HP-UX Host Intrusion Detection System Version 4.2 Administration Guide
3. Installing the keys on each host
Install the bundle of keys generated for each agent system on that system. Store the agent
certificate bundle in the /var/opt/ids/tmp directory.
a. Log in as follows:
$su - ids
b. Change directory to /opt/ids/bin, as follows:
$cd /opt/ids/bin
c. Store the key bundle in a directory, such as /var/opt/ids/tmp.
d. Import the following key bundle:
$IDS_importAgentKeys /var/opt/ids/tmp/agentsys.tar.Z
adminsys
Where:
agentsys is the name you entered for this agent system in Step 1.d
adminsys is the host name or IP address of the administration system.
If the administration system is multihomed, you must set the INTERFACE variable to
the IP address that you want to use for HP-UX HIDS communication. For more
information, see “Configuring a Multihomed Administration System” (page 37).
The certificates for this host and the Root CA are extracted from the compressed tar file
/var/opt/ids/tmp/host1.tar.Z and installed. The value of REMOTEHOSTS in the
configuration file /etc/opt/ids/ids.cf is changed to adminsys.
The certificates are placed in /etc/opt/ids/certs/agent.
Following is an example of the install process, run on agent system myhost1:
$ IDS_importAgentKeys
/var/opt/ids/tmp/myhost1.tar.Z myadmin
Extracting key pair and certificates...
Modifying the configuration file
/etc/opt/ids/ids.cf to use myadmin as the
IDS Administration host...
********************************************
****************
* Keys for IDS Agent were imported
successfully.
* You can now run the idsagent process on
this machine and control it from the HP-UX
Host IDS System Manager.
********************************************
****************
Configuring a Multihomed Agent System
A multihomed system is a system that has multiple connections to a network. Typically, a
multihomed system has more than one network interface card, each with a unique address.
While the system can have only one host name, the name resolution software usually returns
the IP address of one of the interfaces on the system.
In such configurations, the HP-UX HIDS agent must know which interface to listen on for
commands from the HP-UX HIDS administration system. Therefore, the HP-UX HIDS agent
configuration file must contain the setting that specifies the network address on which the HP-UX
HIDS agent listens.
To configure an HP-UX HIDS agent in a multihomed environment, follow these steps:
Configuring a Multihomed Agent System 35