NAME
enable_idds — enable intrusion detection data source
VALUES
Allowed values
0 (off)
or
1 (on)
Recommended values
1 (on)
if HP-UX HIDS is installed,
0 (off)
otherwise.
DESCRIPTION
If
enable_idds
is set to
1,
then the HP-UX Host Intrusion Detection System (HP-UX HIDS) can enable the
collection of kernel data for intrusion detection.
This also causes additional things to be tracked by the kernel, resulting
in a small degradation in performance (and increase in kernel memory usage),
even if HP-UX HIDS is not in use.
Who Is Expected to Change This Tunable?
Anyone using HP-UX HIDS.
Restrictions on Changing
Changes to this tunable take effect at the next reboot.
When Should the Tunable Be Turned On?
This tunable should be turned
on
if HP-UX HIDS is installed.
The installation will automatically turn on
enable_idds.
What Are the Side Effects of Turning the Tunable On?
The name of the current working directory (and root directory) of
every process is tracked, resulting in a change in memory usage
and performance of the system.
When Should the Tunable Be Turned Off?
If HP-UX HIDS is not being used
enable_idds
should be turned
off.
What Are the Side Effects of Turning the Tunable Off?
When turned
off,
HP-UX HIDS is unable to use any detection template that uses
idskerndsp.
(See the documentation for HP-UX HIDS for more information on
idskerndsp.)
What Other Tunables Should Be Changed at the Same Time?
This tunable is independent of other tunables.
WARNINGS
All HP-UX kernel tunable parameters are release-specific.
This parameter may be removed or have its meaning changed in
future releases of HP-UX.
AUTHOR
enable_idds
was developed by HP.
SEE ALSO
ids.cf(5),
with: MANPATH: /opt/ids/share/man,
HP-UX Host Intrusion Detection System Administrator's Guide.
Printable version
