HP-UX Reference (11i v2 03/08) - 5 Miscellaneous Topics, 7 Device (Special) Files, 9 General Information, Index (vol 9)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

101

102

103

104

105

106

107

108

109

110

enable_idds(5) enable_idds(5)

(Tunable Kernel Parameters)

NAME

enable_idds - enable intrusion detection data source

VALUES

Failsafe

0 (off)

Default

0 (off)

Allowed values

0 (off) or 1 (on)

Recommended values

1 (on) if HP-UX HIDS is installed,

0 (off) otherwise.

DESCRIPTION

enable_idds is set to 1, then the HP-UX Host Intrusion Detection System (HP-UX HIDS) can enable

the collection of kernel data for intrusion detection. This also causes additional things to be tracked by

the kernel, resulting in a small degradation in performance (and increase in kernel memory usage), even

if HP-UX HIDS is not in use.

Who Is Expected to Change This Tunable?

Anyone using HP-UX HIDS.

Restrictions on Changing

Changes to this tunable take effect at the next reboot.

When Should the Tunable Be Turned On?

This tunable should be turned on if HP-UX HIDS is installed. The installation will automatically turn on

enable_idds.

What Are the Side Effects of Turning the Tunable On?

The name of the current working directory (and root directory) of every process is tracked, resulting in a

change in memory usage and performance of the system.

When Should the Tunable Be Turned Off?

If HP-UX HIDS is not being used

enable_idds should be turned off.

What Are the Side Effects of Turning the Tunable Off?

When turned off, HP-UX HIDS is unable to use any detection template that uses

idskerndsp. (See the

documentation for HP-UX HIDS for more information on

idskerndsp.)

What Other Tunables Should Be Changed at the Same Time?

This tunable is independent of other tunables.

WARNINGS

All HP-UX kernel tunable parameters are release-speciﬁc. This parameter may be removed or have its

meaning changed in future releases of HP-UX.

AUTHOR

enable_idds was developed by HP.