Manualshelf

Host Intrusion Detection System Release 3.0 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Announcement
Known Problems, Limitations, and Fixes
Chapter 1
10
Regular expressions that contain escaped square bracket ([ or ]), or angle bracket
(< or >) characters.
Regular expressions that contain special patterns, such as <S> , <@>.
Regular expressions that contain the expression group [....], the OR operator with
the expression group [...|...], or the NOT operator with the regular expression
<![...]>.
If your text schedules contain these characters in regular expressions, you must
manually convert them to the equivalent UNIX regular expressions.
Limitation: The guiSchedConvert Schedule Migration Tool
The GUI schedules migration tool, /opt/ids/bin/guiSchedConvert, fails to migrate
when the 2.x schedule file has properties with <S> or <@> in their regular expressions.
If your GUI schedules contain these characters in regular expressions, you must
manually convert them to use the UNIX regular expression equivalent.
Limitation: Idsadmin Does Not Automatically Overwrite Existing Schedule
Idsadmin [-f ascii_schedule] option does not automatically overwrite existing
schedule. Stop and remove the existing schedule (if there is one), and then start a new
schedule using the -f option.
Limitation : System Manager with Java 1.4.x
The System Manager does not work properly with Java 1.4.x. There are no known
problems running the System Manager with JDK 1.3.1. Please use the latest available
version of JDK 1.3.1.
Limitation: Granularity of sulog entries
You should specify a multiple of sixty seconds in the fail_interval template property
of the Repeated Failed Su Commands template because sulog entries are time stamped
with a granularity of minutes and not seconds.
Limitation: Time units can not be specified for template properties in Schedule
Manager
In the Schedule Manager’s template property editing windows, you can not specify time
units (i.e., s=seconds, m=minutes,d=days,w=weeks) for template property time values.
Because the default time unit is seconds, all time related template properties will be
interpreted as being in seconds.
Fixes and Enhancements in Release 3.0
Release 3.0 corrects defects and includes enhancements in the following areas:
Fixes: Significant Reduction in CPU Consumption by Idscor and Better
Performance Throughput
HIDS now provides reduced CPU consumption by Idscor and better performance
throughput.