Host Intrusion Detection System Administrator's Guide Release 3.0
Templates and Alerts
Modification of Files/Directories Template
Appendix A
147
Properties • Property: pathnames_to_watch
Pathnames of files to be monitored for modification.
• Property: pathnames_to_not_watch
Pathnames of files that can be safely ignored for modification, regardless of which
program modifies them.
• Properties: pathnames_X, programs_X
pathnames_to_not_watch I ^/etc/ptmp$ | ^/etc/\.pwd\.lock$ |
^/etc/utmp$ | ^/etc/utmpx$ | ^/etc/rc\.log$
^/etc/opt/resmon/pipe/
pathnames_0 II ^/etc/opt/resmon/ | ^/etc/group˙tmp.*$ &
^/etc/passwd˙tmp.*$ & ^/etc/group$ |
^/etc/group ˙tmp.*$
programs_0 II ^/usr/sbin/stm/uut/bin/ &
^/etc/opt/resmon/lbin/| ^/usr/sbin/useradd$
& ^/usr/sbin/userdel$ &
^/usr/sbin/usermod$|^/usr/sbin/groupadd$
& ^/usr/sbin/groupdel$ &
^/usr/sbin/groupmod$
pathnames_1 II ^/etc/lvmconf/lvm_lock$ ^/etc/mnttab$ &
^/etc/fstab$ ^/stand/backup/ &
^/stand/backup$ ^/stand/\\.system_bkup$
& ^/stand/\\.system_tune$ ^/stand/krs/ &
^/stand/krs_tmp/ & ^/stand/current/ &
^/stand/backup/ ^/etc/sfd\\.pid$
^/etc/opt/OV/ ^/opt/.*/home/oracle/
^/etc/ioconfig$ & ^/stand/ioconfig$
programs_1 II ^/sbin/vgdisplay$ & ^/sbin/pvdisplay$ &
^/sbin/lvdisplay$ ^/usr/bin/nfsstat$ &
^/usr/sbin/syncer$ & ^/sbin/mount$ &
^/sbin/umount$ & ^/sbin/fs/.*/mount$ &
^/opt/cifsclient/bin/cifsmount$ &
^/sbin/fs/.*/umount$ &
^/opt/cifsclient/bin/cifsumount$ &
^/usr/bin/df$ & ^/usr/bin/bdf$
^/usr/sbin/kctune$ ^/usr/sbin/kmtune$
^/sbin/krsd$ ^/sbin/sfd$ ^/opt/OV/bin/
^/opt/.*/home/oracle/product/.*/bin/
^/sbin/ioscan$&^/sbin/insf$ & ^/sbin/rmsf$
pathnames_X II <empty>
programs_X II <empty>
Table A-9 Template Properties (Continued)
Name Type Default Value