Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
SSH does not Perform a Clean Exit after idsagent is Started
After starting idsagent from an ssh login, logging out of the agent system results in
the ssh session hanging indefinitely. As a workaround, log in by entering:
ssh -l root <machine> /usr/dt/bin/dtterm
Then, type in the /sbin/init.d/idsagent start commands interactively.
Agents and Kernel Parameters
The administration System Manager can monitor up to 23 agent system, s unless you
make kernel parameter changes, as described in Chapter 2, “Configuring HP-UX HIDS,”
in the Host Intrusion Detection System Administrator’s Guide.
Dropped Kernel Audit Records
Depending on the system profile and product configuration, and under heavy loads,
HIDS can drop kernel audit records and therefore miss potential intrusions. The
IDDS_MODE configuration parameter for the kernel dsp in the ids.cf configuration
file only controls whether the kernel auditing subsystem (IDDS) either blocks or drops
audit records under heavy loads. Currently, the user space component of HP-UX HIDS
(idskerndsp), which collects audit data from IDDS, cannot be configured to either
block or drop audit records under heavy loads. Instead, the product displays a notice
in the Network Browser error panel that audit records are being dropped. The kernel
dsp parameters, DROP_NOTIFY_INTERVAL and LOW_WATERMARK, control the frequency
at which reminder notices are sent and the point at which a notice is sent when audit
records are no longer being dropped, respectively. For more information see
Appendix E, “The Agent Configuration File,” in the Host Intrusion Detection System
Administrator’s Guide.
The System Manager on PA-RISC 1.1 Systems
The System Manager must be run with J2SE 5.0 (aka Java 1.5.x). For PA-RISC 1.1 systems,
however, Java 1.5.x is not supported; therefore, the System Manager can only be run
with Java 1.4.x on PA-RISC 1.1 systems. For the most part, the System Manager will
behave correctly using Java 1.4.x but with some limitations, and can generate numerous
warnings or errors in /var/opt/ids/gui/logs/Trace.log and
/var/opt/ids/gui/guiError.log that may result in very large files that can
consume a considerable amount of disk space.
Time Units Cannot be Specified for Template Properties in Schedule Manager
In the Schedule Managers template property editing windows, you can not specify
time unit (For example, s = seconds, m = minutes, d = days, w = weeks) for template
property time values. Some time-related template properties are interpreted as being
in seconds (example, the fail_interval and warning_interval properties for
the Repeated Failed Logins template), while other properties are interpreted as being
Known Problems, Limitations, and Fixes 25