Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
IMPORTANT: The GUI System Manager must be closed before directly editing a
Surveillance Schedule or Group in a text editor. Otherwise, changes made using an
editor will be overwritten by the GUI System Manager when it exits.
TIP: HP recommends that administrators backup copies of Surveillance Schedules
and Groups files periodically in case they need to be restored.
Incorrectly Formatted raw Reports Sent as an Email
Reports in raw format that are generated in /var/opt/ids/reports are formatted
correctly. However, if the raw report is sent to an email address using the --email-to
option, then the report may not be formatted correctly. For example, long entries in a
raw report can be broken up across multiple lines, and reports generated when
specifying the : character as a delimiter (using the --report-delimiter option)
may not include the first few entries.
Special Characters not Supported When Specifying Filters Using the tune Command
The pound (#) and pipe (|) characters are currently not supported for specifying filters
when using the tune command. Use of these characters can cause parsing errors.
The idsadmin Command Does not Parse Schedules Whose Property Lines Exceed 65535
Characters
In HIDS v4.1, if a schedule has a property line exceeding 65535 characters, idsadmin
or idsagent does not parse the schedule but logs an error message. In older versions
of HIDS, running these commands on schedules with property lines exceeding 65535
characters can cause HIDS to dump core.
Limitations when Using idsadmin in Interactive Mode
Running the idsadmin tune command in interactive mode with invalid options
can result in unexpected behavior. The following example illustrates the behavior
of idsadmin when invalid options are provided in interactive mode:
admin> tune -start-date 20060101
ERROR: You must use a double dash to specify the --start-date option
admin> tune --start-date 20060101
ERROR: You must use a double dash to specify the --start-date option
admin> tune --start-date 20060101
WARNING: -t option ignored. Can only be specified on command line.
Use TUNE interactive command.
Known Problems, Limitations, and Fixes 23