Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
21222324252627282930
in minutes (for example, the fail_interval property for the Repeated Failed su
commands template).
Schedules that Contain Username Template Values Cannot be run by Release 3.x Agents
Starting with HIDS 4.0, user names and user IDs can be specified for user template
properties, such as users_to_monitor and priv_user_list. HIDS v3.x supports
only user IDs values for these user template properties; therefore, schedules that contain
user names instead of user IDs cannot be run by v3.x agents. The schedules must only
specify user IDs values for these user template properties if they are to be run by both
v3.x and v4.0 (or later) agents.
Error Log File Rotation
When you rotate an agent’s error log file (default location is
/var/opt/ids/error.log), the idsagent process must be restarted by sending it a
HUP signal in order for all new errors to appear in a newly created error log file.
Defect Fixes and Enhancements in HIDS Release 4.1
HIDS Release 4.1 includes the following defect fixes and enhancements:
Earlier versions of HIDS did not allow administrators to use the # character when
specifying a file pathname, because the HIDS schedule parser treats # as a comment
character, even if it is escaped with a backslash (i.e., \#). Starting with HIDS Release
4.1, administrators can monitor files with a # character in their pathname or
filename by escaping them with a backslash.
In earlier versions of HIDS, any upgrade of the IDS-ADM subproduct in the HIDS
bundle did not preserve any settings in /opt/ids/bin/idsgui (for example,
INTERFACE setting).
In earlier versions of HIDS, when an Itanium-based (Itanium IA64) system is
configured to run an HIDS agent that forwards alerts to the HIDS OVO SPI, alerts
are not displayed on the OVO console.
In earlier versions of HIDS, if the aggregation feature is enabled on an HIDS agent
and the aggregated alert size is greater than or equal to 2 KB, the HIDS agent will
not forward the alert to the OVO server. As a result, large aggregated alerts are
not displayed on the OVO console.
On an HP-UX 11i v2 PA-RISC system, even if the openssl product with a revision
string greater than or equal to A.00.09.07-d is installed, IDS_checkInstall
reports an installation check error.
In earlier versions of HIDS, certification generation fails when IDS_genAdminKeys
or IDS_genAgentCerts generates certificates for systems with fully qualified
26 Announcement