Manuals / HP / Computer Equipment / Software

HP Host Intrusion Detection System (HIDS) manual Idsadmin Command, Synopsis Startup Options

Models: Host Intrusion Detection System (HIDS)

1 270
Download 270 pages 6.58 Kb
Page 223
Image 223

CAUTION

Synopsis

Startup

Options

The idsadmin Command

The idsadmin Command

The idsadmin Command

idsadmin is an IDS command-line administration tool that provides a command prompt for you to send commands to an idsagent process. In addition, you can receive alerts and error messages from the agent. See idsadmin (1M).

idsadmin assumes that the steps described in IDS_genAdminKeys (1M),

IDS_genAgentCerts (1M), and IDS_importAgentKeys (1M) have been followed to correctly generate certificates for secure communication. idsadmin cannot be run as superuser (root). It is designed to run as the nonprivileged user ids, created at product-installation time.

idsadmin requires agent certificates in /etc/opt/ids/certs/agent for secure communication. If the system on which idsadmin is run does not have an agent installed and configured, one can manually create /etc/opt/ids/certs/agent as user ids and copy the contents of that directory from a system on which agent certificates have been installed (see IDS_importAgentKeys (1M) ).

/opt/ids/bin/idsadmin [-h] [-a agent-host] [-c comm-debug-level] [-f schedule] [-i local-interface] [-l alert-error-filename] [-s cipher-suite]

When you invoke idsadmin and the -loption is not specified, idsadmin prompts for an alert file path where idsadmin will save any alerts and errors received. If the file already exists, idsadmin appends to it. If this file cannot be created, idsadmin exits with an error.

Once idsadmin has started, it issues a command prompt.

-h

Display a brief synopsis of the commands and exit.

-aagent-host

 

 

Specify the host name or IP address of the agent to monitor. By default,

 

the local host name is used. Use this option if the local host is

 

multihomed, or if the agent host is remote.

-ccomm-debug-level

Specify the communication debug level for printing error and debug messages. comm-debug-levelcan have the values 1 for low, 2 for medium, and 3 for high. Useful for troubleshooting.

-fschedule Specify an ASCII surveillance schedule file to be sent over to and activated by idsagent. Idsadmin will wait for potential error messages for several seconds before exiting. An ASCII schedule can be obtained using the Save function under the Details tab in Schedule Manager within the IDS System Manager, or by modifying the sample schedule /opt/ids/share/examples/idsadmin_schedule. See “Template Configuration Syntax” on page 178 for more information on how to configure the ASCII schedule.

-ilocal-interface

Appendix D

211

Page 222 Page 224
Page 223
Image 223
HP Host Intrusion Detection System (HIDS) manual Idsadmin Command, Synopsis Startup Options
Page 222 Page 224