Manuals / HP / Computer Equipment / Software

HP Host Intrusion Detection System (HIDS) manual Schedule Manager timetable screen appears to hang

Models: Host Intrusion Detection System (HIDS)

1 270
Download 270 pages 6.58 Kb
Page 259
Image 259

Troubleshooting

Troubleshooting

6.Have the secure communications certificates expired?

On the administration system, run the script

/opt/ids/bin/IDS_checkAdminCert. If the certificate has expired, rerun

/opt/ids/bin/IDS_genAdminKeys with the update parameter. See “Setting Up the HP-UX HIDS Secure Communications” on page 20.

On the agent system, run the script /opt/ids/bin/IDS_checkAgentCert. If the certificate has expired, rerun /opt/ids/bin/IDS_genAgentCerts for the agent on the administration system. Then reimport the certificates on the agent system with /opt/ids/bin/IDS_importAgentKeys. See “Setting Up the HP-UX HIDS Secure Communications” on page 20.

Normal operation of an application generates heavy volume of alerts

To avoid becoming overwhelmed with unnecessary alert generation, you will need to customize the detection templates to meet the needs of your particular environment. If you have an application that generates a heavy volume of alerts during its normal mode of operation, you can reduce this occurrence by entering additional filtering into the necessary detection templates (most offer mechanisms by which these spurious alerts can be suppressed).

For example, a system with the Resource Management subsystem might trigger a heavy volume of alerts since it frequently updates some files in /etc/opt/resmon. You can go to the Schedule Manager and modify the “Modification of files/directories” template to have it ignore the /etc/opt/resmon directory. (This filtering is provided by default in HP-UX HIDS version 2.2.)

See “Suggested Best Practices” on page 73.

Reflection X rlogin produces multiple login and logout alerts

When logging in using rlogin within Reflection X, the login/logout template will report two login alerts followed immediately by a logout alert. This is expected behaviour and reflects how Reflection X immediately terminates a login session after bringing up a remote window.

Schedule Manager timetable screen appears to hang

The visual refresh of the day, time, and surveillance group matrix (which the System Manager maintains in the Schedule Manager timetable screen) is CPU intensive and hence may appear to be slow on some systems.

SSH does not perform a clean exit after idsgent is started

After starting idsagent from a ssh login, logging out of the agent system results in the ssh session hanging indefinitely. The following are some workarounds:

ssh -l root <machine> /usr/dt/bin/dtterm ; then type in the "/sbin/init.d/idsagent start" commands interactively . ssh -l root <machine> "/sbin/init.d/idsagent start"

ssh -l root <machine> "su - ids -c ’/opt/ids/bin/idsagent -a’ 2>&1"

Appendix G

247

Page 258 Page 260
Page 259
Image 259
HP Host Intrusion Detection System (HIDS) manual Schedule Manager timetable screen appears to hang
Page 258 Page 260