HPE Community
Operating System - HP-UX
1823121 Members
3387 Online
109646 Solutions
New Discussion юеВ

idsagent startup

 
SOLVED
Go to solution
jerry1
Super Advisor

тАО04-29-2004 01:08 AM

тАО04-29-2004 01:08 AM

idsagent startup

I get this error message when trying to start
/sbin/init.d/idsagent start

I have run all the IDS_xxx setup scripts in /opt/ids/bin. Does someone have a quick
way to configure and run IDS.


Thu Apr 29 07:59:41 2004: ids/9000: cannot open configuration file /etc/opt/ids/
ids.cf
Thu Apr 29 07:59:41 2004: ids/9000: access checking on configuration file /etc/o
pt/ids/ids.cf failed
ids/9000: failed to initialize configuration module
ids/9000: idsagent initialization failed. Exiting
0 Kudos
Reply
10 REPLIES 10
Pete Randall
Outstanding Contributor

тАО04-29-2004 01:33 AM

тАО04-29-2004 01:33 AM

Re: idsagent startup

Jerry,

I know nothing about ids but I'll ask the obvious. Does /etc/opt/ids/ids.cf exist and have "readable" permissions?


Pete

Pete
0 Kudos
Reply
jerry1
Super Advisor

тАО04-29-2004 01:48 AM

тАО04-29-2004 01:48 AM

Re: idsagent startup

I knew someone was going to ask this question. Yes, I checked the perms etc...

I was able to run idsagent when I first
installed it but nothing worked. So I went
back and ran all the commands:

IDS_checkAdminCert IDS_genAgentCerts
IDS_checkAgentCert IDS_importAgentKeys
IDS_checkInstall IDS_genAdminKeys

Then the problem started.

The startup script in /sbin/init.d/idsagent
runs:

su - ids -c "cd /opt/ids/bin ; ./idsagent -a"

You should download the package and try it
out. Theres not much to it. I'm on HP 11i.

J5083AA B.02.01.32 HP IDS 9000 B.02.01

0 Kudos
Reply
Ruan_3
Frequent Advisor

тАО04-29-2004 02:13 AM

тАО04-29-2004 02:13 AM

Re: idsagent startup

Hi Jerry,

Have you ran
/opt/ids/bin/IDS_checkInstall? It might give you a clue. You can also try and run the agent with debugging on as per docs.hp.com:

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/J5083-90007/J5083-90007_top.html&con=/hpux/onlinedocs/J5083-90007/00/00/37-con.html&toc=/hpux/onlinedocs/J5083-90007/00/00/37-toc.html&searchterms=ids&queryid=20040429-080858

To facilitate debugging, run the idsagent process and all subprocesses with full debugging. Log all messages to the file /tmp/debug_logfile:

/opt/ids/bin/idsagent -c 1 -d -e -l /tmp/debug_logfile

Hope this helps.

Cheers,
Ruan
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

тАО04-29-2004 02:20 AM

тАО04-29-2004 02:20 AM

Re: idsagent startup

Make sure you run it as user "ids". It may not be able to open the configuration file because the user that you're using does not have the rights to do so.

-Hazem
0 Kudos
Reply
jerry1
Super Advisor

тАО04-29-2004 05:07 AM

тАО04-29-2004 05:07 AM

Re: idsagent startup

Ruan, I cannot access your link.

I found that I cannot de-install the
package without rebooting. ???

How did it install IDS without buliding a new kernel rebooting in the first place???

IDS_checkInstall report:

The idds driver is configured into the kernel and IDDS is enabled.
dbsvr1 is not an HP-UX 11.00 system. No need to check patches

Install check successful!


0 Kudos
Reply
Pierre Pasturel
Respected Contributor

тАО04-29-2004 08:39 AM

тАО04-29-2004 08:39 AM

Solution

Re: idsagent startup

Jerry -

More than likely, the permissions on ids.cf include the world writable permission. Fix this by running "chmod o-w /etc/opt/ids/ids.cf" as user ids. The file should also be owned by user ids, group ids.

ids will not open a file that is world writable for security reasons.

If you believe you never modified the permission of ids.cf yourself to allow world writable permission, then we would need a detailed description of the commands you ran to create this condition.

Pierre

Reply
jerry1
Super Advisor

тАО04-29-2004 08:52 AM

тАО04-29-2004 08:52 AM

Re: idsagent startup

As it turns out. Had the wrong group GID for ids, 101, in /etc/passwd file which is our dba group and 103 for ids in /etc/group file. I had dba for GID on ids files.


But now System Manager won't load schedules.
See errors:


Thu Apr 29 14:52:51 2004: idssysdsp: cannot raise privs to open file /var/adm/sulog

Thu Apr 29 14:52:51 2004: ids/9000: a critical error occured on the agent; halting schedule execution

Thu Apr 29 14:52:51 2004: ids/9000: one of the IDS processes died abnormally: halting schedule execution


0 Kudos
Reply
Pierre Pasturel
Respected Contributor

тАО04-29-2004 09:08 AM

тАО04-29-2004 09:08 AM

Re: idsagent startup

Jerry - The wrong gid on ids.cf and the fact idssysdsp can not raise privilege (sounds like it isn't configured to be a setuid root program) are signs that the installation of ids was corrupted.

Have you been modifying files as a user other than user "ids" and/or have been modifying ownership/permissions of ids files?

Pierre
Reply
jerry1
Super Advisor

тАО04-30-2004 07:16 AM

тАО04-30-2004 07:16 AM

Re: idsagent startup

No Pierre, I think what happened was that
at one time or other ids was either installed
or someone copied the /etc/passwd file over
from another system which had ids in it
already but with the wrong GID.
When I noticed that ids files had dba as
group I changed them to ids but did make the
change in the /etc/passwd file which was
the cause of the problem in the first place.

You would think the ids checkinstall script
would catch this.
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

тАО04-30-2004 08:10 AM

тАО04-30-2004 08:10 AM

Re: idsagent startup

Jerry -

I believe swverify will do at least some of the checking you are requesting. If it does not, I am willing to file an enhancement request on your behalf against IDS_checkInstall if you can give me a detailed description of what you would like IDS_checkInstall to do which swverify can not. I would appreciate knowing either way.

thanks,
Pierre
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.