Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
41424344454647484950
3. Select the Modify Tunable option located on the right hand side of your screen.
4. Enter your new value in the New Setting [Expression/Value] box.
5. Choose Modify. Your new value shows in the Pending column.
6. Select OK to save the configuration. .
7. If you changed the value, select View Pending Changes and reboot option located
in the right hand side of the screen. Follow the steps provided by SMH.
Enabling More than 20 Inbound Requests
The HP-UX HIDS administration system communicates with agent systems using the
TCP protocol. On some systems, the TCP parameter, tcp_conn_request_max, is set
initially to allow up to 20 inbound requests to be active at one time. If you have a larger
number of agent systems, this value can be inadequate.
If the tcp_conn_request_max value is too small an agent’s error log can contain
messages, such as write_msg: error opening connection to remote
host..., open_connection: connect error, and open_connection:
Timed out waiting on select() for connect to complete.
You can view and change this parameter using the ndd command.
To view and change the value of tcp_conn_request_max, follow these steps:
1. To view the current value, enter the following command:
# ndd -get /dev/tcp tcp_conn_request_max
If this value is 20, or some number smaller than the number of agent systems, then
proceed to Step 2 and adjust it to the number of agents you plan to monitor, or
greater.
2. To change the value, log in as root and modify the /etc/rc.config.d/nddconf
configuration file by adding the following lines:
TRANSPORT_NAME[index]=tcp
NDD_NAME[index]=tcp_conn_request_max
NDD_VALUE[index]=value
Where:
index is a shell array index, as described in the file,
value is the value to be assigned.
For example, if this is the first entry in the file and you want to set the value of
tcp_conn_request_max to 4096 enter the following:
TRANSPORT_NAME[0]=tcp
NDD_NAME[0]=tcp_conn_request_max
NDD_VALUE[0]=4096
The new value is applied on the next system boots.
Enabling Multiple Agents 49