Manualshelf

HP-UX Host Intrusion Detection System Version 4.7 Release Notes HP-UX 11i v3 (766145-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
12345678910
Example 1 Invalid Modification - Scenario 1
In this example, the GUI Schedule Manager allows the administrator to enter an unequal number
of pathnames_X and programs_X pathname groups:
pathnames_1 | file1 & file 2 | file3 | file4
programs_1 | prog1 | prog2
However, the administrator will not be able to activate the schedule as there is no corresponding
program for file4.
Example 2 Invalid Modification - Scenario 2
In this example, the GUI Schedule Manager allows the administrator to enter an empty pathname
or program when editing a pathnames_X or a programs_X template property:
pathnames_1 | file1 | | file2
programs_1 | prog1 | prog2
As there is no valid pathname value between the two pipe delimiters , the GUI Schedule Manager
fails to parse the schedule when the administrator tries to activate it.
Diagnosing the Problem
Run the idsadmin --activate <schedule name> command to print useful diagnostic
information, including the line number of the schedule file entry that caused a parsing error. The
idsadmin command provides detailed error messages that can help administrators diagnose and
resolve the problem.
IMPORTANT: The GUI System Manager must be closed before directly editing a Surveillance
Schedule or Group in a text editor. Otherwise, changes made using an editor will be overwritten
by the GUI System Manager when it exits.
TIP: HP recommends that administrators backup copies of Surveillance Schedules and Groups
files periodically in case they need to be restored.
Incorrectly Formatted raw Reports Sent as an Email
Reports in raw format that are generated in /var/opt/ids/reports are formatted correctly.
However, if the raw report is sent to an email address using the --email-to option, then the
report may not be formatted correctly. For example, long entries in a raw report can be broken
up across multiple lines, and reports generated when specifying the : character as a delimiter
(using the --report-delimiter option) may not include the first few entries.
Special Characters not Supported When Specifying Filters Using the tune Command
The pound (#) and pipe (|) characters are currently not supported for specifying filters when using
the tune command. Use of these characters can cause parsing errors.
The idsadmin Command Does not Parse Schedules Whose Property Lines Exceed 65535
Characters
If a schedule has a property line exceeding 65535 characters, idsadmin or idsagent does
not parse the schedule but logs an error message. In older versions of HIDS, running these commands
on schedules with property lines exceeding 65535 characters can cause HIDS to dump core.
Limitation when Using idsadmin in Interactive Mode
After an idsadmin tune or report command is executed, and if idsadmin had established
a connection with an agent before the tune or report command was invoked, idsadmin no
10 Announcement