McAfee HISCDE-AB-IA Product Guide - Page 96

Working with Host Intrusion Prevention Clients Overview of the Solaris client To... • BO • HTTP Run... Turn off the engine indicated. Turn on all engines. Turn off all engines. hipts engines :off hipts engines all:on hipts engines all:off TIP: In addition to using the troubleshooting tool, consult the HIPShield.log and HIPClient.log files in the /opt/McAfee/hip/log directory to verify operations or track issues. Verifying Solaris installation files After an installation, check that all the files were installed in the appropriate directory on the client. The /opt/McAfee/hip directory should contain these essential files and directories: File/Directory Name HipClient; HipClient-bin HipClientPolicy.xml hipts; hipts-bin *.so log directory Description Solaris client Policy rules Troubleshooting tool Host Intrusion Prevention and McAfee Agent shared object modules Contains debug and error log files Installation history is written to /opt/McAfee/etc/hip-install.log. Refer to this file for any questions about the installation or removal process of the Host Intrusion Prevention client. Verifying the Solaris client is running The client might be installed correctly, but you might encounter problems with its operation. If the client does not appear in the ePO console, for example, check that it is running, using either of these commands: • /etc/rc2.d/S99hip status • ps -ef | grep Hip Stopping the Solaris client You might need to stop a running client and restart it as part of troubleshooting. Task 1 To stop a running client, first disable IPS protection. Use one of these procedures: • Set IPS Options to Off in the ePO console and apply the policy to the client. • Logged in at root, run the command: hipts engines MISC:off 2 Run the command: /sbin/rc2.d/S99hip stop Restarting the Solaris client You might need to stop a running client and restart it as part of troubleshooting. 96 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5