HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

201

202

203

204

205

206

207

208

209

210

comm_write_msg: Error writing message, errno==607:

Error during SSL handshake

Use IDS_checkAgentCert to get the validity duration of the agent certificate, and compare it

with the system time of the agent host. If the certificate is not yet valid on the agent host, either

adjust the system time of the agent host, or wait until the certificate becomes valid.

IDS_checkInstall fails with a kmtune error

IDS_checkInstall reports that a kmtune file write operation fails and the idds driver is not

configured:

# /opt/ids/bin/IDS_checkInstall

kmtune: Cannot write file -- /stand/.kmsystune_lock

WARNING: The idds driver is not configured into the

kernel.

□ If patch PHCO_24112 is not installed on your system, please contact HP Support.

IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully

□ The normal completion is shown in the steps in “Setting Up HP-UX HIDS Secure

Communications” (page 21).

□ Check the messages in the error log file /var/opt/ids/certs.log for correctable errors.

□ Contact HP Support.

IDS_genAdminKeys or idsgui quits early

On occasion, apparently due to a swlist timeout, the IDS_genAdminKeys and idsgui

commands may quit early. (The swlist command is used to verify that the correct version of Java

is available.)

• The IDS_genAdminKeys command may quit before it finishes making the keys. The symptom

is that the final banner is not displayed. The banner is shown in Chapter 2: “Configuring

HP-UX HIDS” (page 20).

• The idsgui command may quit before it launches the System Manager. The symptom is that

the prompt returns and the following message is not displayed.

Starting the HP-UX HIDS System Manager in the

background

Please wait....

In either case, you can try running the command again.

The solution is to apply the latest Software Distributor (SD) Cumulative Patch. For 11i and 11i

version 1.6, install PHCO_25887 or a superseding patch, if any.

Large files in /var/opt/ids

□ The communication between idskerndsp and idscor uses a memory-mapped file, which

normally only exists (in the /var/opt/ids directory) when a surveillance schedule is running.

The files are named ids_n, where n is incremented from 1001 for each activated schedule.

□ If idsagent has a problem, the files may not be deleted normally. If no schedule is running

on the agent, there should be no ids_n files. You can safely delete them with the rm command.

210 Troubleshooting