Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

171

172

173

174

175

176

177

178

179

180

Templates and Alerts

Creation of World-Writable File Template

Appendix A

163

Properties A brief description about the conﬁgurable properties are listed below:

• Property: priv_uid_list

A list of system-level user IDs.

This list should contain those users that are considered to have elevated access to

the system. Removing any of these means that this template will not detect the

creation of a world-writable ﬁle owned by one of those users.

• Property: pathnames_to_not_watch

Pathnames of ﬁles that can be safely ignored if they are made world writable.

• Properties: pathnames_X, programs_X

Use these properties to ﬁlter out alerts generated when a particular program creates

a particular world writable ﬁle. See “Type II: Path Names/Programs Pairs” on

page 132 for a detailed description of these property pairs.

Alerts generated

by this template

See “World-Writable File Created” on page 164 for information about the alerts

generated by this template.

programs_1 II ^/usr/lbin/rlogind$ |

^/usr/lbin/swagent$ &

^/usr/sbin/swagentd &

^/usr/sam/lb in/samd$ &

^/opt/perf/bin/ & ^/opt/OV/bin/

| ^/opt/openssl/prngd/prngd$ |

^/usr/sbin/getty$ |

^/usr/sam/lbin/samd$ |

^/opt/VRTSob/bin/vxsvc$ |

^/opt/perf/bin/ |

^/opt/OV/httpd/bin/httpd$ |

^/opt/OV/bin/ |

^/usr/sbin/useradd$ &

^/usr/sbin/userdel$ &

^/usr/sbin/usermod$ | ^/usr

/sbin/groupadd$ &

^/usr/sbin/groupdel$ &

^/usr/sbin/groupmod$ |

^/usr/sbin/kmtune$

pathnames_X II <empty>

programs_X II <empty>

Table A-15 World-Writable File Template Properties (Continued)

Name Type Default Value