HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
d. Generate the keys for each agent, one bundle of keys per agent system, as
follows:
$IDS_genAgentCerts
In this process, each host name or IP address you enter is checked for validity,
using the nslookup command. For more information, see nslookup( 1) .
If you enter a host name and nslookup returns a single IP address, the host
name and IP address are saved in a temporary file and the key bundle is
created.
If you enter an IP address and nslookup returns a host name, the host name
and IP address are saved in a temporary file and the key bundle is created.
Use this method if the agent is multihomed (two or more IP addresses). The
IP address must be the value you set for IDS_LISTEN_IFACE. For more
information, see “Configuring a Multihomed Agent System” (page 42).
If no IP address or host name is found, you are asked if you want to create
the bundle anyway; no entry is placed in the temporary file.
If multiple IP addresses are found, no entry is placed in the temporary file.
The bundle is created without comment.
When the System Manager is started later, any entries in the temporary file
are added to the host list table displayed on the Host Manager screen.
The following example shows how to enter the names of your host systems,
run on administration host, adminsys, for agent hosts myhost1 and myhost2.
It prompts for each host name or IP address. Press Ctrl-D to end the
administration host.
$ IDS_genAgentCerts
==> Be sure to run this script on the IDS
Administration host.
Generate keys for which host? myhost1
Generating key pair and certificate request
for IDS Agent
on myhost1....
Signing certificate for IDS Agent on myhost1
...
Certificate package for IDS Agent on myhost1 is
/var/opt/ids/tmp/myhost1.tar.Z
Next hostname (^D to quit)? myhost2
Generating key pair and certificate request
for IDS Agent
on myhost2....
Signing certificate for IDS Agent on myhost2
...
Certificate package for IDS Agent on myhost2
38 Configuring HP-UX HIDS