Editing the intrusion detection policy file
Follow these steps to edit your intrusion detection policy file.
- Stop the QoS server using the following command: endtcpsvr *qos
- Edit the IDS policy file in the /QIBM/UserData/OS400/QOS/ETC/ directory.
- Start the QoS server using the following command: strtcpsvr *qos
- Issue the Work with Active Jobs (WRKACTJOB) command to verify that the QoS server has started. You will see QTOQSRVR in the list of started servers.
- Example: Traffic regulation policy
This example traffic regulation policy traces suspicious traffic across the network, such as an unusually high rate of TCP connections.- Example: Restricted IP options policy
This example is of an IDS attack-type policy that targets restricted IP options in the range of 200 to 205.- Example: Perpetual echo policy
This example is of an IDS attack-type policy that targets perpetual echoes on local port 7 and remote port 7.- Example: Intrusion detection scan policy
This example shows a scan policy that uses a stand-alone condition and action.- Overview: Intrusion detection policy directives
Most of the directives in the intrusion detection policy file are supported in this release, but a few of them are not supported.- Details: Intrusion detection policy directives
This table provides detailed information about the intrusion types and intrusion detection policy directives.
Parent topic:
Setting up an intrusion detection policyRelated tasks
Setting up an intrusion detection policy