HIDS 3.1 Sizing and Tuning Primer

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Contents

1.1 PRODUCT IDENTIFICATION ............................................................................................... 4

1.2 PURPOSE OF DOCUMENT .................................................................................................. 4

1.2 I

NTENDED AUDIENCE....................................................................................................... 4

1.3 G

LOSSARY ....................................................................................................................... 4

2.0 OVERVIEW...................................................................................................................... 5

2.1 PRODUCT OVERVIEW ....................................................................................................... 5

2.2 HP-UX HIDS DEPLOYMENTS ......................................................................................... 5

2.3 SIZING AND TUNING OVERVIEW ...................................................................................... 5

3.0 SIZING AND TUNING RECOMMENDATIONS ........................................................ 6

3.1 S

IZING GUIDELINES ......................................................................................................... 6

3.1.1 Single vs. Multi-Processor....................................................................................... 6

3.1.2 Number of CPUs ...................................................................................................... 6

3.1.3 Memory ....................................................................................................................6

3.1.4 Disk Capacity........................................................................................................... 7

3.2 TUNING CONSIDERATIONS ............................................................................................... 7

3.2.1 Product Tuning ........................................................................................................ 7

3.2.1.1 Tuning the Surveillance Schedules................................................................... 7

3.2.1.1.1 Background................................................................................................ 7

3.2.1.1.2 Avoid duplicate copies of a template......................................................... 7

3.2.1.1.3 Avoid duplicate groups with overlapping functionality ............................ 7

3.2.1.1.4 Race Condition Template .......................................................................... 8

3.2.1.2 Tuning Process Priority..................................................................................... 8

3.2.1.3 Tuning the HIDS System Manager (GUI)........................................................ 8

3.2.2 Kernel Tuning .......................................................................................................... 8

3.2.2.1 Tuning the Kernel Audit System (IDDS) ......................................................... 8

3.2.2.1.1 System performance over security............................................................. 9

3.2.2.1.2 Security over system performance............................................................. 9

3.2.2.1.3 How to change from non-blocking to blocking mode ............................... 9

3.2.2.2 Kernel Tunables................................................................................................ 9

3.2.2.2.1 enable_idds ......................................................................................... 9

3.2.2.2.2 max_thread_proc................................................................................ 9

3.2.2.2.3 tcp_conn_request_max.................................................................... 9

3.2.2.2.4 secure_sid_scripts ........................................................................ 9

3.2.2.2.5 executable_stack ........................................................................... 10

3.2.2.2.6 maxdsiz................................................................................................. 10

3.2.2.3 Swap................................................................................................................ 10

4.0 REFERENCE DOCUMENTS/ WEB SITES ............................................................... 11

APPENDIX A – CPU CONSUMPTION ............................................................................ 12

CPU Consumption on PA Processors

........................................................................... 13

CPU Consumption on Itanium Processors

................................................................... 15

APPENDIX B – RESIDENT MEMORY CONSUMPTION ............................................ 17

Memory Consumption on PA Processors ..................................................................... 17

Memory Consumption on Itanium Processors ............................................................. 19

HP Company Internal Page 3 of 20