Overview: Intrusion detection policy directives
Most of the directives in the intrusion detection policy file are supported in this release, but a few of them are not supported.
Supported directives
The intrusion detection policy file contains the following supported directives:
- ibm-idsActionAuxClass
- ibm-idsActionType
- ibm-idsAttackType
- ibm-idsConditionAuxClass
- ibm-idsConditionType
- ibm-idsFSInterval
- ibm-idsFSThreshold
- ibm-ICMPRedirect
- ibm-idsIPOptionRange
- ibm-idsLocalHostIPAddress
- ibm-idsLocalPortRange
- ibm-idsMaxEventMessage
- ibm-idsProtocolRange
- ibm-idsRemoteHostIPAddress
- ibm-idsRemotePortRange
- ibm-idsSSInterval
- ibm-idsSSThreshold
- ibm-idsStatInterval
- ibm-idsTRtcpLimitScope
- ibm-idsTRtcpPercentage
- ibm-idsTRtcpTotalConnections
- ibm-idsTRudpQueueSize
- ibm-policyIdsActionName
Unsupported directives
The following directives in the intrusion detection policy file, while allowed, are ignored in this release.
- ibm-idsLoggingLevel
- Specifies a limit to the number of messages logged to a log file. (A limit can be imposed on the number of audit records that are generated for a given action by using the ibm-idsMaxEventMessage directive.)
- ibm-idsMessageDest
- Specifies to which queue the IDS-generated messages should go. (Currently, all messages result in audit records and are not sent to queues.)
- ibm-idsNotification
- Specifies whether the log file or the console gets notified. (Currently, all messages go to the audit journal only.)
- ibm-idsScanExclusion
- Specifies an array of IP addresses and ports that should be exempt from statistical bookkeeping if a scan is detected. (No IP addresses or ports are exempt from the statistics that are associated with a scan event.)
- ibm-idsSensitivity
- Specifies the priority of the condition. (All conditions are treated as having equal priority.)
- ibm-idsTypeActions
- Specifies the type of action to take for a condition. (The only action taken is to create an audit record.)
Parent topic:
Editing the intrusion detection policy fileRelated tasks
Setting up an intrusion detection policy