HP Host Intrusion Detection System (HIDS) manual Setting Up the HP-UX Hids Secure Communications

Configuration

Setting Up the HP-UX HIDS Secure Communications

Setting Up the HP-UX HIDS Secure Communications

HP-UX HIDS provides a secure communication environment between its administration System Manager and its agent processes via the Secure Sockets Layer (SSL) protocol. (See “Glossary of HP-UX HIDS Terms” on page 13.)

To use the SSL protocol, each component involved in the communication requires a separate identity, or certificate, to identify itself and to authenticate that any information received from another HP-UX HIDS component is genuine and not initiated by an unauthorized outsider.

To ensure secure communication, both the System Manager process which runs on the administration system, and the HP-UX HIDS agent process which runs on each participating agent system, need to have a certificate associated with it. HP-UX HIDS provides a toolset to generate X.509 certificates to provide authentication. The System Manager will not start until you establish such secure communication.

Table 2-1 provides an overview of the IDS scripts you will need to use. See the detailed steps following the table.

Step 1. Create the X.509 Certificates

The certificate for the HP-UX HIDS System Manager process must first be generated by user ids locally on the HP-UX HIDS administration system. Only then can the certificates for each of the agent nodes be signed by the HP-UX HIDS administration station. The administration system holds the Root Certification Authority (Root CA) that is used to endorse all other certificates.

a.On the administration system, become user ids: $ su - ids

b.Change directory to /opt/ids/bin: $ cd /opt/ids/bin

c.Generate the administration keys: