Host Intrusion Detection System Administrator's Guide Release 3.0
Templates and Alerts
Template Property Types
Appendix A
133
NOTE The time unit value cannot be specified in the Schedule Manager window.
Type VII: Flags
The value of this property type is an integer that represents an enable/disable flag. A
value of 1 means enabled and a value of 0 means disabled. For example, the following
properties of the Login/Logout template specify that the monitoring of logins is enabled
and the monitoring of successful su commands is disabled:
monitor_login_flag | 1
monitor_su_flag | 0
Type VIII: Scalars
This property type is similar to type VII above in that it contains a single integer value.
However, this type does not contrain the value to only 0 or 1. For example, the following
property of the Buffer Overflow template specifies that 500 is considered an unusually
long argument length when invoking a priviledged setuid program:
unusual_arg_len | 500