Configuration

Configuring a Multihomed Agent System

 

 

Configuring a Multihomed Agent System

 

 

A multihomed system is one that has multiple connections to a network. Typically, a

 

 

multihomed system has more than one network interface card, each with a unique

 

 

address. While the system may have only one host name, the name resolution software

 

 

will usually return the IP address of one of the interfaces on the system.

 

 

In such configurations, the HP-UX HIDS agent needs to know which interface it should

 

 

“listen on” for commands from the HP-UX HIDS administration system. Therefore, the

 

 

HP-UX HIDS agent configuration file must contain the setting that specifies the

 

 

network address on which the HP-UX HIDS agent will listen.

 

 

Follow this procedure to configure your HP-UX HIDS agent software only if you are

 

 

using it on a multihomed system.

Step

1.

Determine if the agent system is multihomed. If you are not sure, use the nslookup

 

 

command to see what IP address corresponds to the system’s host name. If more than

 

 

one IP address is returned by nslookup, your system is multihomed. If only one IP

 

 

address is returned, your system is not multihomed.

 

 

No modifications are needed for a system that has only one IP address.

Step

2.

Choose the one interface on which you want the HP-UX HIDS agent to communicate

 

 

with the administration system.

 

 

The choice of address will depend on your network topology. The address can be either an

 

 

IP address in dotted decimal notation (e.g., 1.2.3.4) or a host name that resolves to a

 

 

unique address on the system where the agent resides.

 

 

It is essential that a network route exists between the HP-UX HIDS administration

 

 

system and the HP-UX HIDS agent system. On the administration system, use the

 

 

/usr/bin/ping command (ping (1)) or the /usr/contrib/traceroute command to

 

 

verify that network traffic can flow between the systems. You may wish to choose the

 

 

address with the shortest transmission time (speed) or the fewest hops (exposure).

 

 

Later, you will enter the IP address or host name you choose into a configuration screen

NOTE

 

 

 

in the HP-UX HIDS System Manager. See Chapter 6, “Host Manager Screen,” on

 

 

page 83 for more details.

 

 

 

Step

3.

On the multihomed agent host, become user ids:

 

 

$ su - ids

Step

4.

Edit the configuration file; for example:

 

 

$ vi /etc/opt/ids/ids.cf

Step

5. Locate the IDS_LISTEN_IFACE parameter in the Globals section. (See Appendix D, “The

 

 

Agent Configuration File” on page 215“ for more details on the layout of the ids.cf file.)

Step

6.

Remove the comment symbol (#) from the start of the line and place your interface

 

 

addresschosen in 2 above after the parameter name. For example, change

Chapter 2

25

Page 36 Page 38
Page 37
Image 37
HP Host Intrusion Detection System (HIDS) manual Configuring a Multihomed Agent System, Step
Page 36 Page 38
Top Page Image Contents