Contact Us Contact Us

HP-UX Auditing System Extensions

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications
Installation

Prerequisites

HP-UX Auditing System Extensions requires approximately 28 MB of disk space and has the following software requirements:

o HP-UX 11i v3 for HPE 9000 and HPE Integrity servers

o HP-UX Host Intrusion Detection System (HIDS) version F.04.02 or later if HPUX-HIDS is installed on your system

o HP-UX Secure Shell versionA.05.10.047 or later if SecureShell is installed on your system

o WU-FTPD version C.2.6.1.4.0 or later if HPUX-FTPServer is installed on your system

Installing HP-UX Auditing System Extensions

To install HP-UX Auditing System Extensions on your HP-UX 11i v3 system, use the following procedure:

1.     Log in to your system as a root user.

2.     Download the HP-UX Auditing System Extensions depot file and move it to the /tmp directory.

3.     The HP-UX Auditing System Extensions bundle does not require the installation of HPUX-HIDS, SecureShell, or HPUX-FTPServer. But if earlier versions of these products exist on your system, you must update them before you can install the AuditExt bundle. To verify if these products are on your system, use the following command:

# swlist -l product HPUX-FTPServer HPUX-HIDS SecureShell

These products are available free of charge from Software Depot:

o WU-FTPD 2.6.1 Special Release

o HP-UX Host Intrusion Detection System (HIDS) Version 4.2

o HP-UX Secure Shell

4.     Verify that the depot file is on your system using the following command:

# swlist -s /tmp/<AuditExt-depotname>.depot

5.     Preview the installation to verify that the HP-UX Auditing System Extensions will install correctly:

# swinstall -p -s /tmp/<AuditExt-depotname>.depot \*

NOTE: HP-UX Auditing System must be halted by running audsys -f before installing the bundle. Otherwise, the swinstall command will fail with the following error message when attempting to install the AudReport product:

ERROR: Auditing is currently enabled on the system. Please stop auditing before installing this product.

NOTE: If installing on a system with HP-UX Host Intrusion Detection System (HIDS) installed, the HIDS agent must be halted by running kill --TERM ''cat /var/opt/ids/idsagent.pid' before installing the bundle. Otherwise, the swinstall command will fail with the following error message when attempting to install the AudReport product:

ERROR: The HIDS agent is currently running on the system. Please stop HIDS before installing this product.

6.     Install the bundle using the following command:

# swinstall -x autoreboot=true -s /tmp/<AuditExt-depotname>.depot \*

The swinstall command displays an error message if the installation fails. If the installation fails, check the /var/opt/adm/sw/swagent.log file for more information.

NOTE: You need to reboot your system to install HP-UX Auditing System Extensions.

7.     Use the swverify AuditExt command to verify the installation. If HP-UX Auditing System Extensions installed correctly on the system, the swverify command will include the following text in the data it reports:

*Verification succeeded

8.     If HP-UX Auditing System was halted in step 5, restart HP-UX Auditing System using the audsys -n command. If the restart fails with the error "failed to match audit trail version; specify different audit trail" then the newly installed AudReport product has configured HP-UX Auditing System to generate audit records using a newer audit trail. HP-UX Auditing System must be restarted to write to a different audit trail pathname in order to write audit records in this new format. For example:

# audsys -n -c /var/.audit/my_newtrail -s 1000

If the HIDS agent was halted in step 5, the agent might need to be restarted.

Removing (un-installing) HP-UX Auditing System Extensions

To remove (un-install) HP-UX Auditing System Extensions on your HP-UX 11i v3 system, use the following procedure:

1.     Log in to your system as a root user.

2.     Remove HP-UX Auditing System Extensions using the following command:

# swremove -x autoreboot=true AuditExt

NOTE: You need to reboot your system to remove HP-UX Auditing System Extensions from your system.

NOTE: HP-UX Auditing System must be halted by running audsys -f before removing the bundle. Otherwise, the swremove command will fail with the following error message when attempting to remove the AudReport product:

ERROR: Auditing is currently enabled on the system. Please stop auditing before removing this product.

NOTE: If removing on a system with HP-UX Host Intrusion Detection System (HIDS) installed, the HIDS agent must be halted by running kill --TERM ''cat /var/opt/ids/idsagent.pid' before removing the bundle. Otherwise, the swremove command will fail with the following error message when attempting to remove the AudReport product:

ERROR: HIDS agent is currently running on the system. Please stop it before removing this product.

3.     Use the swlist AuditExt command to verify that HP-UX Auditing System Extensions B.11.31.04 was removed from the system.

 

Installation Overview
Select