Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
261262263264265266267268269270
Agent complains that idds has not been enabled, yet lsdev shows /dev/idds is
present
If your lsdev result shows /dev/idds is present, and yet the idsagent
debug-enabled log file (run with /opt/ids/bin/idsagent -d -l
log_file_name) complains about idds not being enabled, it is probable that
there is an installation or kernel-build error. To verify this, run the following on
your machine:
$ /usr/sbin/kmtune -q enable_idds
There are three possible results:
If the value of the kernel tunable enable_idds is 0, that means IDDS is not
enabled. You’ll need to run the following to rebuild the kernel:
$ /usr/sbin/kmtune -s enable_idds=1
$ mk_kernel
$ kmupdate
The kmupdate command is required only on HP-UX 11i v1 operating systems.
Then, reboot the machine and verify again with:
$ /usr/sbin/kmtune -q enable_idds
If the result is enable_idds=1, then the kernel was built correctly with idds
enabled. The problem lies elsewhere. Contact HP Support.
NOTE: On HP-UX 11i v2 and HP-UX 11i v3 operating systems, the kmtune
command is replaced by the kctune command. The syntax shown remains the
same.
Agent does not start on system boot
When the agent system boots, the Starting HP-UX HIDS agent startup
entry displays “SKIP” or FAIL”.
SKIP means the communications certificates have never been generated for the
agent system.
FAIL means one of the following has occurred:
The communications certificates were generated for the agent system but have
been deleted or moved. Generate the certificates as described in “Setting Up
HP-UX HIDS Secure Communications” (page 34).
An error occurred when the idsagent daemon was started. Check error.log.
The /etc/rc.config.d/ids defaults file is missing.
The /opt/ids/bin/idsagent program is missing or not executable.
See Agent does not start after installation” (page 271).
Troubleshooting 269