Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Surveillance Groups A surveillance group typically consists of related detection
templates; for example, those related to file system intrusions or web server attacks.
Each surveillance group provides protection against one or more types of intrusion.
Surveillance Schedules A surveillance group is scheduled to run regularly on one or
more of the host systems it is protecting, on one or more days of the week, and at one
or more times. This process of configuring surveillance groups to protect hosts on the
basis of a regular weekly schedule is referred to as creating a surveillance schedule.
You can deploy a surveillance schedule on one or more host systems. You can also
create different surveillance schedules for one or more systems within your network.
Kernel Audit Data Kernel audit logs are generated by a trusted component of the
operating system. The audit logs include information about every system call that is
executed on the host. The information also includes parameters and outcomes, and is
the lowest level of data utilized by HP-UX HIDS. This data can also include information
about starting and stopping sessions for users.
NOTE: HP-UX HIDS is independent of security configurations. It does not use the
HP-UX C2 auditing capability, nor does it require that the system being monitored to
be configured in trusted mode.
System Log Files HP-UX HIDS monitors system log files to detect user login and
logout, and the start of interactive sessions.
HP-UX HIDS Secure Communications
Within HP-UX HIDS, there must be secure messaging and protocols for all
communications between its components. HP-UX HIDS secure communication uses
the Secure Sockets Layer (SSL) protocol for client and server authentication, integrity,
and privacy. HIDS uses the DES-CBC-SHA cipher suite with a keysize of 56 for SSL
encryption. For more information, see “Setting Up HP-UX HIDS Secure
Communications” (page 34).
Glossary of HP-UX HIDS Terms
This section lists and explains the various terms used in this document.
Administration System
A system node in a network that is configured to run the HP-UX HIDS System Manager.
Agent The HP-UX HIDS component that gathers system data, monitors system activity, and
issues notifications upon detection of an intrusion.
Agent
system/Agent
host/Agent
node
A system node in a network that is configured to run the HP-UX HIDS agent program.
The agent system is also known as the agent host or the agent node.
Aggregated
alert
An alert that contains the aggregation of two or more file related real-time alerts that
are triggered by the same process or by a group of related processes. As aggregation is
30 Introduction