Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
31323334353637383940
Configuration
Setting Up the HP-UX HIDS Secure Communications
Chapter 2
22
If you enter an IP address and nslookup returns a host name, the host name and IP
address are saved in a temporary file and the key bundle is created. Use this method
if the agent is multihomed (two or more IP addresses). The IP address must be the
value you set for IDS_LISTEN_IFACE, for more information see “Configuring a
Multihomed Agent System” on page 25.
If no IP address or host name is found, you are asked if you want to create the bundle
anyway; no entry is placed in the temporary file.
If multiple IP addresses are found, no entry is placed in the temporary file; the
bundle is created without comment.
When the System Manager is started later, any entries in the temporary file are
added to the host list table, displayed on the Host Manager screen.
The following is an example of entering the names of your host systems, run on
administration host adminsys for agent hosts myhost1 and myhost2. It prompts for
each host name (or IP address). Press Ctrl-D to end.
$ IDS_genAgentCerts
==> Be sure to run this script on the IDS Administration host.
Generate keys for which host? myhost1
Generating key pair and certificate request for IDS Agent
on myhost1....
Signing certificate for IDS Agent on myhost1...
Certificate package for IDS Agent on myhost1 is
/var/opt/ids/tmp/myhost1.tar.Z
Next hostname (^D to quit)? myhost2
Generating key pair and certificate request for IDS Agent
on myhost2....
Signing certificate for IDS Agent on myhost2...
Certificate package for IDS Agent on myhost2 is
/var/opt/ids/tmp/myhost2.tar.Z
Next hostname (^D to quit)? myhost3
Host name "myhost3" unknown. DNS lookup failed.
Do you still wish to create a certificate [N]/Y? n
Re-enter a host name (^D to quit): 15.27.43.6
Generating key pair and certificate request for IDS Agent
on 15.27.43.6....
Signing certificate for IDS Agent on 15.27.43.6...
Certificate package for IDS Agent on 15.27.43.6 is
/var/opt/ids/tmp/15.27.43.6.tar.Z
Next hostname (^D to quit)? Ctrl-D
************************************************************
* Successfully created agent certificates for the following
* hosts:
* myhost1