Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Working with Host Intrusion Prevention Clients Overview of the Linux client File Name *.so log directory Description Host Intrusion Prevention and ePO agent shared object modules Contains debug and error log files Installation history is written to /opt/McAfee/etc/hip-install.log. Refer to this file for any questions about the installation or removal process of the Host Intrusion Prevention client. Verifying the Linux client is running If the client does not appear in the ePO console, for example, check that the client is running. To do this, run this command: ps –ef | grep Hip Troubleshooting the Linux client The Linux client has no user interface for troubleshooting operation issues. It does offer a command-line troubleshooting tool, hipts, located in the opt/McAfee/hip directory. To use this tool, you must provide a Host Intrusion Prevention client password. Use the default password that ships with the client (abcde12345), or send a Client UI policy to the client with either an administrator’s password or a time-based password set with the policy, and use this password. Use the troubleshooting tool to: • Indicate the logging settings and engine status for the client. • Turn message logging on and off. • Turn engines on and off. Log on as root and run the following commands to aid in troubleshooting: Run this command... hipts status hipts logging on hipts logging off hipts message :on hipts message :off hipts message all:on hipts message all:off hipts engines :on To do this... Obtain the current status of the client indicating which type of logging is enabled, and which engines are running Turn on logging of specific messages types. Turn off logging of all message types. Logging is off by default. Display the message type indicated when logging is set to “on.” Messages include: • error • warning • debug • info • violations Hide the message type indicated when logging is set to “on.” Message error is off by default. Display all message types when logging is set to “on.” Hide all message types when logging is set to “on.” Turn on the engine indicated. Engine is on by default. Engines include: • MISC • FILES 104 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Working with Host Intrusion Prevention Clients Overview of the Linux client Run this command... hipts engines :off hipts engines all:on hipts engines all:off To do this... Turn off the engine indicated. Turn on all engines. Turn off all engines. TIP: In addition to using the troubleshooting tool, consult the HIPShield.log and HIPClient.log files in the McAfee/hip/log directory to verify operations or track issues. Stopping the Linux client You may need to stop a running client and restart it as part of troubleshooting. Task 1 To stop a client, disable IPS protection. Use one of these procedures: • Set IPS Options to Off in the ePO console and apply the policy to the client. • Run the command: hipts engines MISC:off. 2 Run the command: hipts agent off. Restarting the Linux client You may need to stop a running client and restart it as part of troubleshooting. Task 1 Run the command: hipts agent on. 2 Enable IPS protection. Use one of these procedures, depending on which you used to stop the client: • Set IPS Options to On in the ePO console and apply the policy to the client. • Run the command: hipts engines MISC:on. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 105
Page 1 and 2:
McAfee Host Intrusion Prevention 7.
Page 3 and 4:
Contents Introducing Host Intrusion
Page 5 and 6:
Contents Creating firewall rule gro
Page 7 and 8:
Introducing Host Intrusion Preventi
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Managing Your Protection Management
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Configuring IPS Policies Overview o
Page 27 and 28:
Configuring IPS Policies Working wi
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Configuring Firewall Policies The F
Page 47 and 48:
Configuring Firewall Policies Overv
Page 49 and 50:
Page 51 and 52:
Page 53 and 54: Configuring Firewall Policies Overv
Page 55 and 56: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 103: Working with Host Intrusion Prevent
Page 107 and 108: Index clients (continued) updating
Page 109 and 110: Index McAfee Default policy (contin
Page 111 and 112: Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?