Manualshelf

HP-UX Host Intrusion Detection System Version 4.2 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
Error Log File Rotation
When you rotate an agent’s error log file (default location is /var/opt/ids/error.log), the
idsagent process must be restarted by sending it a HUP signal in order for all new errors to
appear in a newly created error log file.
Activations of Surveillance Schedules fail on systems installed with only HIDS v4.2 agent software
When only the HIDS v4.2 agent software is installed as part of either a fresh install or an upgrade,
schedule activation fails with one of the following error messages in the agent's error.log file:
The dir (/var/opt/ids/tmp//kerndsp_parser/) does not exist.
or
The dir (/var/opt/ids/tmp//sysdsp_parser/) does not exist.
Workaround
Run the following commands as root or user ids:
mkdir -p /var/opt/ids/tmp/kerndsp_parser
mkdir -p /var/opt/ids/tmp/sysdsp_parser
chmod 700 /var/opt/ids/tmp/kerndsp_parser
chmod 700 /var/opt/ids/tmp/sysdsp_parser
chown ids:ids /var/opt/ids/tmp/kerndsp_parser
chown ids:ids /var/opt/ids/tmp/sysdsp_parser
A Surveillance Schedule with a Surveillance Group that is scheduled to run during two or more
time periods (GROUPPERIODs) is not saved correctly by the HIDS v4.2 Administrative GUI.
When a Surveillance Schedule has two or more group periods for the same Surveillance Group,
only the first group period is preserved when saving the Surveillance Schedule persistently. For
example, the following schedule is created with two GROUPPERIODs for the same Surveillance
Group:
GROUPPERIOD
NAME LoginMonitoringGroup
GMT 0
STARTTIME 0:00:0
ENDTIME 23:59:1
GROUP LoginMonitoringGroup
ENDGROUP
ENDGROUPPERIOD
GROUPPERIOD
NAME LoginMonitoringGroup
GMT 0
STARTTIME 0:00:6
ENDTIME 23:59:6
GROUP LoginMonitoringGroup
ENDGROUP
ENDGROUPPERIOD
When the Surveillance Schedule is saved by the HIDS Administrative GUI, only the first group
period of LoginMonitoringGroup is saved persistently while the other group periods are not.
As a result, the Surveillance Schedule contains only the following GROUPPERIOD after the
HIDS Administrative GUI exits or the Surveillance Schedule is explicitly saved using the GUI:
GROUPPERIOD
NAME LoginMonitoringGroup
GMT 0
STARTTIME 0:00:0
ENDTIME 23:59:1
GROUP LoginMonitoringGroup
ENDGROUP
ENDGROUPPERIOD
Known Problems, Limitations, and Fixes 15