Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

181

182

183

184

185

186

187

188

189

190

Templates and Alerts

Repeated Failed su Commands Template

Appendix A

177

Limitations None

argv[4] UTC

Time

Integer <secs> UTC time in number of

seconds since epoch when

more than

<max_failed_su> number

of failed su attempts are

detected for a particular

user.

argv[5] <empty> n/a User <username> had more than

<max_failed_su> failed su attempts

in the past <number> [second |

minute | hour | day | week]. Targets

were [ "<username>" "<username>"

.... ]

This ﬁeld is empty

argv[6] <empty> n/a n/a This ﬁeld is empty

argv[7] Summary String “Failed su attempts” Alert summary

argv[8] Details String “User <username> had more than

<max_failed_su> failed su attempts

in the past <value> days. Targets

were ["username”,

Detailed alert description

argv[9] Local

Time

Integer <secs> Local time in number of

seconds since epoch when

more than

<max_failed_su> number

of failed su attempts are

detected for a particular

user.

argv[10] Flag Integer 2 Indicates a failed su alert

versus a failed login alert

argv[11] Device String <tty> The tty from which a

failed su attempt was

made.

argv[12] From String <username> The name of the user

attempting to su.

argv[13] To String <username> The target user of the last

failed su attempt.

Table A-25 Repeated Failed Su Attempts Alert Properties (Continued)

Response

Program

Argument

Alert

Field

Alert

Field

Type

Alert Value/Format Description