Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
271272273274275276277278279280
IDS_genAgentCerts, are not installed, you can copy the directory
/etc/opt/ids/ids/certs/agent (and its contents) from a remote agent host to
the administration host.
The idsadmin Command notifies of bad certificate when pinging a remote agent
Idsamin may notify of bad certificates if the certificate created on the admin host for
the agent is not yet valid on the agent host due to the system time difference between
the admin host and the remote agent host. For example:
./idsadmin -a hostname -i 1.2.3.4 -l /tmp/fooooo
Successfully opened /tmp/fooooo
Enter command>>ping
Wed Nov 24 20:53:23 2004: libcomm: pid=14582
thread_id=1:open_connection: Handshake error
(ssl_err=1,ret=0) as client
1:error:14094412:SSL routines:
SSL3_READ_BYTES:sslv3 alert bad
certificate:s3_pkt.c:1052:SSL alert number 42 Wed Nov 2
4 20:53:23 2004:
libcomm: pid=14582 thread_id=1: write_msg: error
opening connection to remote host, errno=607:Error
during SSL handshake.
Wed Nov 24 20:53:23 2004: libcomm: pid=14582 thread_id
=1: write_msg:
Returning failure, errno=607:Error during SSL
handshake Wed Nov 24
20:53:23 2004: libcomm: pid=14582 thread_id=1:
comm_write_msg: Error writing message, errno==607:
Error during SSL handshake
Use IDS_checkAgentCert to get the validity duration of the agent certificate, and
compare it with the system time of the agent host. If the certificate is not yet valid on
the agent host, either adjust the system time of the agent host, or wait until the certificate
becomes valid.
IDS_checkInstall fails with a kmtune error
IDS_checkInstall reports that a kmtune file write operation fails and the idds
driver is not configured:
# /opt/ids/bin/IDS_checkInstall
kmtune: Cannot write file -- /stand/.kmsystune_lock
WARNING: The idds driver is not configured into the
kernel.
If patch PHCO_24112 is installed on your system, you need to apply patch
PHCO_25429 for HP-UX 11i v1.
If patch PHCO_24112 is not installed on your system, please contact HP Support.
274 Troubleshooting