Host Intrusion Detection System Administrator's Guide Release 3.1
Templates and Alerts
Creation of World-Writable File Template
Appendix A
164
World-Writable File Created
Table A-16 lists the configurable properties that this template supports.
Table A-16 World-Writable File Created Alert Properties
Response
Program
Argument
Alert
Field
Alert
Field
Type
Alert Value/Format Description
argv[1] Template
code
Integer 5 Unique code
assigned to
template
argv[2] Version Integer 2 Version of the
template
argv[3] Severity Integer 3 Alert Severity
argv[4] UTC Time Integer <secs> UTC time in
number of
seconds since
epoch when a
world-writable
file was created
argv[5] Attacker String uid=<uid>, gid=<gid>, pid=<pid>,
ppid=<ppid>
The user ID,
group ID,
process ID, and
parent process
ID of the process
that created the
world-writable
file
argv[6] Target of
Attack
String file=<full pathname>,
type=<type>,mode=<mode>,uid=<uid
>,gid=<gid>,inode=<inode>,device
=<device>
The full
pathname of the
world-writable
file and the file’s
type, mode,
uid, gid,
inode, and
device number
argv[7] Summary String World-writable file created Alert summary