HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

241

242

243

244

245

246

247

248

249

250

command’s --activate and -a options. Use the --activate option to specify the

name of the surveillance schedule and -a option to specify the name or IP address of

the agent host(s). For example, the following idsadmin command activates a schedule

specified in a file named MySchedule.txt on an agent host with IP address 10.0.0.2:

# /opt/ids/bin/idsadmin --activate MySchedule -a 10.0.0.2

For more information about the idsadmin command, see idsadmin( 1m).

NOTE: All schedule files must be located in /etc/opt/ids/schedules.

Surveillance Schedule Text File

The surveillance schedule text file has two main sections:

• Surveillance Schedule Section: A section that defines global properties of a schedule

that are not specific to any Surveillance Group or Template. There can only be one

Surveillance Schedule section in a surveillance schedule text file.

• Surveillance Group Section: A subsection of the Surveillance Schedule section that

defines properties for a Surveillance Group. There can be one or more Surveillance

Group sections in a Surveillance Schedule section.

NOTE: Template information for the various groups are located in the group

files in /etc/opt/ids/schedules/groups.

WARNING! Schedule text files found on agent hosts in

/var/opt/ids/schedule should not be copied in /etc/opt/ids/schedules

on the admin host because the schedule file in /var/opt/ids/schedule is

expanded to contain the template properties, while the schedule files on the admin

host in /etc/opt/ids/schedules are not. The idsadmin command and GUI

will not be able to parse a schedule that is in expanded form.

Surveillance Schedule Section

This section contains the following keywords and syntax:

SCHEDULE <schedule name>

GLOBALS <Schedule Global Properties>

ENDGLOBALS

NAME <Surveillance Group Subsection>

NAME <Surveillance Group Subsection>...

ENDSCHEDULE

This section is surrounded by the SCHEDULE and ENDSCHEDULE keywords and mark

the beginning and end of an HIDS text schedule. The name following the SCHEDULE

keyword is the name of the schedule that is reported by the agent to the System Manager

when it is running. The name of the schedule must consist of an alphanumeric character

followed by one or more alphanumeric characters, an underscore (_), or a hyphen (-).

This section contains a global properties subsection and one or more Surveillance Group

248 The Surveillance Schedule Text File