Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
41424344454647484950
TIP: If your administration system is not multihomed, and if you do not plan to
make it multihomed, use a hostname for the REMOTEHOST entry. You need not
modify the ids.cf file even if the IP address changes in future, as long as the
hostname of the administration system does not change.
Make this change in all the ids.cf files located on all the agent systems.
If the ids.cf files are identical, you can choose to push a master copy of the file
to all the agents.
Configuring a Loopback System
On a non-networked system (a system with no IP address) or for testing purposes, you
can set up an administration system in a loopback arrangement. This enables only a
locally running agent to communicate with the System Manager on the same system;
no other agent systems can be monitored.
To configure a loopback system, follow these steps:
1. On the administration system, log in as ids, as follows:
$ su - ids
2. Edit the agent configuration file. For example:
$ vi /etc/opt/ids/ids.cf
3. Set the value of IDS_LISTEN_IFACE to the following:
IDS_LISTEN_IFACE 127.0.0.1
4. Set the value of REMOTEHOST in ids.cf to the following:
REMOTEHOST 127.0.0.1
5. Edit the System Manager script, as follows:
$ vi /opt/ids/bin/idsgui
6. Set the value of INTERFACE in idsgui to the following:
INTERFACE=127.0.0.1
7. Start the System Manager. For more information, see “Starting the HP-UX HIDS
System Manager (page 59).
8. On the Host Manager screen, set up the administration system as an agent system,
using 127.0.0.1 as its IP address. For more information, see Adding a New
Host Manually” (page 101) and “Modifying a Host” (page 105).
46 Configuring HP-UX HIDS