Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

171

172

173

174

175

176

177

178

179

180

Templates and Alerts

Creation of World-Writable File Template

Appendix A

161

NOTE Refer to Table B-1 in Appendix B for the deﬁnition of argv[10] through argv[32] that can

be used to access speciﬁc alert information (i.e., pid, ppid) without having to parse the

string alert ﬁelds above.

argv[8] Details String “User with uid <uid> <performed action

on the ﬁle> <full

pathname>(type=<type>,inode=<inode>,

device<device>) when executing

<program>(type=<type>,inode=<inode>,d

evice=<device>), invoked as follows:

<argv[0]> <argv[1]>..., as process with pid

<pid> and ppid <ppid> and running with

effective uid=<euid> and with effective

gid=<egid>.

where <performed action on the ﬁle> is

set to one of the following:

"created the world writable ﬁle"

"created the world writable directory"

"created the world-writable character

special ﬁle"

"created the world writable block special

ﬁle"

"created the world writable pipe (ﬁfo) ﬁle"

"renamed the world-writable ﬁle"

"changed the owner of the world writable

ﬁle"

"enabled the world writable permission on

ﬁle"

"performed system call <number> on the

ﬁle"

Detailed alert

description

argv[9] Local Time Integer <secs> Local time in

number of

seconds since

epoch when a

world writable

ﬁle is created

Table A-16 World-writable File Created Alert Properties (Continued)

Response

Program

Argument

Alert

Field

Alert

Field

Type

Alert Value/Format Description