Host Intrusion Detection System Administrator's Guide Release 3.1
Templates and Alerts
Template Property Types
Appendix A
135
When the units component is not present, the integer component is assumed to be in
units of seconds. For example, the following lines in the template configuration file
contain time strings representing values of 23 seconds, 10 minutes, 1 hour and 23
seconds; the s component in the last line is redundant, but can be used for clarity.
fail_interval | 23
warning_interval | 10m
fail_interval | 1h
warning_interval | 23s
NOTE You cannot specify the time unit value in the Schedule Manager window. Refer to the
documentation for each template time property to determine the time unit interpreted
by the Schedule Manager.
Type VII: Flags
The value of this property type is an integer that represents an enable/disable flag. A
value of 1 means enabled and a value of 0 means disabled. For example, the following
properties of the Login/Logout template specify that the monitoring of logins is enabled
and the monitoring of successful su commands is disabled:
monitor_login_flag | 1
monitor_su_flag | 0
Type VIII: Scalars
This property type is similar to type VII in that it contains a single integer value.
However, this type does not limit the value to only 0 or 1. For example, the following
property of the Buffer Overflow template specifies that 500 is considered an unusually
long argument length when invoking a priviledged setuid program:
unusual_arg_len | 500