1 Reply Latest reply on Feb 9, 2017 8:43 AM by Kary Tankink

    Stop HIPS Linux from editing /etc/httpd/httpd.conf?


      Is it possible to stop HIPS Linux from editing /etc/httpd/httpd.conf?  We use puppet and right now the two are fighting to control httpd.conf and we are as Ops people are losing because httpd is being restarted frequently.


      Also see:

      HIPS Linux Package Improvements


      I originally started writing this question and realized I had a lot to say about the RPMs so I decided to split the topics.



        • 1. Re: Stop HIPS Linux from editing /etc/httpd/httpd.conf?
          Kary Tankink

          Try disabling the HTTP engine within HIPS; it should unhook HIPS from Apache (as well as its protection though).


          Logging is ON

            Message types logged (when Logging is ON):

              ERROR       ON

              WARNING     ON

              DEBUG       ON

              INFO        ON

              VIOLATIONS  ON




             MISC   ON

             FILES  ON

             HTTP   ON



          Host Intrusion Prevention  Version  Content Version

          Installed:  Wed Feb  8 10:52:53 2017

          Perpetual License.  Expires:  never



          [root]# /opt/McAfee/hip/hipts


             hipts status

                prints status of logging and engines



             hipts agent {on|off}

                turns the HIP service on or off



             hipts logging {on|off}

                turns all logging completely off, or enables message types

                     selected with the 'message' keyword



             hipts message all:{on|off}

                collectively turns all message types on or off



             hipts message <type>:{on|off} [<type>:{on|off} ...]

                selectively enables/disables message types



             hipts engines all:{on|off}

                collectively turns all engines on or off



             hipts engines <engine-name>:{on|off} [<engine-name>:{on|off}...]

                disables/enables specific engines