Administrator's Guide
Templates and Alerts
Creation of World-Writable File Template
Appendix A
159
Properties • Property: priv_uid_list
A list of system-level user IDs.
This list should contain those users that are considered to have elevated access to
the system. Removing any of these means that the creation of a world writable file
owned by one of those users will not be detected by this template.
• Property: pathnames_to_not_watch
Pathnames of files that can be safely ignored if they are made world writable.
• Properties: pathnames_X, programs_X
These properties can be used to filter out alerts generated when a particular
program creates a particular world writable file. See “Type II: Pathnames/Programs
Pairs” on page 130 for a detailed description of these property pairs.
Alerts generated
by this template
• “World-Writable File Created” on page 159
World-Writable File Created
programs_1 II ^/usr/lbin/rlogind$ | ^/usr/lbin/swagent$
& ^/usr/sbin/swagentd & ^/usr/sam/lb
in/samd$ & ^/opt/perf/bin/ &
^/opt/OV/bin/ |
^/opt/openssl/prngd/prngd$ |
^/usr/sbin/getty$ | ^/usr/sam/lbin/samd$
| ^/opt/VRTSob/bin/vxsvc$ |
^/opt/perf/bin/ |
^/opt/OV/httpd/bin/httpd$ | ^/opt/OV/bin/
| ^/usr/sbin/useradd$ &
^/usr/sbin/userdel$ &
^/usr/sbin/usermod$ | ^/usr
/sbin/groupadd$ & ^/usr/sbin/groupdel$ &
^/usr/sbin/groupmod$ |
^/usr/sbin/kmtune$
pathnames_X II <empty>
programs_X II <empty>
Table A-15 Template Properties (Continued)
Name Type Default Value
Table A-16 World-writable File Created Alert Properties
Response
Program
Argument
Alert
Field
Alert
Field
Type
Alert Value/Format Description
argv[1] Template
code
Integer 5 Unique code
assigned to
template