Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Workaround
Modify the following line in /etc/opt/ids/ids.cf from:
CMDLINEARGS -f /var/adm/sulog SYS_SULOG -f /var/adm/btmp
SYS_BTMP -f /var/adm/wtmp SYS_WTMP -f /var/adm/btmps
SYS_BTMPS -f /var/adm/wtmps SYS_WTMPS
to
CMDLINEARGS -f /var/adm/sulog SYS_SULOG -f /var/adm/btmps
SYS_BTMPS -f /var/adm/wtmps SYS_WTMPS
The GUI System Manager can save Text Schedules Temporarily in the Incorrect Format
When a schedule is activated using the GUI System Manager, it incorrectly saves the
text schedules in a temporary format. When the GUI System Manager exits properly,
it re-saves all the schedules in the correct (unexpanded) format. However, if the GUI
System Manager crashes or does not exit properly, it will leave any activated schedules
in the incorrect format. When the GUI System Manager is subsequently restarted, an
error dialog like the one shown in Figure 1-1 will appear and the schedule will not
appear in the GUI System Manager or Schedule Manager windows.
Figure 1-1 Error Message When an Incorrectly-formatted Schedule is Activated Using
the GUI System Manager
Likewise, a subsequent attempt to activate (or tune) a schedule in a temporary format
or a pre-v4.1 schedule that has not been migrated will cause the idsadmin CLUI to
generate an error similar to the following:
ERROR: Syntax error on line 149 of schedule file :rename of
/var/opt/ids/tmp/parser/FileModificationGroup.FileModificationGroup.0.login_logout.props
failed
ERROR: Unable to parse temp schedule file
"/var/opt/ids/tmp/./FileAndLoginMonitoringAlwaysOn.txt".
NOTE: The error message in Figure 1-1 can also appear if a template property value
in a Surveillance Group is invalid due to a syntax or semantic parsing error. See “The
GUI Schedule Manager Does not Validate Modifications to pathnames_X/programs_X
Template Properties” (page 21) for examples.
A Surveillance Schedule is in the temporary format if it contains any instances of the
TEMPLATE pattern. See the workaround below.
20 Announcement