Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
61626364656667686970
System Manager Screen
Halting HP-UX HIDS Agents
Chapter 4
53
Halting HP-UX HIDS Agents
You may want to stop the agent process on one, many, or all agent hosts for system
maintenance or other reasons.
Normally, you halt agent hosts from the System Manager. However, it may occasionally
be necessary to halt the agent software directly from the agent host. For example, if you
misconfigured the installation of the key certificates needed for SSL encryption, the
agent will start, but it will not be able to communicate with the System Manager.
To restart the agents, see “Starting HP-UX HIDS Agents” on page 52.
To halt agents remotely from the System Manager
On the System Manager screen,
Step 1. In the Monitored Hosts list, select the hosts you want to halt.
Step 2. Do one of the following:
Choose the Actions > Halt IDS Agent menu item.
Press Shift-F10.
The schedules (if any) are stopped on and removed from the selected hosts. The agents
are halted (as by kill) on the selected hosts. The Status fields are set to No Agent
Available and the Schedule fields are set to None.
The schedules are not available for automatic restart.
To halt the agent locally on the agent host
Step 1. On the agent host, do one of:
Log in to the agent system as superuser (root) and enter the command:
$ kill -TERM $(cat /var/opt/ids/idsagent.pid)
(You can also do this as user ids.)
Log in to the agent system as superuser (root) and enter the command:
$ /sbin/init.d/idsagent stop
(This command is automatically executed when the agent system is shut down with
the shutdown command.)
The agent is halted on the host. The System Manager does not update itself
automatically. The next time you run a System Manager command for the agent, the
Status field is set to No Agent Available and the Schedule field is set to None on the
System Manager screen.
The schedule (if any) is retained and remains available for automatic restart.
IMPORTANT If an agent did not halt as above, you may need to clean up the message queues. See
Agent halts abnormally, leaving ids_* files and message queues” on page 231.