Host Intrusion Detection System Administrator's Guide Release 3.0
Troubleshooting
Troubleshooting
Appendix G
250
To allow communications back to these ephemeral ports, use the “keep state” rule
in IPFilter.
pass out quick proto tcp all keep state
4. Allow queries to DNS servers by HP-UX HIDS agents and HP-UX HIDS System
Manager
pass out quick proto udp all keep state
5. Since the HP-UX HIDS System Manager requires X11 connections, which can and
should be forwarded over the secure channel with SecureShell, allow SecureShell
incoming connections.
pass in quick proto tcp from any to any port = 22 flags S keep state keep
frags
6. Block any incoming connections which were not explicitly allowed.
block in log quick all
How to allow the SecureShell daemon to forward X11 traffic
First, change the SecureShell /etc/opt/ssh/sshd_config configuration file:
• Set X11Forwarding to yes,
• Set X11UseLocalhost to no.
Earlier versions of ssh don’t recognize the second entry. If it’s not there, you don’t need to
add it.
Then send a HUP signal to the sshd so that it will reread the sshd_config file.
How to display System Manager after SecureShell login as root and su to ids
Problem: You use ssh to log in to a host as root, then switch to user ids and get a
display error when opening an X window or starting idsgui. Here is the terminal
output:
# su ids
$ echo $DISPLAY
x
.
x
.
x
.
x
:10.0
NOTE
x
.
x
.
x
.
x
stands for the IP address of the host.
:10.0 is an automatic result of X11 forwarding being enabled in ssh. You should not
manually set DISPLAY to :10.0.
$ ./idsgui
Unable to display the GUI on
x.x.x.x:10.0
Please check the value of the environment variable
DISPLAY and verify that this machine is authorized
to connect to that display.