Manualshelf

Host Intrusion Detection System Release 3.1 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Announcement
Known Problems, Limitations, and Fixes
18
Limitations
Predefined Schedules and Groups are not Clearly Marked
The predefined (read-only) surveillance schedules and groups are not well distinguished in
the System Manager screens. You are allowed to modify them for the purpose of creating a
new schedule, but you cannot save the modified schedule or group over the original predefined
schedule or group. The program does not notify you that a predefined group was not saved
when you click the Save button on the Schedule Manager screen.
Agents and Kernel Parameters
The administration System Manager can monitor up to 23 agent systems unless you make
kernel parameter changes, as described in Chapter 2, “Configuration,” in the HP-UX Host
Intrusion Detection System Administrator’s Guide.
Dropped Kernel Audit Records
Depending on the system profile and product configuration, and under heavy loads, HP-UX
HIDS can drop kernel audit records and therefore miss potential intrusions. The IDDS_MODE
configuration parameter for the kernel dsp in the ids.cf configuration file only controls
whether the kernel auditing subsystem (IDDS) either blocks or drops audit records under
heavy loads. Currently, the user space component of HP-UX HIDS (idskerndsp), which
collects audit data from IDDS, cannot be configured to either block or drop audit records
under heavy loads. Instead, the product displays a notice in the Network Browser error panel
that audit records are being dropped. The kernel dsp parameters, DROP_NOTIFY_INTERVAL
and LOW_WATERMARK, control the frequency that reminder notices are sent and the point at
which a notice is sent that audit records are no longer being dropped, respectively. See
Appendix D, “The Agent Configuration File,” in the HP-UX Host Intrusion Detection System
Administrator’s Guide for more details.
Idsadmin does not Automatically Overwrite Existing Schedule
The Idsadmin -f ascii_schedule option does not automatically overwrite existing schedule.
Stop and remove the existing schedule (if there is one), and then start a new schedule using
the -f option.
System Manager with Java 1.4.x
The System Manager does not work properly with Java 1.4.x. There are no known problems
running the System Manager with JDK 1.3.1. Please use the latest available version of JDK
1.3.1.