Most of the keywords in the IDS policy file are supported in this
release, but a few of them are not supported.
Supported keywords
The IDS policy contains the following
supported keywords:
- ibm-policyIdsActionName
- ibm-idsICMPRedirect
- ibm-idsConditionAuxClass
- ibm-idsConditionType
- ibm-idsAttackType
- ibm-idsLocalPortRange
- ibm-idsRemotePortRange
- ibm-idsProtocolRange
- ibm-idsIPOptionRange
- ibm-idsLocalHostIPAddress
- ibm-idsRemoteHostIPAddress
- ibm-idsActionAuxClass
- ibm-idsActionType
- ibm-idsStatInterval
- ibm-idsMaxEventMessage
- ibm-idsTRtcpTotalConnections
- ibm-idsTRtcpPercentage
- ibm-idsTRtcpLimitScope
- ibm-idsTRudpQueueSize
- ibm-idsFSInterval
- ibm-idsFSThreshold
- ibm-idsSSInterval
- ibm-idsSSThreshold
The following keywords in the IDS policy file, while allowed,
are ignored in this release.
- ibm-idsMessageDest
- Specifies to which queue the IDS-generated messages should go. (All messages
result in audit records and are not sent to queues.)
- ibm-idsNotification
- Specifies whether the log file or the console gets notified. (All messages
go to the audit journal only.)
- ibm-idsLoggingLevel
- Specifies a limit to the number of messages logged to a log file.
- ibm-idsTypeActions
- Specifies the type of action to take for a condition. (The only action
taken is to create an audit record.)
- ibm-idsSensitivity
- Specifies the priority of the condition. (All conditions are treated as
having equal priority.)
- ibm-idsScanExclusion
- Specifies an array of IP addresses and ports that should be exempt from
statistical bookkeeping if a scan is detected. No IP addresses or ports are
exempt from the statistics that are associated with a scan event.