Host Intrusion Detection System Administrator's Guide Release 3.1
Templates and Alerts
Modification of files/directories Template
Appendix A
150
pathnames_to_not_watch I ^/etc/ptmp$ | ^/etc/\.pwd\.lock$ |
^/etc/utmp$ | ^/etc/utmpx$ |
^/etc/rc\.log$
^/etc/opt/resmon/pipe/
pathnames_0 II ^/etc/opt/resmon/ |
^/etc/group˙tmp.*$ &
^/etc/passwd˙tmp.*$ & ^/etc/group$
| ^/etc/group ˙tmp.*$
programs_0 II ^/usr/sbin/stm/uut/bin/ &
^/etc/opt/resmon/lbin/ |
^/usr/sbin/useradd$ &
^/usr/sbin/userdel$ &
^/usr/sbin/usermod$ |
^/usr/sbin/groupadd$ &
^/usr/sbin/groupdel$ &
^/usr/sbin/groupmod$
pathnames_1 II ^/etc/lvmconf/lvm_lock$
^/etc/mnttab$ & ^/etc/fstab$
^/stand/backup/ & ^/stand/backup$
^/stand/\\.system_bkup$ &
^/stand/\\.system_tune$
^/stand/krs/ & ^/stand/krs_tmp/ &
^/stand/current/ & ^/stand/backup/
^/etc/sfd\\.pid$ ^/etc/opt/OV/
^/opt/.*/home/oracle/
^/etc/ioconfig$ &
^/stand/ioconfig$
programs_1 II ^/sbin/vgdisplay$ &
^/sbin/pvdisplay$ &
^/sbin/lvdisplay$
^/usr/bin/nfsstat$ &
^/usr/sbin/syncer$ & ^/sbin/mount$
& ^/sbin/umount$ &
^/sbin/fs/.*/mount$ &
^/opt/cifsclient/bin/cifsmount$ &
^/sbin/fs/.*/umount$ &
^/opt/cifsclient/bin/cifsumount$ &
^/usr/bin/df$ & ^/usr/bin/bdf$
^/usr/sbin/kctune$
^/usr/sbin/kmtune$ ^/sbin/krsd$
^/sbin/sfd$ ^/opt/OV/bin/
^/opt/.*/home/oracle/product/.*/b
in/ ^/sbin/ioscan$ & ^/sbin/insf$
& ^/sbin/rmsf$
pathnames_X II <empty>
Table A-9 File/Directories Template Properties (Continued)
Name Type Default Value