Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
installation.
********************************************
****************
The agent certificate bundles are generated and stored in the following files:
/var/opt/ids/tmp/myhost1.tar.Z
/var/opt/ids/tmp/myhost2.tar.Z
/var/opt/ids/tmp/15.27.43.6.tar.Z
/var/opt/ids/tmp/2001::db8:100.tar.Z
NOTE: The IDS_genAdminKeys and IDS_genAgentCerts commands include options
to provide alternate key lengths and alternate expiration dates for the administration and
agent certificates. For more information, see IDS_genAdminKeys(1M) and
IDS_genAgentCerts(1M). The default key length is 1024 bits. The default expiration is 700
days.
TIP: You can automate agent certificate creation by creating a file of host names and IP
addresses, one host name or IP address per line. Each entry must refer to a single IP address
on an agent system. For more information, see “Configuring a Multihomed Agent System
(page 26).
If your file name is list_of_hosts, then the command is as follows:
$ cat list_of_hosts | IDS_genAgentCerts
2. Transporting the certificates
Transfer the agent certificate bundles through a secure channel to the agent systems.
To securely transport the certificate bundles stored in /var/opt/ids/tmp/hostname.tar.Z
to each of the agent machines, use an out-of-band secure channel. There are different ways
to move your files from one system to another securely. For example, you can use encrypted
PGP e-mail, a portable medium such as a floppy disk or tape cassette that you carry from one
system to another, an NFS mount, or an FTP site. However, because every environment is
different, you must determine which method is best for your particular situation.
CAUTION: FTP, RCP, and unencrypted e-mail are not secure methods of transportation; the
contents of files can be exposed to eavesdroppers, which threatens the security of the
communication system.
Private key files are protected by granting read and write file permissions for user ids only.
Setting Up HP-UX HIDS Secure Communications 25