Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)
41424344454647484950
Getting Started
Introduction
Chapter 3
37
Introduction
First and most important in the HP-UX HIDS system is to have appropriate surveillance
schedules running at the appropriate times on the agent hosts. Next in importance is to
carefully monitor and act on the alerts.
To accomplish the first, you need to create one or more surveillance schedules with the
System Manager and download them to the agent hosts. See “Starting HP-UX HIDS for
the First Time” on page 38.
To accomplish the second, you can use the System Manager to monitor the alerts and
then decide what action to take as a response. You can also develop automated response
programs to take action based on the alerts.
Agents
The HP-UX HIDS agent software must be running continually on the systems you are
monitoring for it to be able to detect and report intrusions as they occur. When an agent
is running a schedule, it records intrusion alerts and agent program errors in local log
files.
When the System Manager is running on the administration system, and is monitoring
the agent, the alerts and errors are transferred to log files on the administration host.
In addition, if they are configured, the agent passes the alerts to user-defined programs
on the agent host for analysis and action. See Appendix B, “Automated Response,” on
page 181.
The agent runs as a background daemon on the agent host. It communicates with the
administration host via an encrypted Secure Socket Layer (SSL) communications link,
which provides integrity, confidentiality, and authentication for network transmission.
System Manager
The HP-UX HIDS System Manager software runs on the administrative system (where
you chose to install it) and monitors the alerts generated by agents on the agent hosts.
You use it to create surveillance schedules and download them to agents on agent hosts.