HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2
error dialog like the one shown in Figure 1-1 will appear and the schedule will not
appear in the GUI System Manager or Schedule Manager windows.
Figure 1-1 Error Message When an Incorrectly-formatted Schedule is Activated Using
the GUI System Manager
Likewise, a subsequent attempt to activate (or tune) a schedule in a temporary format
or a pre-V4.1 schedule that has not been migrated will cause the idsadmin CLUI to
generate an error similar to the following:
ERROR: Syntax error on line 149 of schedule file :rename of
/var/opt/ids/tmp/parser/FileModificationGroup.FileModificationGroup.0.login_logout.props
failed
ERROR: Unable to parse temp schedule file
"/var/opt/ids/tmp/./FileAndLoginMonitoringAlwaysOn.txt".
NOTE: The error message in Figure 1-1 can also appear if a template property value
in a Surveillance Group is invalid due to a syntax or semantic parsing error. See “The
GUI Schedule Manager Does not Validate Modifications to pathnames_X/programs_X
Template Properties” (page 21) for examples.
A Surveillance Schedule is in the temporary format if it contains any instances of the
TEMPLATE pattern. See the workaround below.
Workaround
Use the grep command to locate any instances of the TEMPLATE pattern. Schedules
containing the TEMPLATE pattern are in the incorrect (expanded) format and must be
migrated (using the migrator tool) to an HIDS v4.1 compatible format.
IMPORTANT: The GUI System Manager must be closed before running the migrator
tool or before manually editing a Surveillance Schedule or Group in a text editor.
Otherwise, changes made by the migrator tool or editor will be overwritten by the GUI
System Manager when it exits.
The following example illustrates the usage of the migrator tool:
> cd /etc/opt/ids/schedules
> grep TEMPLATE FileAndLoginMonitoringAlwaysOn.txt
TEMPLATE append_only
ENDTEMPLATE
TEMPLATE read_only
ENDTEMPLATE
TEMPLATE setuid
20 Announcement