Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Working with <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> Clients<br />
Overview of the Linux client<br />
File Name<br />
*.so<br />
log directory<br />
Description<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> and <strong>ePO</strong> agent shared object modules<br />
Contains debug and error log files<br />
Installation history is written to /opt/<strong>McAfee</strong>/etc/hip-install.log. Refer to this file <strong>for</strong> any questions<br />
about the installation or removal process of the <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> client.<br />
Verifying the Linux client is running<br />
If the client does not appear in the <strong>ePO</strong> console, <strong>for</strong> example, check that the client is running.<br />
To do this, run this command:<br />
ps –ef | grep Hip<br />
Troubleshooting the Linux client<br />
The Linux client has no user interface <strong>for</strong> troubleshooting operation issues. It does offer a<br />
command-line troubleshooting tool, hipts, located in the opt/<strong>McAfee</strong>/hip directory. To use this<br />
tool, you must provide a <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> client password. Use the default password<br />
that ships with the client (abcde12345), or send a Client UI policy to the client with either an<br />
administrator’s password or a time-based password set with the policy, and use this password.<br />
Use the troubleshooting tool to:<br />
• Indicate the logging settings and engine status <strong>for</strong> the client.<br />
• Turn message logging on and off.<br />
• Turn engines on and off.<br />
Log on as root and run the following commands to aid in troubleshooting:<br />
Run this command...<br />
hipts status<br />
hipts logging on<br />
hipts logging off<br />
hipts message :on<br />
hipts message :off<br />
hipts message all:on<br />
hipts message all:off<br />
hipts engines :on<br />
To do this...<br />
Obtain the current status of the client indicating which type of<br />
logging is enabled, and which engines are running<br />
Turn on logging of specific messages types.<br />
Turn off logging of all message types. Logging is off by default.<br />
Display the message type indicated when logging is set to “on.”<br />
Messages include:<br />
• error<br />
• warning<br />
• debug<br />
• info<br />
• violations<br />
Hide the message type indicated when logging is set to “on.”<br />
Message error is off by default.<br />
Display all message types when logging is set to “on.”<br />
Hide all message types when logging is set to “on.”<br />
Turn on the engine indicated. Engine is on by default. Engines<br />
include:<br />
• MISC<br />
• FILES<br />
104<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>