HP-UX Host Intrusion Detection System Version 4.4 Release Notes (5900-1612, April 2011)
Table 1 HP-UX HIDS Product Compatibility (continued)
Supported?Product
NoHP-UX 11i v1
YesNIS, NIS+
YesOpenView
Not testedServiceGuard
Not testedThird-party Event Monitoring Service (EMS)
YesTrusted Mode operation
NoVirtual Vault
Localization
The HP-UX HIDS software and documentation are not localized in non-English languages.
Benefits
The HP-UX HIDS intrusion detection product offers the following benefits:
• Automatically monitors each configured host system within the network for possible signs of
unwanted and potentially damaging intrusions.
• Provides continuous surveillance against inappropriate system usage that include attempting
to break into or disrupt the system, modifying system files and directories, or attempting to
spread a virus.
• Continuously examines ongoing activity on a system and seeks out patterns that might suggest
security breaches or misuse due to the exploitation of certain vulnerabilities:
Vulnerability: Unauthorized File Modification
Monitors: Critical system and application programs and configuration files
System and application log files
File additions and deletion
Critical files made world writable
Privileged “setuid” programs created
Files modified by non-owners
Vulnerability: Poorly written privileged programs
Monitors: Buffer overflows and Race conditions
Vulnerability: Weak password or unauthorized access
Monitors: Logins/Logouts
Vulnerability: Password guessing
Monitors: Failed logins and failed su attempts
Monitors: Messages logged to text based log files
6 Announcement