Manualshelf

Host Intrusion Detection System Release 3.1 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Announcement
Known Problems, Limitations, and Fixes
19
Granularity of sulog Entries
You should specify a multiple of 60 seconds in the fail_interval template property of the
Repeated Failed su Commands template because sulog entries are time stamped with a
granularity of minutes and not seconds.
Time Units Cannot be Specified for Template Properties in Schedule Manager
In the Schedule Manager’s template property editing windows, you can not specify time unit
(For example, s=seconds, m=minutes,d=days,w=weeks) for template property time values.
Some time related template properties are interpreted as being in seconds (example, the
fail_interval and warning_interval properties for the Repeated Failed Logins template), while
other properties are interpreted as being in minutes (example, the fail_interval property for
the Repeated Failed su commands template).
Erroneous Messages in Error Log File
A customer running HP-UX HIDS Release 3.0 might occassionally see an error message in
/var/opt/ids/error.log of the type: destroying template_mutex for template Type X.
This error message can be safely ignored.
Fixes and Enhancements in Release 3.1
Release 3.1 corrects defects and includes enhancements in the following areas:
idscor Terminating Abnormally
A number of defects which result in the abnormal termination of idscor process have been
fixed.
Incomplete Process Related Information in Alerts Under Heavy Load
Under heavy load, many alerts that report process related information can report ‘unknown’
process name for the process which triggered an alert. A number of fixes have been introduced
to minimize the occurance of ‘unknown’ process name in alert text; please note that there is
still a distinct (though greatly reduced) possibility for HIDS not to be able to obtain a process
name and report the offending process name as ‘unknown’.
Migration Tools does not Work in All Cases
The migration tools /opt/ids/bin/adminSchedConvert and
/opt/ids/bin/guiSchedConvert failed to do the conversion when some special characters
were used in the schedule files. This problem is fixed in the current release so that the
migration tools can convert the special characters successfully.