Manualshelf

Host Intrusion Detection System Release 3.0 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
Announcement
New and Changed Features
Chapter 1
2
New and Changed Features
HP-UX HIDS Release 3.0 runs on HP-UX 11i v2, 11i v1.6, and 11i v1. It is available in
the installation bundles for HP-UX 11i v2, in the Operating Environment bundles for
HP-UX 11i v1, in the Application Releases, and from the HP Software Depot. In this
document, “11i” unqualified encompasses all the supported 11i versions.
What’s New in Release 3.0
Significant reduction in CPU consumption and better performance throughput by
the HIDS idscor correlator process.
Template consolidation and property changes. Prior to this version the "Monitor
Logins/Logouts" template and the "Monitor Start of Interactive Sessions" template
has provided overlapping functionality. The overlapping facility has been rectified
and the two templates have been consolidated into one template called Monitoring
Logins/Logouts.
A number of new template properties to allow better filtering of unwanted alerts.
Further fine tuning of default template settings for "out of the box" configurations to
reduce the alert volume generated.
A supported command-line interface tool (idsadmin) for end users who wish to
automate their HIDS deployment and management processes.
More descriptive alerts to assist in developing more comprehensive filtering within
template properties.
New conversion utilities to migrate v2.x customizations to the new v3.0 template
format to preserve existing deployment efforts.
Use of OpenSSL for securing agent-admin communication. As a result, HIDS has a
new dependency on the OpenSSL product available in HP-UX OEs (as well as at
http://software.hp.com). The main benefit is that any SSL-related vulnerability fixes
can be made readily available to HIDS customers without the need for a new release
of HIDS.
The HPUX HIDS bundle has been split into two products (IDS and IDS-KERN) to
reduce the likelihood of a system reboot for future HIDS updates.
Compatibility with Previous Releases
HP-UX HIDS software Release 3.0 is not backward compatible with Release 2.0, 2.1, 2.2
(collectively referred to as 2.x henceforth) and 1.0. Specifically, HIDS Release 3.0 agents
and GUI cannot communicate with 2.x and 1.0 GUI and agents. This means that 2.x and
1.0 agents cannot be managed by the 3.0 system manager GUI, and vice versa. Release
2.x communication keys and certificates are recognized and valid in Release 3.0 and new
keys and certificates need not be generated after migrating to Release 3.0.
The templates in v3.0 differ significantly from v2.x. In order to use existing V2.x
schedules, you must use the guiSchedConvert migration tool (see “The
guiSchedConvert Migration Tool” on page 30) to convert schedule files used by the