HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

261

262

263

264

265

266

267

268

269

270

• “System Manager times out on agent functions such as Activate and Status Poll”

(page 278)

• “UNKNOWN program and arguments in certain alert messages” (page 278)

• “Using HP-UX HIDS with IPFilter and SecureShell” (page 279)

• “Unable to Generate Administrator Keys and Agent Certificates on PA–RISC 1.1

Systems” (page 281)

Troubleshooting

This section describes a variety of potential problems and their solutions. To stay current

with product updates and patches, be sure to monitor the HP security software news

and events web site at www.hp.com/security.

Agent and System Manager cannot communicate with each other

(No errors are being generated by the HP-UX HIDS processes and everything seems

to be running fine otherwise.) See also “No Agent Available” (page 275).

□ Make sure the check sums on the following two files are identical:

On the Administration system, run:

/usr/bin/cksum /etc/opt/ids/certs/admin/cacert.pem

On the Agent system, run:

/usr/bin/cksum /etc/opt/ids/certs/agent/cacert.pem

If the results are different, the Administration and Agent certificates are not signed

by the same trusted certificate authority and the communication handshake fails.

To correct this, regenerate the agent certificate and install the new certificate bundle

on the agent system. Verify that the check sums match.

□ If there is a firewall positioned between the administration system and an agent

system, be sure the HP-UX HIDS ports are enabled. See “Working with Firewalls”

(page 47).

□ If you are using NIS on these systems, it is likely the port information is not being

retrieved from your /etc/services file.

• Inform the NIS Master about the HP-UX HIDS ports. See “Working with NIS”

(page 47).

• Launch the System Manager and verify that the agent is now available.

□ Increase the response timeout in the Preferences screen. See “General Preferences”

(page 127).

□ Increase the value for IDS_SSL_TIMEOUT in the agent configuration file, ids.cf.

See “Remote Communication Configuration” (page 245).

□ If the agent system is multihomed, make sure the agent and administration systems

are properly configured. See “Configuring a Multihomed Agent System” (page 42).

□ If the administration system is multihomed, make sure the agent and administration

systems are properly configured. See “Configuring a Multihomed Administration

System” (page 44).

268 Troubleshooting