Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide: HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3 > Chapter 2 Configuring HP-UX HIDS

Configuring a Multihomed Administration System
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

If the HP-UX HIDS administration system software is installed on a multihomed system, the HP-UX HIDS administration system must know which interface to use to communicate with its agent systems. The idsgui script must be modified to contain the setting that specifies the network address on which the administration system listens.

To configure HP-UX HIDS administration and agent software only if you are using a multihomed administration system, follow these steps:

  1. Determine whether the administration system is multihomed. Use the nslookup command to determine which IP address corresponds to the host name of the system. If more than one IP address is returned by nslookup, your system is multihomed. If only one IP address is returned, your system is not multihomed.

    NOTE: No modifications are needed for a system that has only one IP address.

  2. Select the interface on which you want the HP-UX HIDS agent to communicate with the administration system.

    The choice of address depends on your network topology. The address can either be an IP address in dotted decimal notation (for example, 1.2.3.4) or a host name that resolves to a unique IP address on the administration system.

    It is essential that a network route exist between the HP-UX HIDS administration system and HP-UX HIDS agent systems. On the administration system, use the /usr/sbin/ping command or the /usr/contrib/bin/traceroute command to verify that network traffic can flow between the systems. You can select the address with the shortest transmission speed or fewer hops (exposure).

    NOTE: A different administration system is required to monitor agents that are on a different (physically separated) network, even if an administration system is connected to both networks. This is because an administration system can only monitor agents that are on the same network.

  3. On the multihomed administration host, log in as ids, as follows:

    $ su - ids

  4. Edit the System Manager script, as follows:

    $ vi /opt/ids/bin/idsgui

  5. Locate the INTERFACE variable in the GUI Configuration section. For more information, see idsgui(1M).

  6. Add your interface address selected in Step 2 after the equals sign. For example, change:

    INTERFACE=

    to

    INTERFACE=1.2.3.4

  7. Save the file with your modifications.

  8. If the System Manager is running, stop and restart it.

  9. On each agent host, log in as ids, as follows:

    $ su - ids

  10. Edit the agent configuration file, as follows:

    $ vi /etc/opt/ids/ids.cf

  11. Locate the REMOTEHOST parameter in the [RemoteSA] section. For more information, see ids.cf(5).

  12. Add your interface address (IP address or host name) selected in Step 2. For example, change:

    REMOTEHOST

    to

    REMOTEHOST 1.2.3.4
    NOTE: The REMOTEHOST parameter is overridden when you import the certificate bundle with IDS_importAgentKeys.

  13. Save the file with your modifications.

  14. If the agent is running, force it to reread its configuration file, as described in “Forcing Active Agent to Reread Configuration File”.

Changing the IP Address of an Administration System

If the IP addresses of the administration systems need to be changed, you must complete the following steps to ensure that HIDS continues to run smoothly:

  • Check the REMOTEHOST entry in the ids.cf file located on the agent systems. If the REMOTEHOST entry refers to the hostname, no modifications are required. However, if the REMOTEHOST entry refers to the IP address, then you must update the entry to reflect the new IP address.

    TIP: If your administration system is not multihomed, and if you do not plan to make it multihomed, use a hostname for the REMOTEHOST entry. You need not modify the ids.cf file even if the IP address changes in future, as long as the hostname of the administration system does not change.

  • Make this change in all the ids.cf files located on all the agent systems.

    If the ids.cf files are identical, you can choose to push a master copy of the file to all the agents.



Configuring a Multihomed Agent System
  		 


Configuring a Loopback System  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.