Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Solaris client<br />
that ships with the client (abcde12345), or send a Client UI policy to the client with either an<br />
administrator’s password or a time-based password set with the policy, and use this password.<br />
Use the troubleshooting tool to:<br />
• Indicate the logging settings and engine status <strong>for</strong> the client.<br />
• Turn message logging on and off.<br />
• Turn engines on and off.<br />
Log on as root and run the following commands to aid in troubleshooting:<br />
Run this command...<br />
hipts status<br />
hipts logging on<br />
hipts logging off<br />
hipts message :on<br />
hipts message :off<br />
hipts message all:on<br />
hipts message all:off<br />
hipts engines :on<br />
hipts engines :off<br />
hipts engines all:on<br />
hipts engines all:off<br />
To do this...<br />
Obtain the current status of the client indicating which type of<br />
logging is enabled, and which engines are running.<br />
Turn on logging of specific messages types.<br />
Turn off logging of all message types. Logging is off by default.<br />
Display the message type indicated when logging is set to “on.”<br />
Messages include:<br />
• error<br />
• warning<br />
• debug<br />
• info<br />
• violations<br />
Hide the message type indicated when logging is set to “on.”<br />
Message error is off by default.<br />
Display all message types when logging is set to “on.”<br />
Hide all message types when logging is set to “on.”<br />
Turn on the engine indicated. Engine is on by default. Engines<br />
include:<br />
• MISC<br />
• FILES<br />
• GUID<br />
• MMAP<br />
• BO<br />
• ENV<br />
• HTTP<br />
Turn off the engine indicated.<br />
Turn on all engines.<br />
Turn off all engines.<br />
TIP: In addition to using the troubleshooting tool, consult the HIPShield.log and HIPClient.log<br />
files in the /opt/<strong>McAfee</strong>/hip/log directory to verify operations or track issues.<br />
Stopping the Solaris client<br />
You may need to stop a running client and restart it as part of troubleshooting.<br />
Task<br />
1 To stop a running client, first disable IPS protection. Use one of these procedures:<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
101