Host Intrusion Detection System Administrator's Guide Release 3.1
Templates and Alerts
Alert Summary
Appendix A
125
Alert Summary
For each alert, Table A-1 lists the attack detected, the alert severity, and the detection
template that generates the alert.
Table A-1 Detection Templates
Alert Attack Alert Severity Detection Template
Buffer overflow
detected
A process attempted to
execute on its stack,
perhaps as part of a
stack buffer overflow
attack.
1 Buffer Overflow
Template
Potential buffer
overflow detected
Potential buffer
overflow of a
privileged program
using an unusually
long program
argument or using an
argument that
contains a non
printable character.
1 Buffer Overflow
Template
File reference change A file reference for a
privileged program
was changed.
1 Race Condition
Template
Race condition attack A privileged setuid
script was executed
via a symbolic link.
1 Race Condition
Template
Potential Race
Condition attack
A privileged setuid
script was executed,
but not necessarily via
a symbolic link.
2 Race Condition
Template
Filesystem
modification or
potential
modification
A read-only file was
truncated, deleted, or
renamed.
2 Modification of
files/directories
Template
Filesystem
modification or
potential
modification
A read-only file’s mode
or ownership was
modified, the file was
created, or the file was
opened for writing or
appending.
3 Modification of
files/directories
Template