Administrator's Guide
Troubleshooting
Troubleshooting
Appendix G
241
Agent complains that idds has not been enabled, yet lsdev shows
/dev/idds is present
❏ If your lsdev result shows /dev/idds is present, and yet the idsagent
debug-enabled log file (run with /opt/ids/bin/idsagent -d -l
log_file_name
)
complains about idds not being enabled, it is probable that there is an installation
or kernel-build error. To verify this, run the following on your machine:
$ /usr/sbin/kmtune -q enable_idds
There are three possible results:
• If the value of the kernel tunable enable_idds is 0, that means IDDS is not
enabled. You’ll need to run the following to rebuild the kernel:
$ /usr/sbin/kmtune -s enable_idds=1
$ mk_kernel
$ kmupdate
Then, reboot the machine and verify again with:
$ /usr/sbin/kmtune -q enable_idds
• If the result is:
kmtune: Cannot identify parameter name enable_idds
then the patches (for HP-UX 11.0 only) were not installed correctly such that
kmtune doesn’t recognize the enable_idds tunable.
• If the result is enable_idds=1, then the kernel was built correctly with idds
enabled. The problem lies elsewhere. Contact HP Support.
NOTE In HP-UX version 2, the kmtune command is replaced by the kctune command. The
syntax shown remains the same.
Agent does not start on system boot
❏ When the agent system boots, the “Starting HP-UX HIDS agent” startup entry
displays “SKIP” or “FAIL”.
SKIP means the communications certificates have never been generated for the
agent system.
FAIL means one of the following has occurred:
— The communications certificates were generated for the agent system but have
been deleted or moved. Generate the certificates as described in “Setting Up the
HP-UX HIDS Secure Communications” on page 20.
— An error occurred when the idsagent daemon was started. Check error.log.
— The /etc/rc.config.d/ids defaults file is missing.
— The /opt/ids/bin/idsagent program is missing or not executable.
❏ See “Agent does not start after installation” on page 243.