Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

191

192

193

194

195

196

197

198

199

200

Automated Response

How Automated Response Works in HP-UX HIDS

Appendix B

187

For the Race Condition template, the following additional arguments are passed to a

response program:

argv[20] Target File

Owner

Integer <uid> Owner of ﬁle (uid) under attack

argv[21] Target File

Group

Integer <gid> Group of ﬁle (gid) under attack.

argv[22] Target File

Inode

Integer <inode> Inode number of ﬁle under attack.

argv[23] Target File

Device

Integer <device> Device number of ﬁle under attack.

argv[24] Pathname

of attack

program

String <full

pathname

Full pathname of attack program.

argv[25] Attack

Program

Type

Integer <type> File type of attack program. Corresponds to an

enum vtype value deﬁned in vnode.h.

argv[26] Attack

Program

Mode

Integer <mode>

(decimal)

Mode of attack program.

argv[27] Attack

Program

Owner

Integer <uid> Owner of attack program (uid).

argv[28] Attack

Program

Group

Integer <gid> Group of attack program (gid).

argv[29] Attack

Program

Inode

Integer <inode> Inode number of attack program.

argv[30] Attack

Program

Device

Integer <device> Device number of attack program.

argv[31] Attack

Program

Argument

Count

Integer <argc> Number of arguments passed to attack program

(e.g., argc).

argv[32] Attack

Program

Arguments

String <argv[0]>

<argv[1]>

...

Program arguments of attack program (ﬁrst

1024 characters).

Table B-1 Additional Arguments Passed to Response Programs (Continued)

Response

Program

Argument

Alert

Field

Alert

Field Type

Alert

Value/For

mat

Description