Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
Special Characters not Supported When Specifying Filters Using the tune Command
The pound (#) and pipe (|) characters are currently not supported for specifying filters
when using the tune command. Use of these characters can cause parsing errors.
The idsadmin Command Does not Parse Schedules Whose Property Lines Exceed 65535
Characters
In HIDS v4.1, if a schedule has a property line exceeding 65535 characters, idsadmin
or idsagent does not parse the schedule but logs an error message. In older versions
of HIDS, running these commands on schedules with property lines exceeding 65535
characters can cause HIDS to dump core.
Limitations when using idsadmin in Interactive Mode
Running the idsadmin tune command in the interactive mode with invalid
options can result in unexpected behavior. The following example illustrates the
behavior of idsadmin when invalid options are provided in the interactive mode:
admin> tune -start-date 20060101
ERROR: You must use a double dash to specify the --start-date option
admin> tune --start-date 20060101
ERROR: You must use a double dash to specify the --start-date option
admin> tune --start-date 20060101
WARNING: -t option ignored. Can only be specified on command line.
Use TUNE interactive command.
WARNING: Invalid hostname [rt-date] specified. Skipping....
ERROR: No valid agent hostnames entered.
After the idsadmin tune or report command is executed, and if idsadmin
had established a connection with an agent before the tune or report command
was invoked, idsadmin no longer has a connection to that agent. A status
command re-establishes a connection to that agent.
The idsadmin Tool Cannot Monitor more than one Agent at a Time
The idsadmin tool does not monitor or display alerts in near real-time from multiple
agents at the same time. The idsadmin tool can only monitor and display alerts from
one agent at any given time. To view alerts for multiple agents at the same time, you
must use the GUI System Manager or use the idsadmin --report command to
generate a consolidated alert report across multiple agents.
Display of Schedules Created Using Earlier Versions of HIDS
The GUI System Manager does not display v4.0 or v3.x text schedules that were placed
in /etc/opt/ids/schedules unless these schedules are migrated to HIDS 4.1. For
information on migrating schedules, see “Migrating Schedules from Older Versions of
HIDS” (page 32)
Known Problems, Limitations, and Fixes 23