Administrator's Guide
Automated Response
How Automated Response Works in HP-UX HIDS
Appendix B
188
Table B-2 Additional Arguments Passed to Response Programs for Race
Condition Template Alerts
Response
Program
Argument
Alert Field
AlertData
Type
Alert
Value/For
mat
Description
argv[33] Attacked
Program
Pathname
String <full
pathname>
Full pathname of program under attack
argv[34] Attacked
Program
File Type
Integer <type> File type of program under attack.
Corresponds to an enum vtype value defined
in vnode.h
argv[35] Attacked
Program
Mode
Integer <mode>
(decimal)
Mode of program under attack
argv[36] Attacked
Program
Owner
Integer <uid> Owner of program under attack (uid)
argv[37] Attacked
Program
Group
Integer <gid> Group of program under attack (gid)
argv[38] Attacked
Program
Inode
Integer <inode> Inode number of program under attack
argv[39] Attacked
Program
Device
Integer <device> Device number of program under attack
argv[40] Attacked
Program
Number of
Arguments
Integer <argc> Number of arguments passed to program
under attack (e.g., argc).
argv[41] Attacked
Program
Arguments
Integer <argv[0]>
<argv[1]>
....
Program arguments of program under attack
(first 1024 characters)
Table B-3 Environment Variables Set for Response Programs
Name Value Description
HOME /opt/ids Home directory
IDS_BASE /opt/ids Default installation location
IDS_ETC /etc/opt/ids Configuration file directory
IDS_VAR /var/opt/ids Temporary file location
IFS \t\n Tab, newline: separator string