Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
IDS Mailing List
To receive the latest news about HP-UX HIDS, send an email message to
majordomo@hpuxmail.cup.hp.com. Include only the following line in the body of the message:
subscribe ids9000-news
NOTE: The term ids9000 refers to the previous name of the product.
This address is for subscription requests only. Do not send product questions or other inquiries.
To unsubscribe, send the message:
unsubscribe ids9000-news
ITRC Security Forum
Get help from your peers in the HP Information Technology Resource Center (ITRC) Security
Forum. It is available at:
http://forums.itrc.hp.com/cm
Choose the hp-ux area and then the security category.
Support Model
In the future, HP-UX HIDS customers will receive maintenance versions and minor versions of
the product, instead of individual patches for various defect fixes. HP recommends that customers
adopt the latest version to take advantage of defect fixes and new functionalities.
The support model, in light of this approach (product versions instead of individual patches) is:
- The latest maintenance or minor version is the actively supported version.
- Customers using a prior major version (or any of its minor versions) will be supported on a
best-effort basis. They will be asked to adopt the latest version, especially if the problem they
are experiencing has been corrected in the latest version. Specifically, this means that version 4.2
is now the actively supported version and all previous versions are supported on a best-effort
basis.
NOTE: Support for version 2.x of HP-UX HIDS was discontinued on March 31, 2007. HP
recommends that all customers using HP-UX HIDS version 2.x upgrade to version 4.2. To know
more about discontinuance, see http://www.hp.com/softwarereleases/releases-media2/discon/
index.htm.
New and Changed Features
HP-UX HIDS version 4.2 includes the following new features and enhancements:
A log file monitoring feature that enables administrators to receive alerts when log entries
that match regular expression string patterns are detected in plain text log files (for example,
syslog). Administrators specify the path names of the log files to monitor and the regular
expression string patterns to monitor for each log file.
A critical file monitoring feature that enables administrators to receive alerts when there are
failed attempts to create, delete, or modify critical files. Previous HIDS versions only monitor
for successful attempts to modify files. With this feature enabled, both successful and failed
attempts are detected. As with successful attempts, failed attempts to modify critical files
can be indicative of an intrusion or of system misuse.
Only the Modification of files/directories template, the Modification of
Another User's File template, and the Changes to Log File template can be
configured to monitor for failed attempts.
10 Announcement