Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
31323334353637383940
Configuration
Setting Up the HP-UX HIDS Secure Communications
Chapter 2
23
* myhost2
* 15.27.43.6
*
* Certificate public keys are valid for 700 days and are
* 1024 bits in size.
*
* They are stored in /var/opt/ids/tmp as hostname.tar.Z
*
* You should now transfer the bundles via a secure channel
* to the IDS agent machines.
*
* On each agent you will need to run the IDS_importAgentKeys
* script to finish the installation.
************************************************************
The agent certificate bundles are generated and stored in the files:
/var/opt/ids/tmp/myhost1.tar.Z
/var/opt/ids/tmp/myhost2.tar.Z
/var/opt/ids/tmp/15.27.43.6.tar.Z
TIP You can automate agent certificate creation by creating a file of host names and IP
addresses, one host name or IP address per line. Each entry must refer to a single IP
address on an agent system. (for more information, see “Configuring a Multihomed
Agent System” on page 25.)
If your file name is list_of_hosts, then the command is:
cat list_of_hosts | IDS_genAgentCerts
NOTE The IDS_genAdminKeys and IDS_genAgentCerts commands have options to provide
alternate key lengths and alternate expiration dates for the administration and agent
certificates. For more information, see the manpages IDS_genAdminKeys (1M) and
IDS_genAgentCerts (1M). The default key length is 1024 bits. The default expiration is
after 700 days.
Step 2. Transport the Certificates
Transfer the agent certificate bundles through a secure channel to the agent systems.
To securely transport the certificate bundles stored in
/var/opt/ids/tmp/
hostname
.tar.Z to each of the agent machines, you will need an
out-of-band secure channel. There are different ways to move your files from one
machine to another securely. For example, you could use encrypted PGP e-mail, a
portable medium (like a floppy disk or tape cassette) that you carry from the first system
to another, an NFS mount, or an FTP site. However, since every environment is
different, you will need to determine which method is best for your particular situation.