Host Intrusion Detection System Administrator's Guide Release 3.0
Templates and Alerts
Summary
Appendix A
122
Summary
This appendix describes the detection templates that are used to make up surveillance
groups. This appendix also describes the alerts that are passed to the System Manager
and to response programs by the HP-UX HIDS agent.
Alerts • “Alert Summary” on page 123
Limitations • “Limitations” on page 128
Property Types • “Template Property Types” on page 129
Templates and
associated alerts
• “Buffer Overflow Template” on page 134
• “Changes to Log File Template” on page 152
• “Creation of Setuid File Template” on page 155
• “Creation of World-Writable File Template” on page 158
• “Modification of Another User’s File Template” on page 163
• “Modification of Files/Directories Template” on page 146
• “Login/Logout Template” on page 167
• “Race Condition Template” on page 141
• “Repeated Failed Logins Template” on page 173
• “Repeated Failed su Commands Template” on page 176