Backing up the intrusion detection policy file

Back up your intrusion detection policies so that you can restore them if the system has to be scratch installed or if you want to move those policy definitions to another system.

Your intrusion detection policies can be stored locally or exported to a directory server. Back up the idspolicy.conf file in the /QIBM/UserData/OS400/QOS/ETC directory.

To ensure that you can easily replace lost IDS policies, follow these steps:

  1. Ensure that you have a backup and recovery strategy in place.
  2. Decide whether to back up the IDS policies as part of a full-system backup or with other integrated file system files.

Consider maintaining two sets of IDS policies, one set for normal working hours and another set for night hours. For example, the traffic regulation policy for normal working hours would allow a large number of connections, but the policy for night hours would allow just a few connections. Store one set of policies in the ETC directory and the other set in some other directory. Then you can write a CL program that swaps the set of policies at the end of each day, and restarts IDS so that those policies take effect.