Editing the intrusion detection policy file

 

Follow these steps to edit your intrusion detection policy file.

1. Stop the QoS server using the following command: endtcpsvr *qos

2. Edit the IDS policy file in the /QIBM/UserData/OS400/QOS/ETC/ directory.

3. Start the QoS server using the following command: strtcpsvr *qos

4. Issue the Work with Active Jobs (WRKACTJOB) command to verify that the QoS server has started. You will see QTOQSRVR in the list of started servers.

• Example: Traffic regulation policy
  This example traffic regulation policy traces suspicious traffic across the network, such as an unusually high rate of TCP connections.

• Example: Restricted IP options policy
  This example is of an IDS attack-type policy that targets restricted IP options in the range of 200 to 205.

• Example: Perpetual echo policy
  This example is of an IDS attack-type policy that targets perpetual echoes on local port 7 and remote port 7.

• Example: Intrusion detection scan policy
  This example shows a scan policy that uses a stand-alone condition and action.

• Overview: Intrusion detection policy directives
  Most of the directives in the intrusion detection policy file are supported in this release, but a few of them are not supported.

• Details: Intrusion detection policy directives
  This table provides detailed information about the intrusion types and intrusion detection policy directives.

 

Parent topic:

Setting up an intrusion detection policy

Related tasks
Setting up an intrusion detection policy