Host Intrusion Detection System Administrator's Guide Release 3.0
Automated Response
HP OpenView Operations SMART Plug-In
Appendix B
203
HP OpenView Operations SMART Plug-In
For customers of HP OpenView Operations (OVO), a SMART Plug-In — OVO
HPUX_HIDS-SPI — is available. By relaying messages from the HP-UX HIDS agent to
the OVO message interceptor residing on the same host, HP-UX HIDS gives you the
ability to manage HP-UX HIDS alerts directly from the OpenView management server.
OVO HPUX_HIDS-SPI components include the following:
• Templates designed to monitor important log files, vital processes, and real-time
alerts as generated by HP-UX HIDS.
• Templates that allow monitoring of the application’s overall availability.
• Applications that let you query the status of HP-UX HIDS, and start and stop the
HP-UX HIDS System Manager.
OVO HPUX_HIDS-SPI can be used with both the OVO X-Motif-based Operator GUI and
the OVO Java-based Operator GUI.
The HPUX_HIDS-SPI SMART Plug-In is available for download from the OpenView SPI
Gallery web site at openview.hp.com/products/smartplugins/spis/. Select “SPI
Gallery” and choose the HP-UX HIDS plug-in from the list.
HP Reference For more information, see HP OpenView Operations SMART Plug-In for HP-UX Host
IDS on the web at http://docs.hp.com.
OVO Enablement in HP-UX HIDS
OVO integration is enabled with two programs that are installed on every agent host in
the /opt/ids/response directory. They are
/opt/ids/response/send_alert_to_vpo.sh
/opt/ids/response/vpo/ids_vpoalert
The script send_alert_to_vpo.sh performs a series of tests to ensure that the script is
running on a OVO managed node. If the tests pass, it calls ids_vpoalert, which
generates a OVO message and uses the opcmsg() facility to send the message to the
OVO message interceptor. The interceptor relays the message to the OVO management
server.
If you do not have OVO or prefer not to have OVO integrated with HP-UX HIDS, then
you can remove these two files from the /opt/ids/response directory.