Did you use RSA or Certicom Encryption? Which one is Provider0? In my experience, crypt.policy needs to list RSA encryption first and the Event Colllector and (for some bizarre reason) the Fusion Module also need to support RSA. The constraint comes in with Fusion, as it ONLY supports RSA, and while this theoretically is not an issue, it practice it actually is should your HPUX server sensor be using Certicom as the main encryption provider. I dont care to discover why this is an issue, it just is, and this is my fix:
Crypt.policy can be maintained rather easiliy without a reinstall, simply /sbin/init.d/realsecure stop vi /opt/ISS/issDaemon/crypt.policy (make RSA 1536 Provider0 using appropriate cut and paste techniques, remembering that the providers must be in numerical order) /sbin/init.d/realsecure start BTW Are you using clustering or Fibre Gigabit NICs? Stephen >>> Nick Brandson <[EMAIL PROTECTED]> Thursday 25, March, 2004 11:54:15 >>> Dear guru, I'm new to ISS product, we have SS installed on HP-UX and siteprotector. However, i've seen the status of sensor is offlined. The authentication key is sucessfull. Is there something missing from the configuration? thanks Nick __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. Disclaimer This e-mail message shall not be construed as legally binding on the Bank for International Settlements (BIS). As internet communications are not secure, the BIS does not accept responsibility for the content of this message. This message is intended only for the recipient(s) named above. Any unauthorized disclosure, use or dissemination, either in whole or in part, of this message is prohibited. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message and any attachments thereto from your system. Thank you for your co-operation. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
