enable_idds(5) [hpux man page]
enable_idds(5) File Formats Manual enable_idds(5) NAME
enable_idds - enable intrusion detection data source VALUES
Failsafe Default Allowed values or Recommended values if HP-UX HIDS is installed, otherwise. DESCRIPTION
From HP-UX 11i Version 3 onwards, the tunable is replaced by the dynamic tunable audit_track_paths(5). If is set to then the HP-UX Host Intrusion Detection System (HP-UX HIDS) can enable the collection of kernel data for intrusion detection. This also causes additional things to be tracked by the kernel, resulting in a small degradation in performance (and increase in kernel memory usage), even if HP-UX HIDS is not in use. Who Is Expected to Change This Tunable? Anyone using HP-UX HIDS. Restrictions on Changing Changes to this tunable take effect at the next reboot. When Should the Tunable Be Turned On? This tunable should be turned on if HP-UX HIDS is installed. The installation will automatically turn on What Are the Side Effects of Turning the Tunable On? The name of the current working directory (and root directory) of every process is tracked, resulting in a change in memory usage and per- formance of the system. When Should the Tunable Be Turned Off? If HP-UX HIDS is not being used should be turned off. What Are the Side Effects of Turning the Tunable Off? When turned off, HP-UX HIDS is unable to use any detection template that uses (See the documentation for HP-UX HIDS for more information on What Other Tunables Should Be Changed at the Same Time? This tunable is independent of other tunables. WARNINGS
This tunable has been replaced by All HP-UX kernel tunable parameters are release-specific. This parameter may be removed or have its meaning changed in future releases of HP-UX. Installation of optional kernel software, from HP or other vendors, may cause changes to tunable parameter values. After installation, some tunable parameters may no longer be at the default or recommended values. For information about the effects of installation on tun- able values, consult the documentation for the kernel software being installed. For information about optional kernel software that was factory installed on your system, see at AUTHOR
was developed by HP. SEE ALSO
audit_track_paths(5), ids.cf(5), OBSOLETED
Tunable Kernel Parameters enable_idds(5)
Check Out this Related Man Page
audit_track_paths(5) File Formats Manual audit_track_paths(5) NAME
audit_track_paths - enable/disable tracking of current and root directories for auditing subsystem VALUES
Failsafe Default Allowed values or Recommended values if is turned on or is installed, otherwise. DESCRIPTION
is a dynamic tunable and replaces specific static tunable Setting the tunable to enables both and to resolve and report absolute pathnames for their accounting purposes. This also causes addi- tional tracking by the kernel, resulting in a small degradation in performance (and increase in kernel memory usage), even if auditing sub- system is not in use. Although it is not required, but it is highly recommended to reboot the system when setting the tunable to with the intention to be able to record the absolute pathnames. Otherwise, or may not be able to resolve and report absolute pathname consistently. When is set to will not resolve absolute pathnames, while will be unable to open the device and collect data. This is because HIDS always expects a complete pathname for its purposes. The tunable is set to state when the system is installed without and its value is set to The tunable is set to when is first installed. Who Is Expected to Change This Tunable? Administrator with proper privileges can change the value of depending on the restrictions stated below. Restrictions on Changing The tunable is a dynamic tunable so any changes to this will take effect immediately, provided following conditions are satisfied: 1) If the new tunable value is 0 (and not then will not be able to open the IDDS device; and therefore, it will not be able to run any intrusion detection template that requires system call audit records. This restriction is enforced to avoid HIDS reporting incomplete or relative pathnames. 2) If is opened, then the administrator will not be allowed to change the value of the tunable. 3) If the tunable is set to will self-tune its value to when the IDDS device is opened by 4) If the tunable value is set to will self-tune its value to at the time of turning auditing. 5) If is already the administrator is not allowed to change the tunable value. 6) If the administrator changes the tunable value from to a reboot of the system is recommended to avoid reporting of partial pathnames by or When Should the Tunable Be Turned On? The tunable should be turned if either or is going to be started. What Are the Side Effects of Turning the Tunable On? The name of the current working directory (and root directory) of every process is tracked, resulting in a change in memory usage and per- formance of the system. When Should the Tunable Be Turned Off? When both and are What Are the Side Effects of Turning the Tunable Off? When the tunable is is unable to use any detection template that requires system call audit records (such as the "Modification of Files/Directories Template"). See HP-UX HIDS documentation for more information about templates. Also in this case will report relative pathnames in the audit log. What Other Tunables Should Be Changed at the Same Time? This tunable is independent of other tunables. WARNINGS
All HP-UX kernel tunable parameters are release-specific. This parameter may be removed or have its meaning changed in future releases of HP-UX. Installation of optional kernel software, from HP or other vendors, may cause changes to tunable parameter values. After installation, some tunable parameters may no longer be at the default or recommended values. For information about the effects of installation on tun- able values, consult the documentation for the kernel software being installed. For information about optional kernel software that was factory installed on your system, see at AUTHOR
was developed by HP. SEE ALSO
kctune(1M), audit(5), ids.cf(5). Tunable Kernel Parameters audit_track_paths(5)