HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

271

272

273

274

275

276

277

278

279

280

IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully

□ The normal completion is shown in the steps in “Setting Up HP-UX HIDS Secure

Communications” (page 34).

□ Check the messages in the error log file /var/opt/ids/certs.log for correctable

errors.

□ Contact HP Support.

IDS_genAdminKeys or idsgui quits early

On occasion, apparently due to a swlist timeout, the IDS_genAdminKeys and

idsgui commands may quit early. (The swlist command is used to verify that the

correct version of Java is available.)

• The IDS_genAdminKeys command may quit before it finishes making the keys.

The symptom is that the final banner is not displayed. The banner is shown in

Chapter 2: “Configuring HP-UX HIDS” (page 33).

• The idsgui command may quit before it launches the System Manager. The

symptom is that the prompt returns and the following message is not displayed.

Starting the HP-UX HIDS System Manager in the

background

Please wait....

In either case, you can try running the command again.

The solution is to apply the latest Software Distributor (SD) Cumulative Patch. For 11i

and 11i version 1.6, install PHCO_25887 or a superseding patch, if any.

Large files in /var/opt/ids

□ The communication between idskerndsp and idscor uses a memory-mapped

file, which normally only exists (in the /var/opt/ids directory) when a

surveillance schedule is running. The files are named ids_n, where n is

incremented from 1001 for each activated schedule.

□ If idsagent has a problem, the files may not be deleted normally. If no schedule

is running on the agent, there should be no ids_n files. You can safely delete them

with the rm command.

Log files are filling up

□ The log files on both the agent and the administration systems can grow without

bounds. It’s a good idea to practise log file rotation. See “Log File Rotation”

(page 240).

No Agent Available

□ The Status field for an agent on the System Manager screen shows No Agent

Available. See also “Agent and System Manager cannot communicate with each

other” (page 268).

Troubleshooting 275