Manualshelf

HP-UX Host Intrusion Detection System Release 4.0 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Announcement
Known Problems, Limitations, and Fixes
Chapter 120
under heavy loads. Currently, the user space component of HP-UX HIDS
(idskerndsp), which collects audit data from IDDS, cannot be configured
to either block or drop audit records under heavy loads. Instead, the
product displays a notice in the Network Browser error panel that audit
records are being dropped. The kernel dsp parameters,
DROP_NOTIFY_INTERVAL and LOW_WATERMARK, control the frequency that
reminder notices are sent and the point at which a notice is sent when
audit records are no longer being dropped, respectively. For more
information see Appendix E, “The Agent Configuration File,” in the Host
Intrusion Detection System Administrator’s Guide for more details.
idsadmin does not Automatically Overwrite Existing Schedule
The idsadmin -f ascii_schedule option does not automatically
overwrite the existing schedule. Stop and remove the existing schedule
(if there is one), and then start a new schedule using the -f option.
System Manager with Java 1.4.x
The System Manager does not work properly with Java 1.4.x. Use the
latest available version, J2SE 5.0.
Time Units Cannot be Specified for Template Properties in
Schedule Manager
In the Schedule Manager’s template property editing windows, you can
not specify time unit (For example, s = seconds, m = minutes,d=days,w
= weeks) for template property time values. Some time-related template
properties are interpreted as being in seconds (example, the fail_interval
and warning_interval properties for the Repeated Failed Logins
template), while other properties are interpreted as being in minutes (for
example, the fail_interval property for the Repeated Failed su commands
template).
Release 4.0 Schedules that Contain Username Template Values
Cannot be run by Release 3.x Agents
Starting with v4.0, both user names and user IDs can be specified for
template properties to specify users. For example, users_to_ignore,
users_to_monitor, priv_user_list, user_pairs_to_ignore supports both
user name and user ID values. HIDS v3.x supports only user IDs,
therefore v4.0 schedules that contain user name template values cannot
be run by v3.x agents. The v4.0 schedules must specify only user IDs if
they are to be used both by v3.x and v4.0 agents.