Troubleshooting

Troubleshooting

To allow communications back to these ephemeral ports, use the “keep state” rule in IPFilter.

pass out quick proto tcp all keep state

4.Allow queries to DNS servers by HP-UX HIDS agents and HP-UX HIDS System Manager

pass out quick proto udp all keep state

5.Since the HP-UX HIDS System Manager requires X11 connections, which can and should be forwarded over the secure channel with SecureShell, allow SecureShell incoming connections.

pass in quick proto tcp from any to any port = 22 flags S keep state keep frags

6.Block any incoming connections which were not explicitly allowed. block in log quick all

How to allow the SecureShell daemon to forward X11 traffic

First, change the SecureShell /etc/opt/ssh/sshd_config configuration file:

Set X11Forwarding to yes,

Set X11UseLocalhost to no.

Earlier versions of ssh don’t recognize the second entry. If it’s not there, you don’t need to add it.

Then send a HUP signal to the sshd so that it will reread the sshd_config file.

How to display System Manager after SecureShell login as root and su to ids

Problem: You use ssh to log in to a host as root, then switch to user ids and get a display error when opening an X window or starting idsgui. Here is the terminal output:

#su ids

$ echo $DISPLAY x.x.x.x:10.0

NOTE

x.x.x.x stands for the IP address of the host.

 

:10.0 is an automatic result of X11 forwarding being enabled in ssh. You should not

 

manually set DISPLAY to :10.0.

 

$ ./idsgui

 

 

Unable to display the GUI on

 

x.x.x.x:10.0

 

Please check the value of the environment variable

 

DISPLAY and verify that this machine is authorized

 

to connect to that display.

250

Appendix G

Page 262
Image 262
HP Host Intrusion Detection System (HIDS) manual How to allow the SecureShell daemon to forward X11 traffic, 250