Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Templates and Alerts

Alert Summary

Appendix A

126

Setuid ﬁle created A privileged setuid ﬁle

was created,

potentially created, or

the setuid bit was

turned on a regular

ﬁle owned by a

privileged user, or the

owner of a setuid ﬁle

was changed from a

non privileged user to

a privileged user.

1 Creation and

Modiﬁcation of Setuid

File Template

Setuid ﬁle modiﬁed A privileged setuid ﬁle

was truncated or

potentially modiﬁed.

1 Creation and

Modiﬁcation of Setuid

ﬁle template

Append-only ﬁle

modiﬁed or

potentially modiﬁed

An append-only ﬁle

was truncated,

potentially truncated,

deleted, renamed, or

opened with write

permission in

non-append mode.

2 Changes to Log File

Template

World-writable ﬁle

created

A ﬁle with

world-writable

permission was

created by a privileged

user, the

world-writable bit was

set on an existing ﬁle

owned by a privileged

user, the owner of a

world-writable ﬁle was

changed to a

privileged user from a

non privileged user, or

a world-writable ﬁle

owned by a privileged

user was renamed

from a location that is

not being monitored to

a location that is being

monitored.

3 Creation of

World-Writable File

Template

Non-owned ﬁle being

modiﬁed

A ﬁle was truncated,

deleted, or renamed by

a user other than the

owner of the ﬁle.

2 Modiﬁcation of

Another User’s File

Template

Table A-1 Detection Templates (Continued)

Alert Attack Alert Severity Detection Template