Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
31323334353637383940
Configuration
Setting Up the HP-UX HIDS Secure Communications
Chapter 2
21
c. Generate the following administration keys:
$ IDS_genAdminKeys install
This creates the Root Certification Authority (Root CA) and the administration
certificate. They are stored in the directory /etc/opt/ids/certs/admin. The
keyword install is optional.
At a later time, if you need to regenerate the administration certificate (for example,
if the current certificate has expired) without invalidating the agent certificates you
make in substep 1.d, execute the command again with the update option, as in:
$ IDS_genAdminKeys update
If you do not use the update option, the command also recreates the Root CA,
making existing agent certificates no longer trusted by the administration system.
You will need to repeat substep 1.d and steps 2 and 3 again.
Following is an example of the install process, run on administration host adminsys:
$ IDS_genAdminKeys
==> Be sure to run this script on the IDS Administration host.
Generating a certificate request for IDS Root CA...
Generating a self-signed certificate for IDS Root CA...
Generating a certificate for the HP-UX Host IDS System Manager...
Generating cert signing request for HP-UX Host IDS System
Manager...
Signing the HP-UX Host IDS System Manager certificate request...
Importing IDS Root CA certificate...
Importing the HP-UX Host IDS System Manager certificate...
************************************************************
* Successfully created certificates for IDS Root CA and for
* the HP-UX Host IDS System Manager.
* Certificate public keys are valid for 700 days and are
* 1024 bits in size.
*
* Now you need to create keys for each of the hosts on which
* the Agent software is installed by running the script
* 'IDS_genAgentCerts'.
************************************************************
d. Generate the keys for each agent, one bundle of keys per agent system:
$ IDS_genAgentCerts
In this process, each host name (or IP address) you enter is checked for validity,
using the nslookup command (see nslookup (1)).
If you enter a host name and nslookup returns a single IP address, the host name
and IP address are saved in a temporary file and the key bundle is created.