Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Host Intrusion Detection System (HIDS)

161

162

163

164

165

166

167

168

169

170

Templates and Alerts

Creation of Setuid File Template

Appendix A

156

Setuid File Created

This template generates and forwards the following alerts to a response program when a

setuid ﬁle owned by a privileged user is created:

Table A-14 Setuid File Created Alert Properties

Response

Program

Argument

Alert Field

Type

Alert Value/Format Description

argv[1] Template

code

Integer 4 Unique code

assigned to

template

argv[2] Version Integer 2 Version of the

template

argv[3] Severity Integer 1 Severity

argv[4] UTC Time Integer <secs> UTC time in

number of seconds

since epoch when a

privileged setuid

ﬁle is created

argv[5] Attacker String “uid=<uid>, gid=<gid>, pid=<pid>,

ppid=<ppid>”

The user ID, group

ID, process ID, and

parent process ID

of the process that

created the

privileged setuid

ﬁle

argv[6] Target of

Attack

String “ﬁle=<full pathname>,

mode=<mode>,uid=<uid>,gid=<gid

inode=<inode>,device=<device>”

The full pathname

of the privileged

setuid ﬁle and the

ﬁle’s mode, uid, gid,

inode, and device

number

argv[7] Summary String “Setuid ﬁle created” Alert Summary