HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
• Suppression Interval
Use this property to suppress duplicate alerts (for any given alert) until the specified time in
the Suppression Interval property has elapsed or the number of duplicate alerts is equal or
greater than the Suppression Count property value. The default value of this property is 6
hours. This means that HIDS will suppress duplicate alerts for any given alert over a 6 hour
period, unless the number of duplicate alerts for that alert exceeds the value of the Suppression
Count property.
NOTE: The Suppression Interval property supports the specification of time units in seconds,
minutes, hours, and days. For more information, see “Type VI: Time Strings” (page 111).
• Suppression Targets to Ignore
Use this property to specify the pathnames of targeted files and directories for which duplicate
alerts must not be suppressed. By default, duplicate alerts for the following target pathnames
are not suppressed: :
◦ ^/etc/passwd$
◦ ^/etc/group$
◦ ^/stand/vmunix$
◦ ^/stand/system$
◦ ^/\.rhosts$
◦ ^/etc/inetd\.conf$
These property values are specified as UNIX regular expressions (for more information, see “UNIX
Regular Expressions ” (page 106)).
Viewing Surveillance Schedule Details
You can view the source text of a surveillance schedule in the Details tab of the Schedule Manager
screen.
Viewing the Source of a Surveillance Schedule
To view the source of a surveillance schedule, follow these steps:
Viewing Surveillance Schedule Details 73