topic Re: IDSv2 + CA Access Control performance issue in Operating System - HP-UX https://community.hpe.com/t5/operating-system-hp-ux/idsv2-ca-access-control-performance-issue/m-p/2688320#M753129 Hi Alex,<BR /><BR /> I was just browsing through the ITRC posts, and noticed you didn't get a reply to your message. Sorry this response wasn't sooner. <BR /><BR />We designed the IDS/9000 product with security of the product in mind. For this reason every IDS/9000 process must run from a non-priveleged account, the user ids was created at install time. So the answer is that it is not possible to change the ownership of any IDS process. If you have another product monitoring "su", you can modify the IDS/9000 template to filter out this particular event. <BR /><BR /><BR />Cheers,<BR />-Stephanie Mon, 20 May 2002 18:47:10 GMT Stephanie Miller 2002-05-20T18:47:10Z IDSv2 + CA Access Control performance issue https://community.hpe.com/t5/operating-system-hp-ux/idsv2-ca-access-control-performance-issue/m-p/2688319#M753128 Hi,<BR /><BR />I succeeded to install IDS/9000 v2 on our<BR />server &amp; run it. But now I have performance <BR />problem.<BR /><BR />Process "idssysdsp" that tracks log files does "su root" all the time. We have "CA Access<BR />Control" installed on server. "Access Control" <BR />catches every "su" &amp; proceede it thru its own <BR />checks. As a result, CPU usage jumps to the <BR />sky.<BR /><BR />Do you know any way to run "idssysdsp" as root and not "ids" to prevent su execution ?<BR /><BR />Thanks a lot,<BR />Alex<BR /> Thu, 21 Mar 2002 16:12:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/idsv2-ca-access-control-performance-issue/m-p/2688319#M753128 Alex Gayainsky 2002-03-21T16:12:22Z Re: IDSv2 + CA Access Control performance issue https://community.hpe.com/t5/operating-system-hp-ux/idsv2-ca-access-control-performance-issue/m-p/2688320#M753129 Hi Alex,<BR /><BR /> I was just browsing through the ITRC posts, and noticed you didn't get a reply to your message. Sorry this response wasn't sooner. <BR /><BR />We designed the IDS/9000 product with security of the product in mind. For this reason every IDS/9000 process must run from a non-priveleged account, the user ids was created at install time. So the answer is that it is not possible to change the ownership of any IDS process. If you have another product monitoring "su", you can modify the IDS/9000 template to filter out this particular event. <BR /><BR /><BR />Cheers,<BR />-Stephanie Mon, 20 May 2002 18:47:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/idsv2-ca-access-control-performance-issue/m-p/2688320#M753129 Stephanie Miller 2002-05-20T18:47:10Z