Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Release Notes HP-UX 11i v3 (766145-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Migrating Schedules from Older Versions of HIDS
Surveillance schedules created using HIDS v3.1 and v4.0 must be migrated before they can be
run by HIDS v4.7 agents. Schedules created using HIDS v4.1 do not need to be migrated unless
the features introduced in v4.2 and supported in v4.7 are needed. Schedules created using HIDS
v4.2, 4.3, and v4.4 do not need to be migrated.
NOTE: If you are migrating schedules created using HIDS v3.1, you must first upgrade to HIDS
v4.0 and convert them to HIDS v4.1 schedules by running guiSchedConvert before converting
them to v4.4 schedules using the process described below.
Complete the following process to migrate HIDS v4.0 schedules to HIDS v4.4 schedules:
1. Use the v4.0 idsgui to convert all the Java schedules that you want to migrate into text files.
Use the Details tab in the GUI Schedule Manager to save the schedules. The text schedules
are saved in /var/opt/ids/gui/logs/<schedulename.txt>
2. Use /opt/ids/bin/migrator to migrate each schedule to HIDS v4.7. Use this command
with the following options:
-i input schedule
-o <output directory>
If this option is not specified, the tool creates the schedules and group files in /etc/
opt/ids/schedules and /etc/opt/ids/schedules/groups, respectively. If
this option is specified, the schedule files are created in the specified <output
directory>, and the corresponding group files are created in <output
directory>/groups
The migrated schedules will contain monitor_failed_attempts and log_severity_def
properties in the GLOBALS section.
Preinstallation
Before installing v4.7 on a system that has a previous version of HP-UX HIDS installed and running,
HP recommends that you stop agent and admin processes.
IMPORTANT: For systems that do not currently have any version of HP-UX HIDS installed, HP
recommends that you make a full backup of all administration and agent systems before you install
HP-UX HIDS. Installation on agent systems requires a kernel rebuild (automatic) and reboot.
Making Depots
It is a good idea to gather the various pieces of software into depots that you can use with the
swinstall command. These instructions tell you how to prepare three combination depots. You
will need at least two of them: one administration depot and one or two agent depots. Table 4
lists and describes these depots.
After you select the two or three that you need, HP recommends that you go through the rest of
this section and “Installing the Depots (page 19) and mark the substeps that you will need to
complete.
Table 4 Software Depots
ContentsDepot
11i Admin+Agent Depot
/var/depot/ids_11i_admin+agent
Required system patches
Required Java patches
Migrating Schedules from Older Versions of HIDS 15