Host Intrusion Detection System Administrator's Guide Release 3.1

Templates and Alerts

Creation of World-Writable File Template

Appendix A

166

Limitations This template has the following limitations:

• The template cannot always distinguish between when a world-writable ﬁle is

created, and when an existing world-writable ﬁle is opened with the create ﬂag set.

The template can therefore possibly generate an alert that a world-writable ﬁle is

created even though the ﬁle already exists, and is opened with the create ﬂag set

• The template cannot always distinguish between when a world-writable ﬁle is

created, and when an existing setuid ﬁle is truncated. The template can therefore

generate an alert that a setuid ﬁle is created, instead of generating an alert that a

setuid ﬁle is truncated.