Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Transfer of HIDS Schedules, Groups, and Templates

SOLVED
Go to solution
Andrew Pollard
Super Advisor

Transfer of HIDS Schedules, Groups, and Templates

Hi,
I have been testing HIDS on a system that will not be our Primary Administation server. Am I able to transfer all the Schedules, Surveillance Groups, Templates, and Properties to the system that will be the primary Admin server?
Andrew Pollard
3 REPLIES
Pierre Pasturel
Respected Contributor

Re: Transfer of HIDS Schedules, Groups, and Templates

Andrew -

For the Schedules, Groups and Templates, you can copy the .sched and .grp files whose basenames are the names of your customized schedules and groups and which reside in /var/opt/ids/gui/SurveillanceSchedules and /var/opt/ids/gui/SurveillanceGroups, respectively. There is no need to copy anything from /var/opt/ids/gui/Templates, as these do not contain any of your settings (all template property values are in your .grp files).

For the GUI properties, you should be able to simply copy the files in /etc/opt/ids/gui/config to your new admin host.

In order to avoid having to regenerate your certificates for your admin guide and all your agents, you should also copy over the files in /etc/opt/ids/certs/admin.

Pierre
Andrew Pollard
Super Advisor

Re: Transfer of HIDS Schedules, Groups, and Templates

Hi Pierre,

I had to redo the certs, but everything else worked great.

Thanks.

Andrew
Highlighted
Pierre Pasturel
Respected Contributor
Solution

Re: Transfer of HIDS Schedules, Groups, and Templates

Andrew -

I forgot to tell you that you need to change the REMOTEHOST entry in /etc/opt/ids/ids.cf on all your agents to have the IP address or host name of your new admin host. You can do this by running:
./IDS_importAgentKeys key_bundle.tar.Z admin_hostname

where admin_hostname is the name or IP address of your new admin host.

Or can you manually edit ids.cf to modify the value of REMOTEHOST.

The existing certs were fine.

A FYI in case you do this again.

Pierre