HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

Agent complains that idds has not been enabled, yet lsdev shows /dev/idds

is present

□ If your lsdev result shows /dev/idds is present, and yet the idsagent debug-enabled

log file (run with /opt/ids/bin/idsagent -d -l log_file_name) complains about

idds not being enabled, it is probable that there is an installation or kernel-build error. To

verify this, run the following on your machine:

$ /usr/sbin/kctune -q enable_idds

There are three possible results:

• If the value of the kernel tunable enable_idds is 0, that means IDDS is not enabled. You’ll

need to run the following to rebuild the kernel:

$ /usr/sbin/kctune -s enable_idds=1

$ mk_kernel

Then, reboot the machine and verify again with:

$ /usr/sbin/kctune -q enable_idds

• If the result is enable_idds=1, then the kernel was built correctly with idds enabled.

The problem lies elsewhere. Contact HP Support.

Agent does not start on system boot

□ When the agent system boots, the “Starting HP-UX HIDS agent” startup entry displays

“SKIP” or “FAIL”.

SKIP means the communications certificates have never been generated for the agent system.

FAIL means one of the following has occurred:

◦ The communications certificates were generated for the agent system but have been

deleted or moved. Generate the certificates as described in “Setting Up HP-UX HIDS

Secure Communications” (page 21).

◦ An error occurred when the idsagent daemon was started. Check error.log.

◦ The /etc/rc.config.d/ids defaults file is missing.

◦ The /opt/ids/bin/idsagent program is missing or not executable.

□ See “Agent does not start after installation” (page 207).

Troubleshooting 205