Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Solaris client<br />
Solaris client issues<br />
After the Solaris client is installed and started, it protects its host. However, you may need to<br />
troubleshoot installation or operation issues.<br />
Client installation issues<br />
If a problem was caused while installing or uninstalling the client, there are several things to<br />
investigate. These can include ensuring that all required files were installed in the correct<br />
directory, uninstalling and then reinstalling the client, and checking process logs.<br />
Client operations issues<br />
The Solaris client has no user interface to troubleshoot operation issues. It does offer a<br />
command-line troubleshooting tool, hipts, located in the /opt/<strong>McAfee</strong>/hip directory. To use this<br />
tool, you must provide a <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> client password. Use the default password<br />
that ships with the client (abcde12345), or send a Client UI policy to the client with either an<br />
administrator’s password or a time-based password set with the policy, and use this password.<br />
Verifying Solaris installation files<br />
After an installation, check that all the files were installed in the appropriate directory on the<br />
client. The /opt/<strong>McAfee</strong>/hip directory should contain these essential files and directories:<br />
File/Directory Name<br />
HipClient; HipClient-bin<br />
HipClientPolicy.xml<br />
hipts; hipts-bin<br />
*.so<br />
log directory<br />
Description<br />
Solaris client<br />
Policy rules<br />
Troubleshooting tool<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> and <strong>ePO</strong> agent shared object modules<br />
Contains debug and error log files<br />
Installation history is written to /opt/<strong>McAfee</strong>/etc/hip-install.log. Refer to this file <strong>for</strong> any questions<br />
about the installation or removal process of the <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> client.<br />
Verifying the Solaris client is running<br />
The client might be installed correctly, but you might encounter problems with its operation. If<br />
the client does not appear in the <strong>ePO</strong> console, <strong>for</strong> example, check that it is running, using either<br />
of these commands:<br />
• /etc/rc2.d/S99hip status<br />
• ps –ef | grep Hip.<br />
Troubleshooting the Solaris client<br />
The Solaris client has no user interface to troubleshoot operation issues. It does offer a<br />
command-line troubleshooting tool, hipts, located in the /opt/<strong>McAfee</strong>/hip directory. To use this<br />
tool, you must provide a <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> client password. Use the default password<br />
100<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>