Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
231232233234235236237238239240
D The Agent Configuration File
This appendix describes the user-configurable options that can be modified in the
HP-UX HIDS agent configuration file, which is located in /etc/opt/ids/ids.cf.
This appendix addresses the following topics:
“The Agent Configuration File” (page 239)
“Forcing Active Agent to Reread Configuration File” (page 239)
“Log File Rotation” (page 240)
“Global Configuration” (page 240)
“Data Source Process Configuration” (page 242)
“Remote Communication Configuration” (page 245)
The Agent Configuration File
The HP-UX HIDS agent requires a configuration file named ids.cf, located in the
directory /etc/opt/ids, which describes the location of various required binaries,
and also stores some detection template specific data. See ids.cf(5). IDS users are strongly
discouraged from editing the configuration file (except as explicitly directed), as it may
cause failure of the IDS agent software. However, it may be useful to understand some
of the parameters and settings to aid debugging and installation.
The configuration file has five sections:
1. Global Configuration: Parameters that define the overall product structure. The
logging and interface parameters may be edited by the administrator. See “Global
Configuration” (page 240).
2. Correlator Configuration: Parameters related to the correlator. A parameter can
be configured to take measurements of the system call event rate. See “Correlator
Process Configuration” (page 241).
3. Data Source Process (DSP) Configuration: A section per-DSP that defines the
system files to monitor and level of kernel blocking. See “Data Source Process
Configuration” (page 242).
4. Pattern Mapping Section: The HP-UX HIDS detection templates.
CAUTION: DO NOT EDIT THIS SECTION
5. Remote Communication Section: Parameters required for network communications.
See “Remote Communication Configuration” (page 245).
Forcing Active Agent to Reread Configuration File
If you make changes to the agent configuration file located in ids.cf, you must instruct
the agent process idsagent to reread the configuration information. On the system
that is running the agent:
1. Become user ids:
The Agent Configuration File 239