Manualshelf

HP-UX Host Intrusion Detection System Release 4.0 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Announcement
Known Problems, Limitations, and Fixes
Chapter 1 19
Error Encountered When Installing HP-UX HIDS 4.0
The following error can appear when installing HP-UX HIDS 4.0 even
though J2SE 5.0 is installed:
swinstall error: * Reading source for file information. The
corequisite "Jre15.JRE15,r>=1.5.0.02" for fileset
"IDS.IDS-ADM-RUN, r=E.04.00.01" cannot be successfully
resolved.ERROR:The dependencies for fileset
"IDS.IDS-ADM-RUN,r=E.04.00.01" cannot be resolved (see
previous lines). You must resolve the above dependencies
before operating on this fileset or change the
"enforce_dependencies" option to "false".
If this error is encountered and J2SE 5.0 is already installed, disable the
enforcement of dependencies by deselecting the swinstall Enforce
dependency analysis errors in agent option. Otherwise, install the latest
version of J2SE 5.0 from http://www.hp.com/go/java.
Limitations
Predefined Schedules and Groups are not Clearly Marked
The predefined (read-only) surveillance schedules and groups are not
well distinguished in the System Manager screens. You are allowed to
modify them for the purpose of creating a new schedule, but you cannot
save the modified schedule or group over the original predefined
schedule or group. The program does not notify you that a predefined
group was not saved when you click the Save button on the Schedule
Manager screen.
Agents and Kernel Parameters
The administration System Manager can monitor up to 23 agent systems
unless you make kernel parameter changes, as described in Chapter 2,
“Configuring HP-UX HIDS,” in the Host Intrusion Detection System
Administrator’s Guide.
Dropped Kernel Audit Records
Depending on the system profile and product configuration, and under
heavy loads, HIDS can drop kernel audit records and therefore miss
potential intrusions. The IDDS_MODE configuration parameter for the
kernel dsp in the ids.cf configuration file only controls whether the
kernel auditing subsystem (IDDS) either blocks or drops audit records