Manualshelf

HP-UX Host Intrusion Detection System Version 4.4 Release Notes (5900-1612, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
Clarifications
Perform Updates Instead of Cold Reinstalls
HP-UX HIDS is designed to support updates. If users cold reinstall the newer version by first removing
the older version (swremove), two reboots (instead of just one or possibly none) will occur and
there is the possibility of losing some configuration data.
Do not Change Permissions
Do not change the permissions on files and directories owned by ids. Opening up the permissions
to be world writable or readable causes the agent to fail security checks and to exit. Changing
file permissions also results in swverify errors.
Known Problems and Limitations
Following problems and limitations are applicable for HIDS v4.4 release.
Error Encountered When Installing HP-UX HIDS 4.4
The following error can appear when installing HP-UX HIDS 4.4 even if J2SE 5.0 is installed:
swinstall error: * Reading source for file information. The corequisite "Jre15.JRE15,
r>=1.5.0.02" for fileset "IDS.IDS-ADM-RUN, r=E.04.03.04" cannot be successfully
resolved.
ERROR: The dependencies for fileset "IDS.IDS-ADM-RUN,r=E.04.03.04" cannot be resolved
(see previous lines). You must resolve the above dependencies before operating on
this fileset or change the "enforce_dependencies" option to "false".
Workaround
If this error is encountered and J2SE 5.0 is already installed, disable the enforcement of
dependencies by deselecting the swinstall Enforce dependency analysis errors in agent option.
Otherwise, install the latest version of J2SE 5.0 available at: http:// www.hp.com/go/java.
The GUI Schedule Manager Does not Validate Modifications to pathnames_X/programs_X Template
Properties
The GUI Schedule Manager saves modifications made to the template properties in Surveillance
Groups without validating that the Surveillance Schedules and Groups can be successfully parsed.
Incorrect modifications to the Surveillance Schedules and Groups, including incorrect modifications
to template property values, are only detected when the GUI System Manager attempts to activate
the schedule or when the GUI System Manager is restarted and attempts to load the schedules.
If a Surveillance Group is not successfully parsed when the GUI System Manager is started, the
group is removed from the schedule and the group will not appear in the Schedule Manager
window. If a schedule contains only the group that was removed, then the GUI System Manager
displays an error dialog stating that it was unable to parse the schedule and the schedule will not
appear in the System Manager and Schedule Manager windows.
The following scenarios illustrate instances where the GUI Schedule Manager allows administrators
to make and save invalid modifications to pathname_X/program_X filter template properties:
Known Problems, Limitations, and Fixes 9