Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
41424344454647484950
Configuring a Multihomed Agent System
A multihomed system is a system that has multiple connections to a network. Typically,
a multihomed system has more than one network interface card, each with a unique
address. While the system can have only one host name, the name resolution software
usually returns the IP address of one of the interfaces on the system.
In such configurations, the HP-UX HIDS agent must know which interface to listen on
for commands from the HP-UX HIDS administration system. Therefore, the HP-UX
HIDS agent configuration file must contain the setting that specifies the network address
on which the HP-UX HIDS agent listens.
To configure an HP-UX HIDS agent in a multihomed environment, follow these steps:
1. Determine if the agent system is multihomed. Use the nslookup command to
determine which IP address corresponds to the host name of the system. If more
than one IP address is returned by nslookup, your system is multihomed. If only
one IP address is returned, your system is not multihomed.
NOTE: No modifications are needed for a system that has only one IP address.
2. Select the interface on which you want the HP-UX HIDS agent to communicate
with the administration system.
The choice of address depends on your network topology. The address can either
be an IP address in dotted decimal notation, for example, 1.2.3.4 or a host name
that resolves to a unique address on the system where the agent resides.
It is essential that a network route exists between the HP-UX HIDS administration
system and the HP-UX HIDS agent system. On the administration system, enter
the /usr/sbin/ping command or the /usr/contrib/bin/traceroute
command to verify that network traffic can flow between the systems. HP
recommends that you select the address with the shortest transmission speed or
fewer hops (exposure).
Later, you must enter the IP address or host name you selected into a configuration
screen in the HP-UX HIDS System Manager. For more information see Chapter 6
(page 99).
3. On the multihomed agent host, log in as ids, as follows:
$su - ids
4. Edit the configuration file; for example:
$ vi /etc/opt/ids/ids.cf
5. Locate the IDS_LISTEN_IFACE parameter in the Globals section. For more
information, see Appendix D (page 239)
42 Configuring HP-UX HIDS