Manualshelf

HP-UX Host Intrusion Detection System Release 4.0 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
original predefined schedule or group. The program does not notify you that a
predefined group was not saved when you click the Save button on the Schedule
Manager screen.
Agents and Kernel Parameters
The administration System Manager can monitor up to 23 agent systems unless you
make kernel parameter changes, as described in Chapter 2, “Configuring HP-UX HIDS,”
in the Host Intrusion Detection System Administrator’s Guide.
Dropped Kernel Audit Records
Depending on the system profile and product configuration, and under heavy loads,
HIDS can drop kernel audit records and therefore miss potential intrusions. The
IDDS_MODE configuration parameter for the kernel dsp in the ids.cf configuration
file only controls whether the kernel auditing subsystem (IDDS) either blocks or drops
audit records under heavy loads. Currently, the user space component of HP-UX HIDS
(idskerndsp), which collects audit data from IDDS, cannot be configured to either
block or drop audit records under heavy loads. Instead, the product displays a notice
in the Network Browser error panel that audit records are being dropped. The kernel
dsp parameters, DROP_NOTIFY_INTERVAL and LOW_WATERMARK, control the frequency
that reminder notices are sent and the point at which a notice is sent when audit records
are no longer being dropped, respectively. For more information see Appendix E, “The
Agent Configuration File,” in the Host Intrusion Detection System Administrator’s Guide.
idsadmin does not Automatically Overwrite Existing Schedule
The idsadmin -f ascii_schedule option does not automatically overwrite the
existing schedule. Stop and remove the existing schedule (if there is one), and then
start a new schedule using the -f option.
System Manager with Java 1.4.x
The System Manager does not work with Java 1.4.x. Use the latest available version,
J2SE 5.0.
Time Units Cannot be Specified for Template Properties in Schedule Manager
In the Schedule Managers template property editing windows, you can not specify
time unit (For example, s = seconds, m = minutes, d = days, w = weeks) for template
property time values. Some time-related template properties are interpreted as being
in seconds (example, the fail_interval and warning_interval properties for
the Repeated Failed Logins template), while other properties are interpreted as being
in minutes (for example, the fail_interval property for the Repeated Failed su
commands template).
16 Announcement