KIT NAME: IDOA12A --------- OLD PRODUCT: POLYCENTER Security Intrusion Detector V1.2 for Digital UNIX ------------ NEW PRODUCT: POLYCENTER Security Intrusion Detector V1.2A for Digital UNIX ------------ APPRX BLK SIZE: 1.1 mbytes --------------- DIGITAL Cover Letter for POLYCENTER Security Intrusion Detector V1.2A for Digital UNIX MUP Kit IDOABASE12A. Purpose POLYCENTER Security Intrusion Detector V1.2A for Digital UNIX is an updated release of V1.2 which has various customer reported bugs fixed. There are no new features in this update release. The following bugs are fixed: 1. The PSID software incorrectly prioritised audit masks. - PSID gave audit_events.disallowed priority over its own internal audit mask and the audit mask generated from audit_events.sysman. This is changed, so that PSID's internal audit mask has highest priority followed by audit_events.sysman, and finally audit_events.disallowed. 2. The PSID software did not detect the deletion of the log and error files. - PSID can now detect the deletion of the /var/adm/id/id.log. file and the /var/adm/id/id.errors file. When PSID has detected the deletion of these files, it can immediately recreate them. 3. The PSID software left defunct processes. - The process id_mond is now correctly handling the termination or stoppage of all of its child processes. No defunct processes owned by id_mond can exist anymore. 4. The PSID software incorrectly terminated processes associated with old PSID process identifiers. - POLYCENTER Security ID retains a list of process-ids (PIDs) in a file called /var/adm/id/id.pid. This file contains the PID of id_mond and all of its children. This file is used for terminating all processes associated with id_mond, after the id_mond -k command is issued. If the file contained PIDs of child processes that had died, PSID did not remove the PIDs from the file. At some later time, these redundant PIDs could be reassigned by the operating system to other processes. An example of this would be if the workstation was rebooted. If the id_mond -k command was issued, PSID would have killed all the PIDs contained in the file, including those which may no longer be associated with PSID. PSID is now correctly handling the termination of all old PIDs by keeping only the active PIDs for id_mond and id_ard in this file. Installation Overview --------------------- The MUP kit is installed with the setld -l command. setld -l IDOABASE12A IDOAMAN12A Besure to de-install POLYCENTER Security Intrusion Detector V1.2 before installing V1.2A. This can be done by issueing the following command: setld -d IDOABASE120 IDOAMAN120 A system reboot is not necessary. Copyright Digital Equipment Corporation 1995. All Rights reserved. This software is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. ADDHERE