Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
41424344454647484950
5 Using the Schedule Manager Screen
This chapter describes how to configure HP-UX HIDS surveillance schedules, surveillance groups,
and detection templates. This chapter addresses the following topics:
“The Schedule Manager (page 48)
“Configuring Surveillance Schedules (page 50)
“Configuring to Monitor HP-UX Containers (HP-UX SRP)” (page 53)
“Configuring Surveillance Groups (page 55)
“Configuring Detection Templates (page 58)
“Setting Surveillance Schedule Timetables (page 62)
“Configuring Alert Aggregation (page 64)
“Configuring Monitor Failed Attempts (page 67)
“Configuring Duplicate Alert Suppression (page 68)
“Viewing Surveillance Schedule Details (page 70)
“Predefined Surveillance Schedules and Groups (page 72)
The Schedule Manager
The Schedule Manager screen helps you create and configure HP-UX HIDS surveillance schedules,
surveillance groups, and detection templates.
Using this screen, you can:
Add, rename, delete, and define surveillance schedules, including which surveillance groups
make up a schedule.
Add, rename, delete, and define surveillance groups, including which templates make up a
group, the days and times the group will be active, and the values for the properties of the
selected templates.
NOTE: A group’s timetable can be different in different schedules. A template’s property values
can be different in different groups.
A surveillance schedule is what you activate on an agent host to monitor activities and report alerts.
It includes the name of one or more surveillance groups. A surveillance group consists of one or
more templates. A template consists of one or more properties. A property can have zero or more
values. The templates and their properties are predefined.
For a host configured with HP-UX Containers (HP-UX SRP), the HIDS agent running in Global SRP
(init Container) can monitor all the Containers. A surveillance schedule will consist of one or more
configuration blocks for Containers (SRP). A configuration block consists of one or more surveillance
groups.
Surveillance schedules are saved in /etc/opt/ids/schedules/<schedname>.txt where
schedname is the name of the schedule. If you rename a schedule, its file is renamed. If you save
a schedule under a new name, the old file is renamed and the schedule is renamed. Saving a
schedule ensures that it has been written to disk.
Surveillance groups are saved in /etc/opt/ids/schedules/groups/<groupname>.txt
where groupname is the name of the group. If you rename a group, its file is renamed.
Schedules and groups are saved automatically when you first create them and every time you exit
from the System Manager screen. For information about the format and structure of surveillance
schedules and groups, see Appendix E (page 188).
48 Using the Schedule Manager Screen