Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
41424344454647484950
Force the HP-UX HIDS agent to reread the configuration file by sending it a HUP signal.
For more information, see “Forcing Active Agent to Reread Configuration File”
(page 239).
Configuring a Multihomed Administration System
If the HP-UX HIDS administration system software is installed on a multihomed system,
the HP-UX HIDS administration system must know which interface to use to
communicate with its agent systems. The idsgui script must be modified to contain
the setting that specifies the network address on which the administration system
listens.
To configure HP-UX HIDS administration and agent software only if you are using a
multihomed administration system, follow these steps:
1. Determine whether the administration system is multihomed. Use the nslookup
command to determine which IP address corresponds to the host name of the
system. If more than one IP address is returned by nslookup, your system is
multihomed. If only one IP address is returned, your system is not multihomed.
NOTE: No modifications are needed for a system that has only one IP address.
2. Select the interface on which you want the HP-UX HIDS agent to communicate
with the administration system.
The choice of address depends on your network topology. The address can either
be an IP address in dotted decimal notation (for example, 1.2.3.4) or a host name
that resolves to a unique IP address on the administration system.
It is essential that a network route exist between the HP-UX HIDS administration
system and HP-UX HIDS agent systems. On the administration system, use the
/usr/sbin/ping command or the /usr/contrib/bin/traceroute command
to verify that network traffic can flow between the systems. You can select the
address with the shortest transmission speed or fewer hops (exposure).
NOTE: A different administration system is required to monitor agents that are
on a different (physically separated) network, even if an administration system is
connected to both networks. This is because an administration system can only
monitor agents that are on the same network.
3. On the multihomed administration host, log in as ids, as follows:
$ su - ids
4. Edit the System Manager script, as follows:
$ vi /opt/ids/bin/idsgui
5. Locate the INTERFACE variable in the GUI Configuration section. For more
information, see idsgui(1M).
44 Configuring HP-UX HIDS