Manualshelf

HP-UX Host Intrusion Detection System Version 4.3 release notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Migrating Schedules from Older Versions of HIDS
Surveillance schedules created using HIDS v3.1 and v4.0 must be migrated before they can be
run by HIDS v4.3 agents. Schedules created using HIDS v4.1 do not need to be migrated unless
the features introduced in version 4.2 and supported in version 4.3 are needed. Schedules created
using HIDS v4.2 do not need to be migrated.
NOTE: If you are migrating schedules created using HIDS v3.1, you must first upgrade to HIDS
v4.0 and convert them to HIDS v4.1 schedules by running guiSchedConvert before converting
them to v4.3 schedules using the process described below.
1. Perform one of the following to migrate a HIDS v4.1 schedule for use by HIDS v4.3 agents:
Run the migrator tool (/opt/ids/bin/migrator) on the v4.1 schedule
Start the HIDS v4.3 GUI (/opt/ids/bin/idsgui) to load the v4.1 schedule and save
it as a migrated schedule.
Directly edit the schedule text file to add the global variables introduced in HIDS v4.2.
Perform the following to migrate a HIDS v4.0 schedule for use by v4.3 agents:
Start the HIDS v4.3 GUI (/opt/ids/bin/idsgui) to load the v4.0 schedule and save
it as a migrated schedule.
Run the migrator tool (/opt/ids/bin/migrator) on the v4.0 schedule.
2. Run the migrator tool (/opt/ids/bin/migrator) on each migrated schedule in /var/
opt/ids/gui/logs/ that was created by the HIDS v4.0 GUI in the previous step. Use this
command with the following options:
-i input schedule
-o <output directory>
If this option is not specified, the tool creates the schedules and group files in /etc/
opt/ids/schedules and /etc/opt/ids/schedules/groups, respectively. If
this option is specified, the schedule files are created in the specified <output
directory>, and the corresponding group files are created in <output
directory>/groups
The migrated schedules will contain monitor_failed_attempts and log_severity_def
properties in the GLOBALS section.
Preinstallation
Before installing version 4.3 on a system that has a previous version of HP-UX HIDS installed
and running, HP recommends that you stop agent and admin processes.
IMPORTANT: For systems that do not currently have any version of HP-UX HIDS installed,
HP recommends that you make a full backup of all administration and agent systems before you
install HP-UX HIDS. Installation on agent systems requires a kernel rebuild (automatic) and
reboot.
Making Depots
It is a good idea to gather the various pieces of software into depots that you can use with the
swinstall command. These instructions tell you how to prepare three combination depots.
You will need at least two of them: one administration depot and one or two agent depots. Table 2-3
lists and describes these depots.
After you select the two or three that you need, HP recommends that you go through the rest of
this section and “Installing the Depots” (page 25) and mark the substeps that you will need to
complete.
Migrating Schedules from Older Versions of HIDS 19