HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

The OVO HPUX_HIDS-SPI components include the following:

• Templates designed to monitor important log files, vital processes, and real time

alerts generated by HP-UX HIDS.

• Templates that enable monitoring of the application’s overall availability.

• Applications that enable you to query the status of HP-UX HIDS, and start and

stop the HP-UX HIDS System Manager.

OVO HPUX_HIDS-SPI can be used with both the OVO X-Motif-based Operator GUI

and the OVO Java-based Operator GUI.

The HPUX_HIDS-SPI SMART Plug-In is available for download from the OpenView

SPI Gallery website at:

http://managementsoftware.hp.com/downloads/spis.html. Select “SPI

Gallery” and choose the HP-UX HIDS plug-in from the list.

The OVO HPUX_HIDS-SPI has been certified by HP for OVO V5.x as well as V6.x, and

is known to work with OVO V7.1. A future HPUX_HIDS-SPI release is being planned

for certification with OVO V8.

HP Reference

For more information, see HP OpenView Operations SMART Plug-In for HP-UX Host IDS

Administrators and Users Guide available at:

http://www.managementsoftware.hp.com/products/spi/spi_ids/spi_ids_guide_22.pdf

OVO Enablement in HP-UX HIDS

OVO integration is enabled with two programs that are installed on every agent host

defined by the IDS_RESPONSE_DIR configuration variable. By default, they are:

/opt/ids/response/send_alert_to_vpo.sh

/opt/ids/response/vpo/ids_vpoalert

The script send_alert_to_vpo.sh performs a series of tests to ensure that the script

is running on a OVO managed node. If the tests pass, it calls ids_vpoalert, which

generates a OVO message and uses the opcmsg() facility to send the message to the

OVO message interceptor. The interceptor relays the message to the OVO management

server.

If you do not have OVO or prefer not to have OVO integrated with HP-UX HIDS, then

you can remove these two files from the /opt/ids/response directory.

HP OpenView Operations SMART Plug-In 217