HP Host Intrusion Detection System (HIDS) manual IDScheckInstall fails with a kmtune error

Troubleshooting

Troubleshooting

Enter command>>ping

Wed Nov 24 20:53:23 2004: libcomm: pid=14582

thread_id=1:open_connection: Handshake error (ssl_err=1,ret=0) as client 1:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1052:SSL alert number 42 Wed Nov 24 20:53:23 2004: libcomm: pid=14582 thread_id=1: write_msg: error opening connection to remote host, errno=607:Error during SSL handshake.

Wed Nov 24 20:53:23 2004: libcomm: pid=14582 thread_id=1: write_msg: Returning failure, errno=607:Error during SSL handshake Wed Nov 24 20:53:23 2004: libcomm: pid=14582 thread_id=1:

comm_write_msg: Error writing message, errno==607:Error during SSL handshake

Use IDS_checkAgentCert to get the validity duration of the agent certificate, and compare it with the system time of the agent host. If the certificate is not yet valid on the agent host, either adjust the system time of the agent host, or wait until the certificate becomes valid.

IDS_checkInstall fails with a kmtune error

IDS_checkInstall reports that a kmtune file write operation fails and the idds driver is not configured:

#/opt/ids/bin/IDS_checkInstall

kmtune: Cannot write file -- /stand/.kmsystune_lock

WARNING: The idds driver is not configured into the kernel.

❏If patch PHCO_24112 is installed on your system, you need to apply patch PHCO_25342 for HP-UX 11.0 and PHCO_25429 for HP-UX 11i.

❏If patch PHCO_24112 is not installed on your system, please contact HP Support.

IDS_genAdminKeys or IDS_genAgentCerts does not complete successfully

❏The normal completion is shown in the steps in “Setting Up the HP-UX HIDS Secure Communications” on page 20.

❏Check the messages in the error log file /var/opt/ids/certs.log for correctable errors.

❏Contact HP Support.

IDS_genAdminKeys or idsgui quits early

On occasion, apparently due to a swlist timeout, the IDS_genAdminKeys and idsgui commands may quit early. (The swlist command is used to verify that the correct version of Java is available.)

❏The IDS_genAdminKeys command may quit before it finishes making the keys. The symptom is that the final banner is not displayed. The banner is shown in Chapter 2, “Configuration,” on page 17.

❏The idsgui command may quit before it launches the System Manager. The symptom is that the prompt returns and the following message is not displayed.