McAfee® Host Intrusion Prevention 6.1 Product Guide

Host Intrusion Prevention Client

 

Solaris client

9

Run this command...

To do this...

 

 

hipts message <message name>:on

Display the message type indicated when logging is

 

set to “on.” Messages include:

 

„

error

 

„

warning

 

„

debug

 

„

info

 

„

violations

 

 

hipts message <message name>:off

Hide the message type indicated when logging is

 

set to “on.”Message error is off by default.

 

 

hipts message all:on

Display all message types when logging is set to

 

“on.”

 

 

hipts message all:off

Hide all message types when logging is set to “on.”

 

 

hipts engines <engine name>:on

Turn on the engine indicated. Engine is on by

 

default. Engines include:

 

„

MISC

 

„

FILES

 

„

GUID

 

„

MMAP

 

„

BO

 

„

ENV

 

„

HTTP

 

 

hipts engines <engine name>:off

Turn off the engine indicated.

 

 

hipts engines all:on

Turn on all engines.

 

 

hipts engines all:off

Turn off all engines.

 

 

 

In addition to using the troubleshooting tool, consult the HIPShield.log and HIPClient.log files in the /opt/McAfee/hip/log directory to verify operations or track issues.

Starting and stopping the client

You may need to stop a running client and restart it as part of troubleshooting.

To stop a Solaris client:

1Disable IPS protection. Use one of these procedures:

„Set IPS Options to Off in the ePO console and apply the policy to the client.

„Run the command: hipts engines MISC:off.

2Run the command: /etc/rc2.d/S99hip stop.

To restart a Solaris client:

1Run the command: /etc/rc2.d/S99hip restart.

2Enable IPS protection. Use one of these procedures, depending on which you used to stop the client:

„Set IPS Options to On in the ePO console and apply the policy to the client.

„Run the command: hipts engines MISC:on.

155

Page 155
Image 155
McAfee 6.1 manual To stop a Solaris client, To restart a Solaris client, 155