Administrator's Guide
Configuration
Setting Up the HP-UX HIDS Secure Communications
Chapter 2
24
Private key files are protected by having read and write file permissions for user ids
only.
Step 3. Install the Keys on Each Host
On each agent system, install the bundle of keys generated for that host. This step
assumes that you placed the agent certificate bundle in the /var/opt/ids/tmp directory.
a. Become user ids:
$ su - ids
b. Change directory to /opt/ids/bin:
$ cd /opt/ids/bin
c. Store the key bundle in a directory, such as /var/opt/ids/tmp.
d. Import the key bundle:
$ IDS_importAgentKeys /var/opt/ids/tmp/
agentsys
.tar.Z
adminsys
where
agentsys
is the name you entered for this agent system in Step 1.d and
adminsys
is the host name or IP address of the administration system. If the
administration system is multihomed, this should be the value you set for the
INTERFACE variable in “Configuring a Multihomed Administration System” on
page 27.
The certificates for this host and the Root Certificate Authority are extracted from
the compressed tar file /var/opt/ids/tmp/host1.tar.Z and installed. The value of
REMOTEHOSTS in the configuration file /etc/opt/ids/ids.cf is changed to
adminsys
.
The certificates are placed in /etc/opt/ids/certs/agent.
Here’s an example of the install process, run on agent host host1:
$ IDS_importAgentKeys /var/opt/ids/tmp/myhost1.tar.Z myadmin
Extracting key pair and certificates...
Modifying the configuration file /etc/opt/ids/ids.cf to use
myadmin as the IDS Administration host...
************************************************************
* Keys for IDS Agent were imported successfully.
*
* You can now run the idsagent process on this machine and
* control it from the HP-UX Host IDS System Manager.
************************************************************