Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
3. Installing the keys on each host
Install the bundle of keys generated for each agent system on that system. Store the agent
certificate bundle in the /var/opt/ids/tmp directory.
a. Log in as follows:
$su - ids
b. Change directory to /opt/ids/bin, as follows:
$cd /opt/ids/bin
c. Store the key bundle in a directory, such as /var/opt/ids/tmp.
d. Import the following key bundle:
$IDS_importAgentKeys /var/opt/ids/tmp/agentsys.tar.Z
adminsys
Where:
agentsys is the name you entered for this agent system in Step 1.d
adminsys is the host name or IP address of the administration system.
If the administration system is multihomed, you must set the INTERFACE variable to the
IP address that you want to use for HP-UX HIDS communication. For more information,
see “Configuring a Multihomed Administration System (page 28).
The certificates for this host and the Root CA are extracted from the compressed tar file
/var/opt/ids/tmp/host1.tar.Z and installed. The value of REMOTEHOSTS in the
configuration file /etc/opt/ids/ids.cf is changed to adminsys.
The certificates are placed in /etc/opt/ids/certs/agent.
Following is an example of the install process, run on agent system myhost1:
$ IDS_importAgentKeys
/var/opt/ids/tmp/myhost1.tar.Z myadmin
Extracting key pair and certificates...
Modifying the configuration file
/etc/opt/ids/ids.cf to use myadmin as the
IDS Administration host...
********************************************
****************
* Keys for IDS Agent were imported
successfully.
* You can now run the idsagent process on
this machine and control it from the HP-UX
Host IDS System Manager.
********************************************
****************
Configuring a Multihomed Agent System
A multihomed system is a system that has multiple connections to a network. Typically, a multihomed
system has more than one network interface card, each with a unique address. While the system
can have only one host name, the name resolution software usually returns the IP address of one
of the interfaces on the system.
In such configurations, the HP-UX HIDS agent must know which interface to listen on for commands
from the HP-UX HIDS administration system. Therefore, the HP-UX HIDS agent configuration file
must contain the setting that specifies the network address on which the HP-UX HIDS agent listens.
To configure an HP-UX HIDS agent in a multihomed environment, follow these steps:
26 Configuring HP-UX HIDS