Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
51525354555657585960
3 Getting Started with HP-UX HIDS
This chapter provides an overview of the operation HP-UX HIDS and the procedures
used to get the System Manager and agents up and running on the administrative and
monitored systems. This chapter addresses the following topics:
HIDS Quick Start Guide.”
“Starting HP-UX HIDS for the First Time” (page 52)
“Operations Screens” (page 54)
“Basic Screen Actions” (page 55)
HP-UX HIDS must have appropriate surveillance schedules running at the appropriate
times on the agent hosts. It is also important to carefully monitor and act on alerts.
First, you must create one or more surveillance schedules with the System Manager
and download them to the agent hosts. For more information, see “Starting HP-UX
HIDS for the First Time” (page 52).
Second, use the System Manager to monitor alerts and decide what action to take in
response. You can also develop automated response programs to take action based on
alerts.
HIDS Quick Start Guide
This section provides a concise synopsis of the steps required to get the HIDS agent
and Graphical User Interface (GUI) operational. HP-UX HIDS is packaged with a set
of predefined Surveillance Groups and Schedules that cover a wide variety of detection
strategies. These Surveillance Groups and Schedules can be used as is, or you can use
them as a model for designing a customized detection strategy for specific requirements.
Before following the steps listed here, you must ensure that you have installed and
configured the HIDS software package, and have created and propagated certificates
to all appropriate hosts.
1. Log in to each agent host and start the idsagent program. For detailed
instructions, see “Starting HP-UX HIDS for the First Time” (page 52)
2. Start the System Manager on the administration host. For detailed instructions,
see “Starting the HP-UX HIDS System Manager (page 59)
NOTE: The first time you start the System Manager, the product license agreement
is displayed.
3. Use the predefined schedules, or create surveillance schedules from the Schedule
Manager screen. For detailed instructions, see “Creating a Surveillance Schedule”
(page 71)
HIDS Quick Start Guide 51