McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual page 99

Working with Host Intrusion Prevention Clients
Overview of the Linux client
To...
Turn off the engine indicated.
Turn on all engines.
Turn off all engines.
TIP: In addition to using the troubleshooting tool, consult the HIPShield.log and HIPClient.log
files in the McAfee/hip/log directory to verify operations or track issues.
Verifying Linux installation files
After an installation, check to see that all the files were installed in the appropriate directory
on the client. The
File Name
HipClient; HipClient-bin
HipClientPolicy.xml
hipts; hipts-bin
*.so
log directory
Installation history is written to
about the installation or removal process of the Host Intrusion Prevention client.
Verifying the Linux client is running
If the client does not appear in the ePO console, for example, check that the client is running.
To do this, run this command:
ps –ef | grep Hip
Stopping the Linux client
You might need to stop a running client and restart it as part of troubleshooting.
Task
1 To stop a client, disable IPS protection. Use one of these procedures:
• Set IPS Options to Off in the ePO console and apply the policy to the client.
• Run the command:
2 Run the command:
Restarting the Linux client
You might need to stop a running client and restart it as part of troubleshooting.
Task
1 Run the command:
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
directory should contain these essential files and directories:
opt/McAfee/hip
Description
Linux client
Policy rules
Troubleshooting tool
Host Intrusion Prevention and McAfee Agent shared object modules
Contains debug and error log files
/opt/McAfee/etc/hip-install.log
hipts engines MISC:off
hipts agent off
hipts agent on.
Run...
hipts engines <engine name>:off
hipts engines all:on
hipts engines all:off
. Refer to this file for any questions
99