Host Intrusion Detection System Release 3.1 Release Notes
Announcement
Known Problems, Limitations, and Fixes
20
Default Property Values Need to be Changed
The default properties for some of the templates are not valid. So the default properties have
been changed in the current release.
BO Template does not Display Pathname that Executed on Stack
When a stack buffer overflow event is produced by the kernel, it does not contain the given or
derived name of the executable that attempted to execute on its stack. As a result, the
corresponding IDS alert does not contain a valid pathname and the
pathnames_to_not_watch template property cannot be used to filter out alerts. This
problem is fixed in the current release.
Incorrect Severity Level for setuid Template for mknod()
When a regular file is created as a setuid file using mknod(), the setuid template creates a
medium severity alert (3) instead of a critical severity alert (1), as documented in the HP-UX
Release 3.1 Administrator’s Guide. This problem is fixed in the current release.
Crontab Entries Created for "Always On" Schedule
Crontab entries for Always On schedule contained an error which resulted in the schedule not
running for one-minute period during the week. This error has been fixed in the current
release.
idscor does not Close Open File Descriptors Inherited from idsagent
If idsagent is started when idscor is already running ,idsagent will not start; instead an
error message will be displayed. This problem is fixed in the current release and hence
idsagent will be started successfully even if idscor is already running.
Setuid Template Monitors Modification of Privileged Setuid Files
In previous releases, the Creation of Setuid Files template monitors only the creation
of privileged setuid files. In the current release, this template also monitors the truncation of
privileged setuid files and the opening of privileged setuid files for modification.