NAME
enable_idds — enable intrusion detection data source
VALUES
Allowed values
0 (off)
or
1 (on)
Recommended values
1 (on)
if Praesidium IDS/9000 is installed,
0 (off)
otherwise.
DESCRIPTION
If
enable_idds
is set to
1,
then Praesidium IDS/9000 can enable the
collection of kernel data for intrusion detection.
This also causes additional things to be tracked by the kernel, resulting
in a small degradation in performance (and increase in kernel memory usage),
even if Praesidium IDS/9000 is not in use.
Who Is Expected to Change This Tunable?
Anyone using Praesidium IDS/9000.
Restrictions on Changing
Changes to this tunable take effect at the next reboot.
When Should the Tunable Be Turned On?
This tunable should be turned
on
if Praesidium IDS/9000 is installed.
The installation will automatically turn on
enable_idds.
What Are the Side Effects of Turning the Tunable On?
The name of the current working directory (and root directory) of
every process is tracked, resulting in a change in memory usage
and performance of the system.
When Should the Tunable Be Turned Off?
If Praesidium IDS/9000 is not being used
enable_idds
should be turned
off.
What Are the Side Effects of Turning the Tunable Off?
When turned
off,
Praesidium IDS/9000 is unable to use any detection template that uses
kerndsp.
(See the documentation for Praesidium IDS/9000 for more information on
kerndsp.)
What Other Tunables Should Be Changed at the Same Time?
This tunable is independent of other tunables.
WARNINGS
All HP-UX kernel tunable parameters are release specific.
This parameter may be removed or have its meaning changed in
future releases of HP-UX.
AUTHOR
enable_idds
was developed by HP.
Printable version
