Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide: HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3 > Chapter 2 Configuring HP-UX HIDS

Configuring a Multihomed Agent System
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

A multihomed system is a system that has multiple connections to a network. Typically, a multihomed system has more than one network interface card, each with a unique address. While the system can have only one host name, the name resolution software usually returns the IP address of one of the interfaces on the system.

In such configurations, the HP-UX HIDS agent must know which interface to listen on for commands from the HP-UX HIDS administration system. Therefore, the HP-UX HIDS agent configuration file must contain the setting that specifies the network address on which the HP-UX HIDS agent listens.

To configure an HP-UX HIDS agent in a multihomed environment, follow these steps:

  1. Determine if the agent system is multihomed. Use the nslookup command to determine which IP address corresponds to the host name of the system. If more than one IP address is returned by nslookup, your system is multihomed. If only one IP address is returned, your system is not multihomed.

    NOTE: No modifications are needed for a system that has only one IP address.

  2. Select the interface on which you want the HP-UX HIDS agent to communicate with the administration system.

    The choice of address depends on your network topology. The address can either be an IP address in dotted decimal notation, for example, 1.2.3.4 or a host name that resolves to a unique address on the system where the agent resides.

    It is essential that a network route exists between the HP-UX HIDS administration system and the HP-UX HIDS agent system. On the administration system, enter the /usr/sbin/ping command or the /usr/contrib/bin/traceroute command to verify that network traffic can flow between the systems. HP recommends that you select the address with the shortest transmission speed or fewer hops (exposure).

    Later, you must enter the IP address or host name you selected into a configuration screen in the HP-UX HIDS System Manager. For more information see Chapter 6.

  3. On the multihomed agent host, log in as ids, as follows:

    $su - ids

  4. Edit the configuration file; for example:

    $ vi /etc/opt/ids/ids.cf

  5. Locate the IDS_LISTEN_IFACE parameter in the Globals section. For more information, see Appendix D

  6. Remove the comment symbol (#) from the start of the line, and place the interface address selected in step 2 after the parameter name. For example, change:

    # IDS_LISTEN_IFACE <insert your hostname/IP addr here>

    to

    IDS_LISTEN_IFACE 1.2.3.4

  7. Save the modified file.

  8. If the agent is running, force the agent to reread the configuration file by sending it a HUP signal. For more information, see “Forcing Active Agent to Reread Configuration File”.

If you enter an invalid IDS_LISTEN_IFACE parameter, the HP-UX HIDS software agent reports an error when you attempt to start it. Repeat steps 1to 8 to correct the setting of IDS_LISTEN_IFACE, and restart the HP-UX HIDS agent.

Example

The following example illustrates how to configure a multihomed agent system:

Install HP-UX HIDS agent software on a system named large, which has three network interface cards, each with a unique IP address. Two of the IP addresses are mapped to aliases large1 and large2. Enter the following commands:

$nslookup large ... Addresses: 1.2.3.4, 1.2.5.10, 1.5.6.7

$nslookup large1 ... Address: 1.2.3.4

$nslookup large2 ... Address: 1.2.5.10

Select the network interface that the HP-UX HIDS agent software on the system large must listen on. For example, select the interface with the IP address 1.2.5.10, aliased to the name large2. The HP-UX HIDS agent software communicates only with an HP-UX HIDS System Manager that sends network traffic to and receives it from IP address 1.2.5.10.

Therefore, set the IDS_LISTEN_IFACE parameter in the HP-UX HIDS configuration file to either

IDS_LISTEN_IFACE   large

or

IDS_LISTEN_IFACE   1.2.5.10

Choose the third network interface card that has no host name aliased to it. In this case, set the IDS_LISTEN_IFACE parameter to:

IDS_LISTEN_IFACE   1.5.6.7

Force the HP-UX HIDS agent to reread the configuration file by sending it a HUP signal. For more information, see “Forcing Active Agent to Reread Configuration File”.



Setting Up HP-UX HIDS Secure Communications
  		 


Configuring a Multihomed Administration System  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.