HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

5. Go to the Schedule Manager screen and create surveillance schedules, or use the predefined

schedules. For more information, see “Using the Schedule Manager Screen” (page 51).

6. Go to the Host Manager screen and select the agent hosts you want to monitor. These are the

systems you started idsagent on in step 3. As described in “Setting Up HP-UX HIDS Secure

Communications” (page 24), the certificate script may have provided you with a selection of

agent hosts. Check the Monitored box for each host. For more information, see “Using the

Host Manager Screen” (page 78).

7. Go to the System Manager screen. For more information, see “Returning to the System Manager

Screen” (page 50).

8. Check the status of the agents. The host names are listed in the Monitored Hosts list. If they

are not listed as Available, select them all and press the Status button. The monitored hosts

will be listed as Available in the Status column. For more information, see “Getting the

Status of Agent Hosts” (page 45).

9. Activate the schedules on the agent hosts. This can be the same schedule on all hosts, a

different schedule on each host, or any combination thereof.

a. Select a schedule in the Schedules list, the hosts you want to download it to in the

Monitored Hosts list and press the Activate button.

b. Repeat for different schedules and different hosts. An agent host can run only one schedule

at time. If a download is successful, its Status is Scheduled or Running, depending

on its timetable. For more information, see “Activating Schedules on Agent Hosts”

(page 47).

Operations Screens

The HP-UX HIDS System Manager has five operations screens that you use to manage HP-UX HIDS

operations, receive operator input, and display HP-UX HIDS output.

• System Manager

The System Manager screen displays the current status of the agent systems and controls agent

operations. It is launched automatically when the System Manager starts. All other operations

screens can be accessed from the Edit or View menus of the System Manager screen. You

can return to the System Manager screen from the View > System Manager menu item on any

other operations screen. For more information, see Chapter 4: “Using the System Manager

Screen” (page 41).

• Schedule Manager

In the Schedule Manager screen, you can:

◦ Create and modify surveillance schedules.

◦ Create and modify surveillance groups.

◦ Add and modify the configuration for monitoring Containers (SRPs) by adding or assigning

groups for a particular Container (SRP). This is applicable when the HIDS agent is running

on a host configured with HP-UX Containers (HP-UX SRP). For more information, see HP-UX

Containers (HP-UX SRP) Administration Guide and Release notes.

◦ Modify template property values.

◦ Specify the days and times that each surveillance group will be active.

◦ Specify global property values, such as alert aggregation, monitor failed attempts, and

duplicate alert suppression properties, as these values are not template specific.

For more information, see Chapter 5: “Using the Schedule Manager Screen” (page 51).

• Host Manager

In the Host Manager screen, you can specify and enable the agent hosts you want to monitor.

For more information, see Chapter 6: “Using the Host Manager Screen” (page 78).

Operations Screens 39