IDSv2 + CA Access Control performance issue

Alex Gayainsky · ‎03-21-2002

Hi,

I succeeded to install IDS/9000 v2 on our
server & run it. But now I have performance
problem.

Process "idssysdsp" that tracks log files does "su root" all the time. We have "CA Access
Control" installed on server. "Access Control"
catches every "su" & proceede it thru its own
checks. As a result, CPU usage jumps to the
sky.

Do you know any way to run "idssysdsp" as root and not "ids" to prevent su execution ?

Thanks a lot,
Alex

Alex

Stephanie Miller · ‎05-20-2002

Hi Alex,

I was just browsing through the ITRC posts, and noticed you didn't get a reply to your message. Sorry this response wasn't sooner.

We designed the IDS/9000 product with security of the product in mind. For this reason every IDS/9000 process must run from a non-priveleged account, the user ids was created at install time. So the answer is that it is not possible to change the ownership of any IDS process. If you have another product monitoring "su", you can modify the IDS/9000 template to filter out this particular event.

Cheers,
-Stephanie

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

IDSv2 + CA Access Control performance issue

IDSv2 + CA Access Control performance issue

Re: IDSv2 + CA Access Control performance issue