HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

241

242

243

244

245

246

247

248

249

250

E The Surveillance Schedule Text File

This appendix describes the surveillance schedule in text format to enable administrators

to edit surveillance schedules using their preferred editor, instead of using the GUI

Schedule Manager, for those administrators who want to automate the activation of

surveillance schedules (using scripts) instead of using the GUI System Manager.

The following topics are discussed in this appendix:

• “Getting Started” (page 247)

• “Automating the Activation of Surveillance Schedules” (page 247)

• “Surveillance Schedule Text File” (page 248)

• “Surveillance Schedule Section” (page 248)

• “Surveillance Group Section” (page 250)

• “Group Files” (page 252)

• “Template Property Syntax” (page 253)

Getting Started

For deployments that do not have an X window environment or where the activation

of surveillance schedules needs to be automated, HP-UX HIDS provides a means to

edit and activate surveillance schedules without the use of the HP-UX Administrator

GUI.

A surveillance schedule is normally created using the GUI Schedule Manager (see

“Configuring Surveillance Schedules” (page 73)) and activated using the GUI System

Manager (see “Activating Schedules on Agent Hosts” (page 64)). The GUI System

Manager saves any newly created or modified schedule or group files to a corresponding

text file in a directory. You can also choose to edit surveillance schedules using a

preferred editor instead of using the GUI Schedule Manager or the GUI System Manager.

To avoid constructing a surveillance schedule text file from scratch, start with one of

the predefined schedules in /etc/opt/ids/schedules and the corresponding

group(s) in /etc/opt/ids/schedules/groups. Each group is defined in an

individual file and can be used across multiple schedules.

NOTE: The schedules in /etc/opt/ids/schedules/sample and the groups in

/etc/opt/ids/schedules/sample/groups are read-only copies of the predefined

schedules and groups in /etc/opt/ids/schedules and

/etc/opt/ids/schedules/groups, respectively. The read-only versions can be

copied if an unmodified predefined schedule or group is ever needed when creating

a new schedule or group from scratch.

Automating the Activation of Surveillance Schedules

The idsadmin command can be used to automate the activation of surveillance

schedules. The idsadmin command supports an interactive interface and a

non-interactive interface. The activation of schedules can be scripted by using the

Getting Started 247