Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
51525354555657585960
4. Define the agent hosts that you want to monitor using the Host Manager screen.
These are the hosts that you specified in step 1. For detailed instructions, see
“Managing Hosts” (page 99)
5. Check the status of the agents using the System Manager screen. The host names
must be listed in the Monitored Hosts list and they must be listed as Available in
the Status column.
6. Select a host in the Monitored Hosts list. Select a schedule in the Schedules list,
and click the Activate button to download the schedule on the host. Repeat this
step for different schedules and different hosts. An agent host can run only one
schedule at a time. If the downloads are successful, their status will be Scheduled
or Running , depending on their timetables. For more information, see Activating
Schedules on Agent Hosts” (page 64).
7. Double-click on a host entry in the System Manager screen to see alerts or errors
for the host.
Agents
The HP-UX HIDS agent software must be running continually on the systems you are
monitoring for it to detect and report intrusions as they occur. When an agent is running
a schedule, it records intrusion alerts and agent program errors in local log files.
When the System Manager is running on the administration system, and is monitoring
the agent, alerts and errors are transferred to log files on the administration host.
In addition, agents pass alerts to user-defined programs on the agent host for analysis
and action if such programs are configured. For more information, see “Automated
Response for Alerts” (page 191).
The agent runs as a background daemon on the agent host. It communicates with the
administration host via an encrypted Secure Socket Layer (SSL) communications link,
which provides integrity, confidentiality, and authentication for network transmission.
System Manager
The HP-UX HIDS System Manager runs on the administrative system and monitors
the alerts generated by agents on the agent hosts. Use it to create surveillance schedules
and download them to agents on agent hosts.
Starting HP-UX HIDS for the First Time
This procedure describes the steps required to start the HP-UX HIDS System Manager
and agents for the first time. As you do this, your systems benefits immediately the
protection of intrusion detection while you learn the specifics of the software and tune
your configuration to fit your requirements.
52 Getting Started with HP-UX HIDS