HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

211

212

213

214

215

216

217

218

219

220

The idsadmin Command notifies of bad certificate when pinging a remote agent

Idsamin may notify of bad certificates if the certificate created on the admin host for the agent

is not yet valid on the agent host due to the system time difference between the admin host and

the remote agent host. For example:

./idsadmin -a hostname -i 1.2.3.4 -l /tmp/fooooo

Successfully opened /tmp/fooooo

Enter command>>ping

Wed Nov 24 20:53:23 2004: libcomm: pid=14582

thread_id=1:open_connection: Handshake error

(ssl_err=1,ret=0) as client

1:error:14094412:SSL routines:

SSL3_READ_BYTES:sslv3 alert bad

certificate:s3_pkt.c:1052:SSL alert number 42 Wed Nov 2

4 20:53:23 2004:

libcomm: pid=14582 thread_id=1: write_msg: error

opening connection to remote host, errno=607:Error

during SSL handshake.

Wed Nov 24 20:53:23 2004: libcomm: pid=14582 thread_id

=1: write_msg:

Returning failure, errno=607:Error during SSL

handshake Wed Nov 24

20:53:23 2004: libcomm: pid=14582 thread_id=1:

comm_write_msg: Error writing message, errno==607:

Error during SSL handshake

Use IDS_checkAgentCert to get the validity duration of the agent certificate, and compare it

with the system time of the agent host. If the certificate is not yet valid on the agent host, either

adjust the system time of the agent host, or wait until the certificate becomes valid.

IDS_checkInstall fails with a kmtune error

IDS_checkInstall reports that a kmtune file write operation fails and the idds driver is not

configured:

# /opt/ids/bin/IDS_checkInstall

kmtune: Cannot write file -- /stand/.kmsystune_lock

WARNING: The idds driver is not configured into the

kernel.

□ If patch PHCO_24112 is not installed on your system, please contact HP Support.

IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully

□ The normal completion is shown in the steps in “Setting Up HP-UX HIDS Secure

Communications” (page 29).

□ Check the messages in the error log file /var/opt/ids/certs.log for correctable errors.

□ Contact HP Support.

IDS_genAdminKeys or idsgui quits early

On occasion, apparently due to a swlist timeout, the IDS_genAdminKeys and idsgui

commands may quit early. (The swlist command is used to verify that the correct version of

Java is available.)

• The IDS_genAdminKeys command may quit before it finishes making the keys. The

symptom is that the final banner is not displayed. The banner is shown in Chapter 2:

“Configuring HP-UX HIDS” (page 29).

• The idsgui command may quit before it launches the System Manager. The symptom is

that the prompt returns and the following message is not displayed.

Starting the HP-UX HIDS System Manager in the

background

Please wait....

Troubleshooting 217