Using the CSID Director for Unix
What is the Cisco Secure Intrusion Detection (CSID) Director
for Unix? CSID Director for Unix is another application that you can use to
manage your IDS sensors. CSID Director runs on a Solaris or HPUX platform and
has hooks into HP OpenView Network Node Manager (NNM). Without the NNM software,
the installation will not succeed. This section assumes you have NNM installed
on either a Solaris or HPUX platform.
Installing
and Starting the Director
Very little about working with the CSID Director is simple.
You will find that most of the initial setup and commands require a firm grasp
of Unix.
To install the Director, follow these steps:
-
Log on to the system you plan to install the CSID Director
software onto. You must be root to run this install.
-
Insert the CSID Director install CD into the CD-ROM. Mount
the CD-ROM device.
-
Run the install script by typing /cdrom/cdrom0/install.
-
If you are downloading the image, you must first uncompress
the downloaded file and then untar the file to a temp directory. After that, you
can initiate the install script by typing ./install.
-
When prompted, enter a password for the netrangr account.
The netrangr account is created by default during the installation.
-
Once you have set the password, you will be required to run
the sysconfig-director utility. Enter y when
prompted to run the script. The sysconfig-director utility has to be run and the
configuration completed before running the NNM. The settings in the
sysconfig-director utility are the same as those for the sysconfig-sensor
utility discussed in Chapter 3. The settings are shown in Table 4.1.
Table 4.1: sysconfig-director Parameters
|
Field |
Input |
|
Director Host ID |
1-65535 |
|
Director Organization ID |
1-65535 |
|
Director Host Name |
256 alphanumeric characters, no spaces, "-" and "_" are
okay. |
|
Director Organization Name |
256 alphanumeric characters, no spaces, "-" and "_" are
okay. |
|
Director IP Address |
Valid IP address |
|
HTML Browser Location |
Enter the path to Netscape if the Director does not find it.
The install path is /opt/netscape/netscape. |
-
The major differences here are that there is no option to
add IDS Manager information and you must specify the location of Netscape.
Remember, you are on the CSID Director and not the sensor! Once you have entered
the required information, type y to create the configuration
files. You are then prompted to reboot. Type y to reboot the
system. Once the system reboots, log on to the CSID Director as netrangr.
-
From here, you need to start up and configure HP OpenView
and configure. First though, make sure all the daemons are
running.
Remember in Chapter 3 when we discussed all the commands you can execute
from netrangr? Specifically, idsstatus was used to verify
the daemons were running. With the Director, the command is nrstatus. Once the sysconfig-director utility is run, the
following daemons are started:
-
nr.loggerd
-
nr.postofficed
-
nr.sapd
-
nr.configd
-
nr.filexferd
-
nr.smid
Starting the NNM is fairly simple. Execute the following
command:
ovw &
This is one of those times where Unix familiarity comes in
handy. The "&" forces NNM to run in the background.
Sections
Comments (0 posted)
Syndication
