Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
201202203204205206207208209210
Automated Response
Sample Response Programs
Appendix B
195
Sample Response Programs
The following sections contain examples of C and shell script response programs.
Sample C Language Program Source Code
This is sample C language source code for a response program. It is distributed in
/opt/ids/share/examples/ids_alertResponse.c.
Modify the source code below to take appropriate action in response to intrusions. This
source code can be compiled with your standard C compiler. See Table B-1 on
page 186,Table B-3 on page 188 and Appendix A for information on arguments and
environment variables.
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
#if 0 /* insert your response code here */
int i;
for(i=0; i < argc; i++) {
fprintf(stderr, "argv[%d] = %s\n", i, argv[i]);
}
#endif
exit(0);
}
Sample Shell Script Alert Responses
IMPORTANT Some of these sample shell scripts require root privilege and should not be run as setuid
root. Having a privileged setuid shell script on your system will make it completely
vulnerable to a well-known race condition attack that allows a nonprivileged user to
easily acquire a root shell and thus gain complete control of your system.
For shell scripts that require root privilege, follow the suggestions in “Writing Privileged
Response Programs” on page 190.