Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Templates and Alerts

Alert Summary

Appendix A

127

a.

Higher severity if speciﬁed by an ip_filter property. See “Login/Logout Template” on

page 171 for information about the ip_filter property.

Non-owned ﬁle being

modiﬁed

A ﬁle’s mode or

ownership was

modiﬁed by a user

other than the owner,

or a ﬁle was opened for

modiﬁcation by a user

other than the owner

of the ﬁle.

3 Modiﬁcation of

Another User’s File

Template

Start of a successful

login session

A successful login as

user root or ids

2

a

Login/Logout

Template

Start of a successful

login session

A successful login as a

user other than root

or ids

3

a

Login/Logout

Template

End of a login session The logout of user

root or ids

2

Login/Logout

Template

End of a login session The logout of a user

other than root or

ids

3 Login/Logout

Template

Successful su session A successful switch

user (su) to root or

ids

2

Login/Logout

Template

Successful su session A successful switch

user (su) to a user

other than root or

ids

3

Login/Logout

Template

Failed login attempts Repeated attempts to

log in as user root or

ids

3 Repeated Failed

Logins Template

Failed login attempts Repeated attempts to

log in as a user other

than root or ids

3 Repeated Failed

Logins Template

Failed su attempts Repeated attempts to

switch user to root or

ids

2 Repeated Failed su

Commands Template

Failed su attempts Repeated attempts to

switch user to a user

other than root or

ids

3 Repeated Failed su

Commands Template

Table A-1 Detection Templates (Continued)

Alert Attack Alert Severity Detection Template