Contents

 

 

1.1 PRODUCT IDENTIFICATION

4

1.2 PURPOSE OF DOCUMENT

4

1.2 INTENDED AUDIENCE

4

1.3 GLOSSARY

4

2.0 OVERVIEW

5

2.1 PRODUCT OVERVIEW

5

2.2 HP-UX HIDS DEPLOYMENTS

5

2.3 SIZING AND TUNING OVERVIEW

5

3.0 SIZING AND TUNING RECOMMENDATIONS

6

3.1 SIZING GUIDELINES

6

3.1.1 Single vs. Multi-Processor

6

3.1.2 Number of CPUs

6

3.1.3 Memory

6

3.1.4 Disk Capacity

7

3.2 TUNING CONSIDERATIONS

7

3.2.1 Product Tuning

7

3.2.1.1 Tuning the Surveillance Schedules

7

3.2.1.1.1 Background

7

3.2.1.1.2 Avoid duplicate copies of a template

7

3.2.1.1.3 Avoid duplicate groups with overlapping functionality

7

3.2.1.1.4 Race Condition Template

8

3.2.1.2 Tuning Process Priority

8

3.2.1.3 Tuning the HIDS System Manager (GUI)

8

3.2.2 Kernel Tuning

8

3.2.2.1 Tuning the Kernel Audit System (IDDS)

8

3.2.2.1.1 System performance over security

9

3.2.2.1.2 Security over system performance

9

3.2.2.1.3 How to change from non-blocking to blocking mode

9

3.2.2.2 Kernel Tunables

9

3.2.2.2.1 enable_idds

9

3.2.2.2.2 max_thread_proc

9

3.2.2.2.3 tcp_conn_request_max

9

3.2.2.2.4 secure_sid_scripts

9

3.2.2.2.5 executable_stack

10

3.2.2.2.6 maxdsiz

10

3.2.2.3 Swap

10

4.0 REFERENCE DOCUMENTS/ WEB SITES

11

APPENDIX A – CPU CONSUMPTION

12

CPU Consumption on PA Processors

13

CPU Consumption on Itanium Processors

15

APPENDIX B – RESIDENT MEMORY CONSUMPTION

17

Memory Consumption on PA Processors

17

Memory Consumption on Itanium Processors

19

HP Company Internal

Page 3 of 20

 

Page 3
Image 3
HP Host Intrusion Detection System (HIDS) manual Contents