HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
6. Remove the comment symbol (#) from the start of the line, and place the interface
address selected in step 2 after the parameter name. For example, change:
# IDS_LISTEN_IFACE <insert your hostname/IP addr here>
to
IDS_LISTEN_IFACE 1.2.3.4
7. Save the modified file.
8. If the agent is running, force the agent to reread the configuration file by sending
it a HUP signal. For more information, see “Forcing Active Agent to Reread
Configuration File” (page 239).
If you enter an invalid IDS_LISTEN_IFACE parameter, the HP-UX HIDS software
agent reports an error when you attempt to start it. Repeat steps 1to 8 to correct the
setting of IDS_LISTEN_IFACE, and restart the HP-UX HIDS agent.
Example
The following example illustrates how to configure a multihomed agent system:
Install HP-UX HIDS agent software on a system named large, which has three network
interface cards, each with a unique IP address. Two of the IP addresses are mapped to
aliases large1 and large2. Enter the following commands:
$nslookup large ... Addresses: 1.2.3.4, 1.2.5.10, 1.5.6.7
$nslookup large1 ... Address: 1.2.3.4
$nslookup large2
...
Address: 1.2.5.10
Select the network interface that the HP-UX HIDS agent software on the system large
must listen on. For example, select the interface with the IP address 1.2.5.10, aliased
to the name large2. The HP-UX HIDS agent software communicates only with an
HP-UX HIDS System Manager that sends network traffic to and receives it from IP
address 1.2.5.10.
Therefore, set the IDS_LISTEN_IFACE parameter in the HP-UX HIDS configuration
file to either
IDS_LISTEN_IFACE large
or
IDS_LISTEN_IFACE 1.2.5.10
Choose the third network interface card that has no host name aliased to it. In this case,
set the IDS_LISTEN_IFACE parameter to:
IDS_LISTEN_IFACE 1.5.6.7
Configuring a Multihomed Agent System 43