Manualshelf

HP-UX Host Intrusion Detection System Release 4.0 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Release 4.0 Schedules that Contain Username Template Values Cannot be run by Release 3.x
Agents
Starting with v4.0, both user names and user IDs can be specified for template properties
to specify users. For example, users_to_ignore, users_to_monitor,
priv_user_list, user_pairs_to_ignore supports both user name and user ID
values. HIDS v3.x supports only user IDs, therefore v4.0 schedules that contain user
name template values cannot be run by v3.x agents. The v4.0 schedules must specify
only user IDs if they are to be used both by v3.x and v4.0 agents.
Error Log File Rotation
When you rotate an agent’s error log file (default location is
/var/opt/ids/error.log), the idsagent process must be restarted by sending it a
HUP signal in order for all new errors to appear in a newly created error log file.
HIDS SPI Cannot Receive Alerts From a Managed IA Node
When an Itanium-based (Itanium IA64) system is configured to run an HIDS agent
that forwards alerts to the HIDS OVO SPI, alerts are not displayed on the OVO console.
The HIDS response program on the agent system that forwards alerts to OVO
(ids_vpoalert) is a PA-RISC binary, and PA-RISC OVO shared libraries used by the
ids_vpoalert binary are not available on Itanium-based systems. For more
information, look-up the SR number 8606435489 at: http://www.chart.hp.com
NOTE: To fix this limitation, contact HP support.
Large Aggregated Alerts are not Displayed on OVO Console by HIDS SPI
If the aggregation feature is enabled on an HIDS agent and the aggregated alert size is
greater than or equal to 2 KB, the HIDS agent cannot forward the alert to the OVO
server. As a result, large aggregated alerts are not displayed on the OVO console. For
more information, look-up the SR number 8606435491 at:
http://www.chart.hp.com.Contact HP support to fix this limitation.
Fixes and Enhancements in Release 4.0
Release 4.0 corrects defects and includes enhancements in the following areas:
idsagent Memory leak when Alerts sent to Response Programs
The memory usage of idsagent grows when the idsagent process sends alerts to the
response program (in /opt/ids/response directory). This problem is fixed in the
current release.
Known Problems, Limitations, and Fixes 17