Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
The Migrator Tool does not Update suppression_targets_to_ignore properly
When migrating schedules from 4.0, the migrator tool does not escape the . character
present in the pathname of the default files (for example, .rhosts) for which alerts
are not suppressed. After migration, you must manually insert the \ character if you
do not want to suppress the alerts for these files.
Limitation While Using the ids.cf File for Configuring Duplicate Alert Suppression
In the /etc/opt/ids/ids.cf file, non-commented lines in a [ENVIRONMENT] ...
[END] section cannot be preceded by commented lines. If you want to configure
duplicate alert suppression through the ids.cf file, you must place the SUPPRESSION
line before commented lines, as shown in the following example:
[ENVIRONMENT]
IDS_USER ids
ALLOW_DUMPS 1
#AGGREGATION 0 # 0(1) to turn alert aggregation off(on).
#SUPPRESSION 0 # 0(1) to turn duplicate alert suppression off(on).
#SUPPRESSION_REPORT 0 # 0(1) to turn reporting of suppressed alerts off(on).
# # these flags overrides flags in schedule file
[END]
To enable duplicate alert suppression, move it to the line before the first commented
line of the section and uncomment it, as shown below:
[ENVIRONMENT]
IDS_USER ids
ALLOW_DUMPS 1
SUPPRESSION 0 # 0(1) to turn duplicate alert suppression off(on).
#AGGREGATION 0 # 0(1) to turn alert aggregation off(on).
#SUPPRESSION_REPORT 0 # 0(1) to turn reporting of suppressed alerts off(on).
# # these flags overrides flags in schedule file
[END]
Unexpected Behavior by idsagent when report, resync, or tune Command is Executed
If the /var/opt/ids/gui/logs/{agent}_alert.log file is corrupted, the report,
resync, or tune commands may behave unexpectedly.
The system DSP Fails to Properly Handle Corrupted w/btmp File
The system DSP ( idssysdsp ) fails to handle corrupted w/btmp files which may
result in unexpected behavior. To work around this problem, administrators can rotate
/var/adm/wtmp and /var/adm/btmp, as follows:
Save the last few utmp entries into another file
Truncate /var/adm/[b|w]tmp to size 0. Do not write the previous entries that
were saved in the *.last file.
The next time the b/wtmp files need to be rotated, replace [b|w]tmp.last with
the most recent last few [b|w]tmp entries.
24 Announcement