friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaub_5.4.0.1/rzaubsetup.htm

91 lines
6.4 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Set up a new intrusion detection policy" />
<meta name="abstract" content="Learn how to set up an intrusion detection policy for the first time." />
<meta name="description" content="Learn how to set up an intrusion detection policy for the first time." />
<meta name="DC.Relation" scheme="URI" content="rzaubkickoff.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubconfig.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubbackup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubkeyword.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaubsetup" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Set up a new intrusion detection policy</title>
</head>
<body id="rzaubsetup"><a name="rzaubsetup"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Set up a new intrusion detection policy</h1>
<div><p>Learn how to set up an intrusion detection policy for the first
time.</p>
<div class="p">An intrusion detection (IDS) policy consists of two parts:<ul><li>An IDS condition that identifies the conditions (such as the port, protocol,
or IP address) that applies to the IDS policy.</li>
<li>An IDS action that identifies the actions to take when a condition is
met. Multiple conditions can point to the same action.</li>
</ul>
<p>The IDS policy file, <span class="filepath">idspolicy.conf</span>,
is shipped with the i5/OS™ system and stored in the <span class="filepath">/QIBM/ProdData/OS400/QOS/idspolicy.conf</span> directory.
A sample IDS policy, which is commented out, is included in this shipped file. </p>
</div>
<div class="section">Ensure that you have authority to the <span class="filepath">/QIBM/UserData/OS400/QOS/ETC/</span> directory
and the <span class="filepath">idspolicy.conf</span> file. Follow these steps to set
up your intrusion detection policy for the first time:</div>
<ol><li class="stepexpand"><span>Issue the following command to set IP QoS enablement to Yes:</span> <kbd class="userinput">CHGTCPA IPQOSENB(*YES)</kbd></li>
<li class="stepexpand"><span>Issue the WRKSYSVAL command to set the auditing system values.
Then you will see a list of system values.</span><ol type="a"><li class="substepexpand"><span>Type <kbd class="userinput">2</kbd> to display the auditing options
for the QAUDLVL system value.</span></li>
<li class="substepexpand"><span>Add <kbd class="userinput">*ATNEVT</kbd> to the list of auditing options. </span> <p>If there is no room in QAUDLVL to set *ATNEVT, be
sure that *AUDLVL2 is set in QAUDLVL, as described below. Press PF3 to exit.</p>
</li>
<li class="substepexpand"><span>Type <kbd class="userinput">2</kbd> to display the auditing options
for the QAUDLVL2 system value.</span></li>
<li class="substepexpand"><span>Add <kbd class="userinput">*ATNEVT</kbd> to the list of auditing options.
Press PF3 to exit.</span></li>
</ol>
</li>
<li class="stepexpand"><span id="rzaubsetup__v5r4rev3"><a name="rzaubsetup__v5r4rev3"><!-- --></a>To configure the IDS policy file, copy the file from <span class="filepath">/QIBM/ProdData/OS400/QOS/idspolicy.conf</span> to <span class="filepath">/QIBM/UserData/OS400/QOS/ETC/</span>.</span></li>
<li class="stepexpand"><span>Edit the IDS policy file.</span></li>
<li class="stepexpand"><span>Start the QoS server using the following command:</span> <kbd class="userinput">strtcpsvr
*qos</kbd> <p>When you start the QoS server, it looks
in the <span class="filepath">ETC</span> directory for the <span class="filepath">idspolicy.conf</span> file.
If the <span class="filepath">idspolicy.conf</span> file is not found, it is copied
from the <span class="filepath">/QIBM/ProdData/OS400/QOS/</span> directory into the <span class="filepath">/QIBM/UserData/OS400/QOS/ETC/</span> directory.</p>
</li>
<li class="stepexpand"><span>Issue the Work with Active Jobs (WRKACTJOB) command to verify that
the QoS server has started. You will see QTOQSRVR in the list of started servers.</span></li>
</ol>
<div class="section">Now your system is ready to catch suspicious events coming in through
the TCP/IP network.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzaubconfig.htm">Change the intrusion detection policy file</a></strong><br />
Learn the steps for changing your intrusion detection policy file.</li>
<li class="ulchildlink"><strong><a href="rzaubbackup.htm">Back up the intrusion detection policy file</a></strong><br />
You should back up your intrusion detection (IDS) policies to eliminate the need to re-create your policies in the event of a server outage or power loss.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaubkickoff.htm" title="Intrusion detection involves gathering information about unauthorized access attempts and attacks coming in over the TCP/IP network. Security administrators can analyze the auditing records that intrusion detection provides to secure the iSeries network from these types of attacks.">Intrusion detection</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzaubkeyword.htm" title="Most of the keywords in the IDS policy file are supported in this release, but a few of them are not supported.">Keywords in the IDS policy file</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink