Manualshelf

HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
31323334353637383940
The HP-UX HIDS agent software is installed on a system named large, that has four network interface
cards, each with a unique IP address. Three of the IP addresses are mapped to aliases large1,
large2, and large3 as shown by the following commands:
$nslookup large
...
Addresses: 1.2.3.4, 1.2.5.10, 1.5.6.7, 2001:db8::100
$nslookup large1
...
Address: 1.2.3.4
$nslookup large2
...
Address: 1.2.5.10
$nslookup large3
...
2001:db8::100
Select the network interface that the HP-UX HIDS agent software on the system large must listen
on. For example, select the interface with the IP address 1.2.5.10, aliased to the name large2.
The HP-UX HIDS agent software communicates only with an HP-UX HIDS System Manager that
sends network traffic to and receives it from IP address 1.2.5.10.
Therefore, set the IDS_LISTEN_IFACE parameter in the HP-UX HIDS configuration file to either
IDS_LISTEN_IFACE large2
or
IDS_LISTEN_IFACE 1.2.5.10
Choose the third network interface card that has no hostname aliased to it. In this case, set the
IDS_LISTEN_IFACE parameter to:
IDS_LISTEN_IFACE 1.5.6.7
Force the HP-UX HIDS agent to reread the configuration file by sending it a HUP signal. For more
information, see “Forcing Active Agent to Reread Configuration File (page 186).
Configuring a Multihomed Administration System
If the HP-UX HIDS administration system software is installed on a multihomed system, the HP-UX
HIDS administration system must know which interface to use to communicate with its agent systems.
The idsgui script must be modified to contain the setting that specifies the network address on
which the administration system listens.
To configure HP-UX HIDS administration and agent software only if you are using a multihomed
administration system, follow these steps:
1. Determine whether the administration system is multihomed. Use the nslookup command to
determine which IP address corresponds to the host name of the system. If more than one IP
address is returned by nslookup, your system is multihomed. If only one IP address is returned,
your system is not multihomed.
NOTE: No modifications are needed for a system that has only one IP address.
2. Select the interface on which you want the HP-UX HIDS agent to communicate with the
administration system.
Configuring a Multihomed Administration System 31