enable_idds.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

enable_idds(5)

OBSOLETED enable_idds(5)

(Tunable Kernel Parameters)

NAME

enable_idds - enable intrusion detection data source

VALUES

Failsafe

0 (off)

Default

0 (off)

Allowed values

0 (off) or 1 (on)

Recommended values

1 (on) if HP-UX HIDS is installed,

0 (off) otherwise.

DESCRIPTION

Note: From HP-UX 11i Version 3 onwards, the

enable_idds tunable is replaced by the dynamic tun-

able audit_track_paths(5).

enable_idds is set to 1, then the HP-UX Host Intrusion Detection System (HP-UX HIDS) can enable

the collection of kernel data for intrusion detection. This also causes additional things to be tracked by

the kernel, resulting in a small degradation in performance (and increase in kernel memory usage), even

if HP-UX HIDS is not in use.

Who Is Expected to Change This Tunable?

Anyone using HP-UX HIDS.

Restrictions on Changing

Changes to this tunable take effect at the next reboot.

When Should the Tunable Be Turned On?

This tunable should be turned on if HP-UX HIDS is installed. The installation will automatically turn on

enable_idds.

What Are the Side Effects of Turning the Tunable On?

The name of the current working directory (and root directory) of every process is tracked, resulting in a

change in memory usage and performance of the system.

When Should the Tunable Be Turned Off?

If HP-UX HIDS is not being used

enable_idds should be turned off.

What Are the Side Effects of Turning the Tunable Off?

When turned off, HP-UX HIDS is unable to use any detection template that uses

idskerndsp. (See the

documentation for HP-UX HIDS for more information on idskerndsp.)

What Other Tunables Should Be Changed at the Same Time?

This tunable is independent of other tunables.

WARNINGS

This tunable has been replaced by

audit_track_paths.

All HP-UX kernel tunable parameters are release-speciﬁc. This parameter may be removed or have its

meaning changed in future releases of HP-UX.

Installation of optional kernel software, from HP or other vendors, may cause changes to tunable parame-

ter values. After installation, some tunable parameters may no longer be at the default or recommended

values. For information about the effects of installation on tunable values, consult the documentation for

the kernel software being installed. For information about optional kernel software that was factory

installed on your system, see HP-UX Release Notes at

http://www.hp.com/go/hpux-core-docs.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
enable_idds(5) OBSOLETED (Tunable Kernel Parameters) enable_idds(5) NAME enable_idds - enable intrusion detection data source VALUES Failsafe 0 (off) Default 0 (off) Allowed values 0 (off) or 1 (on) Recommended values 1 (on) if HP-UX HIDS is installed, 0 (off) otherwise. A DESCRIPTION Note: From HP-UX 11i Version 3 onwards, the enable_idds tunable is replaced by the dynamic tunable audit_track_paths(5).
PAGE 2
enable_idds(5) OBSOLETED (Tunable Kernel Parameters) enable_idds(5) AUTHOR enable_idds was developed by HP. SEE ALSO kctune(1M), audit_track_paths(5), ids.cf(5), HP-UX Host Intrusion Detection System Administrator’s Guide .