Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
31323334353637383940
The HP-UX HIDS agent software is installed on a system named large, that has four network
interface cards, each with a unique IP address. Three of the IP addresses are mapped to aliases
large1, large2, and large3 as shown by the following commands:
$nslookup large
...
Addresses: 1.2.3.4, 1.2.5.10, 1.5.6.7, 2001:db8::100
$nslookup large1
...
Address: 1.2.3.4
$nslookup large2
...
Address: 1.2.5.10
$nslookup large3
...
2001:db8::100
Select the network interface that the HP-UX HIDS agent software on the system large must
listen on. For example, select the interface with the IP address 1.2.5.10, aliased to the name
large2. The HP-UX HIDS agent software communicates only with an HP-UX HIDS System
Manager that sends network traffic to and receives it from IP address 1.2.5.10.
Therefore, set the IDS_LISTEN_IFACE parameter in the HP-UX HIDS configuration file to either
IDS_LISTEN_IFACE large2
or
IDS_LISTEN_IFACE 1.2.5.10
Choose the third network interface card that has no hostname aliased to it. In this case, set the
IDS_LISTEN_IFACE parameter to:
IDS_LISTEN_IFACE 1.5.6.7
Force the HP-UX HIDS agent to reread the configuration file by sending it a HUP signal. For more
information, see “Forcing Active Agent to Reread Configuration File” (page 191).
Configuring a Multihomed Administration System
If the HP-UX HIDS administration system software is installed on a multihomed system, the
HP-UX HIDS administration system must know which interface to use to communicate with its
agent systems. The idsgui script must be modified to contain the setting that specifies the
network address on which the administration system listens.
To configure HP-UX HIDS administration and agent software only if you are using a multihomed
administration system, follow these steps:
1. Determine whether the administration system is multihomed. Use the nslookup command
to determine which IP address corresponds to the host name of the system. If more than
one IP address is returned by nslookup, your system is multihomed. If only one IP address
is returned, your system is not multihomed.
NOTE: No modifications are needed for a system that has only one IP address.
2. Select the interface on which you want the HP-UX HIDS agent to communicate with the
administration system.
Configuring a Multihomed Administration System 37