HPE Community
Operating System - HP-UX
1829118 Members
2024 Online
109986 Solutions
New Discussion

HIDS agent problem

 
Rainer von Bongartz
Honored Contributor

‎02-28-2007 11:34 PM

‎02-28-2007 11:34 PM

HIDS agent problem


Hi,

my HIDS manager ( HP-UX Host IDS B.03.00) cannot contact the agent systems any longer :

ERROR in TRACE.log is:

MAJOR: initialize ipAddress: X.X.X.X Handshake Exception: java.io.IOException: Broken pipe

The GUI says : No agent available

ids IS running on the agent hosts


Any ideas ??


He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
5 REPLIES 5
Pierre Pasturel
Respected Contributor

‎03-20-2007 08:11 AM

‎03-20-2007 08:11 AM

Re: HIDS agent problem

Hi Rainer -

It appears the SSL handshake with an agent failed. Have you tried all the suggestions listed in the Troubleshooting section of the Admin Guide?

See
http://docs.hp.com/en/5991-6776/aphs01.html#cacjifja
http://docs.hp.com/en/5991-6776/aphs01.html#cacjhecj

Pierre
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎03-20-2007 09:54 PM

‎03-20-2007 09:54 PM

Re: HIDS agent problem

Pierre,

thanks for the hint, the certificates were expired.

I created new ones as described, but still have this error on the management system when trying to poll the client:

Wed Mar 21 10:57:04 2007: libcomm: pid=26511 thread_id=2: accept_connection: Handshake error (ssl_err=1,ret=0) as server
2:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1052:SSL alert number 46
Wed Mar 21 10:57:04 2007: libcomm: pid=26511 thread_id=2: read_thread: error accepting connection, errno=607
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎03-21-2007 05:01 AM

‎03-21-2007 05:01 AM

Re: HIDS agent problem

Hi Rainer -

Did you make sure both the admin and agent certs were not expired?

On the admin system, run the following:
% /opt/ids/bin/IDS_checkAdminCert
% cksum /etc/opt/ids/certs/admin/cacert.pem

On the agent system, run the following:
% /opt/ids/bin/IDS_checkAgentCert
% cksum /etc/opt/ids/certs/agent/cacert.pem

The checksums for .../admin/cacert and .../agent/cacert should match.

If the admin certs expired, and you re-ran IDS_genAdminKeys, you will need to regenerate certs for the agent also by running IDS_genAgentCerts and then IDS_importAgentCerts on the agent system to install them.

Pierre


0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎03-22-2007 01:56 AM

‎03-22-2007 01:56 AM

Re: HIDS agent problem

Piere,

I checked the checksums and the match.
I re-created the keys and distiributed them but the errors stays the same

On the admin system it says:
HP-UX Host IDS Root CA Certificate:
Valid from: Thu Mar 22 09:54:44 CET 2007 until: Thu Feb 19 09:54:44 CET 2009

HP-UX Host IDS Admin Certificate:
Valid from: Thu Mar 22 09:55:10 CET 2007 until: Thu Feb 19 09:55:10 CET 2009

$ cksum /etc/opt/ids/certs/admin/cacert.pem
2699799611 1082 /etc/opt/ids/certs/admin/cacert.pem

On the agent system it says.
HP-UX Host IDS Root CA Certificate:
Valid from: Mar 22 08:54:44 2007 GMT until: Feb 19 08:54:44 2009 GMT

HP-UX Host IDS Agent Certificate on host nova:
Valid from: Mar 22 09:10:52 2007 GMT until: Feb 19 09:10:52 2009 GMT
ids@nova $

2699799611 1082 /etc/opt/ids/certs/agent/cacert.pem

so everythings looks OK.
Any further hints ??





He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎03-26-2007 04:10 AM

‎03-26-2007 04:10 AM

Re: HIDS agent problem

Hi Rainer -

Sorry for the late response.

What is the output of the following commands on both the admin and agent system?

% date
% ls -lR /etc/opt/ids/certs

Can the admin (idsgui (GUI) and idsadmin CLUI) connect to an agent running on the admin system? I assume you are trying to connect to a remote agent.

Run "idsadmin -c 3 -a |& tee /var/tmp/idsadmin.log" and run the "ping" command from the idsadmin interctive menu and then attach idsadmin.log in your next response.

Pierre
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.