSS and More 

In addition to the security benefits of using Tripwire Enterprise to monitor IBM i systems, this process can also greatly simplify the enforcement of regulatory compliance by enforcing built-in policies for all major compliance mandates and best practice frameworks.  

With a growing library of over 4,000 platform and policy combinations, Tripwire helps organizations achieve and maintain compliance with standards like NERC CIP, HIPAA, GDPR, and many others. You can even create your own custom, internal compliance policies to ensure your environment is tuned exactly as it should be.  

 

Operational Efficiency: Support for the Whole Environment

When you use Tripwire to manage the integrity of your digital environment, you can trust in one system of truth and reporting for not only IBM i but for your entire environment. Tripwire extends to cover your organization’s environment without leaving gaps that could impede compliance or compromise security. 

 

How to Get Started With Tripwire for IBM i 

Once you have your Tripwire Enterprise instance up and running, the Tripwire Services Team will assist you in setting up your IBM i configuration via a standard professional services engagement or Tripwire Advisory Services, the subscription-based, remote professional service that pairs you with a professional services consultant for a year of ongoing sessions. 

Contact us today to get started.