HP Host Intrusion Detection System (HIDS) Contents, APPENDIX A – CPU CONSUMPTION, CPU Consumption on PA Processors, 4.0 REFERENCE DOCUMENTS/ WEB SITES, Memory Consumption on PA Processors

Contents
1.1 P RODUCT I DENTIFICATION ...............................................................................................		4
1.2 P URPOSE OF D OCUMENT ..................................................................................................		4
1.2 I NTENDED A UDIENCE .......................................................................................................		4
1.3 G LOSSARY .......................................................................................................................		4
2.0 OVERVIEW......................................................................................................................		5
2.1 P RODUCT O VERVIEW .......................................................................................................		5
2.2 HP-UX HIDS D EPLOYMENTS .........................................................................................		5
2.3 S IZING AND T UNING O VERVIEW ......................................................................................		5
3.0 SIZING AND TUNING RECOMMENDATIONS........................................................		6
3.1 S IZING G UIDELINES .........................................................................................................		6
3.1.1 Single vs. Multi-Processor .......................................................................................		6
3.1.2 Number of CPUs ......................................................................................................		6
3.1.3 Memory ....................................................................................................................		6
3.1.4 Disk Capacity...........................................................................................................		7
3.2 T UNING C ONSIDERATIONS ...............................................................................................		7
3.2.1 Product Tuning ........................................................................................................		7
3.2.1.1 Tuning the Surveillance Schedules...................................................................		7
3.2.1.1.1 Background................................................................................................		7
3.2.1.1.2 Avoid duplicate copies of a template.........................................................		7
3.2.1.1.3 Avoid duplicate groups with overlapping functionality ............................		7
3.2.1.1.4 Race Condition Template ..........................................................................		8
3.2.1.2 Tuning Process Priority.....................................................................................		8
3.2.1.3 Tuning the HIDS System Manager (GUI)........................................................		8
3.2.2 Kernel Tuning ..........................................................................................................		8
3.2.2.1 Tuning the Kernel Audit System (IDDS) .........................................................		8
3.2.2.1.1 System performance over security.............................................................		9
3.2.2.1.2 Security over system performance.............................................................		9
3.2.2.1.3 How to change from non-blocking to blocking mode ...............................		9
3.2.2.2 Kernel Tunables................................................................................................		9
3.2.2.2.1 enable_idds .........................................................................................		9
3.2.2.2.2 max_thread_proc ................................................................................		9
3.2.2.2.3 tcp_conn_request_max ....................................................................		9
3.2.2.2.4 secure_sid_scripts ........................................................................		9
3.2.2.2.5 executable_stack ...........................................................................		10
3.2.2.2.6 maxdsiz .................................................................................................		10
3.2.2.3 Swap................................................................................................................		10
4.0 REFERENCE DOCUMENTS/ WEB SITES ...............................................................		11
APPENDIX A – CPU CONSUMPTION ............................................................................		12
CPU Consumption on PA Processors ...........................................................................		13
CPU Consumption on Itanium Processors...................................................................		15
APPENDIX B – RESIDENT MEMORY CONSUMPTION ............................................		17
Memory Consumption on PA Processors .....................................................................		17
Memory Consumption on Itanium Processors .............................................................		19
HP Company Internal	Page 3 of 20