Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Configuring a System
Reconfiguring the Kernel (HP-UX 11i Version 2)
Chapter 3 369
The manual for “Prophet” tells Susan to set the maxdsiz tunable to at
least 0.5 TB, to set the semmni tunable to 3000, and to add 50 to
whatever value she’s using for shmmni. Being a security-minded system
administrator, she knows she also wants to turn on the Intrusion
Detection System by setting the enable_idds tunable. Susan starts by
looking at the current values of these tunables, and the descriptions of
the ones she’s unfamiliar with.
# kctune enable_idds maxdsiz
Tunable Value Expression Changes
enable_idds 0 Default
maxdsiz 0x40000000 Default Immed
# kctune -d semmni shmmni
Tunable Value Expression Changes
Description
semmni 2048 Default
Maximum number of semaphore sets on the system
shmmni 400 Default Immed
Maximum number of shared memory segments on the system
Having done that, she sets the values as directed. She sets them all on
the same command line so that they will all take effect at the same time.
Since two of the changes cannot be made immediately, all of the changes
are held for next boot.
# kctune -C "Tunable settings for Prophet" "enable_idds=1" \
> "maxdsiz>=512000000" "semmni=3000" "shmmni+=50"
WARNING: The requested changes cannot be made to the running system.
They will be held until next boot.
* The automatic 'backup' configuration has been updated.
NOTE: No change to 'maxdsiz' was needed.
* The requested changes have been saved, and will take effect at
next boot.
Tunable Value Expression Changes
enable_idds (now) 0 Default
(next boot) 1 1
maxdsiz 0x40000000 Default Immed
semmni (now) 2048 Default
(next boot) 3000 3000
shmmni (now) 400 400 Immed
(next boot) 450 450
To use the Intrusion Detection System, Susan knows she needs to have
the idds module in her kernel configuration. She checks and sees that it
is currently unused, so she adds it to her configuration.