Host Intrusion Detection System Administrator's Guide Release 3.0
Templates and Alerts
Creation of World-Writable File Template
Appendix A
160
argv[2] Version Integer 2 Version of the
template
argv[3] Severity Integer 3 Severity
argv[4] UTC Time Integer <secs> UTC time in
number of
seconds since
epoch when a
world writable
file is created
argv[5] Attacker String “uid=<uid>, gid=<gid>, pid=<pid>,
ppid=<ppid>”
The user ID,
group ID,
process ID, and
parent process
ID of the process
that created the
world writable
file
argv[6] Target of
Attack
String “file=<full pathname>,
mode=<mode>,uid=<uid>,gid=<gid>,
inode=<inode>,device=<device>”
The full
pathname of the
world writable
file and the file’s
mode, uid, gid,
inode, and
device number
argv[7] Summary String “World writable file created” Alert summary
Table A-16 World-writable File Created Alert Properties (Continued)
Response
Program
Argument
Alert
Field
Alert
Field
Type
Alert Value/Format Description