Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

181

182

183

184

185

186

187

188

189

190

Templates and Alerts

Modiﬁcation of Another User’s File Template

Appendix A

169

argv[3] Severity Integer 2 if the ﬁle is truncated, potentially

truncated, deleted, or renamed.

3 if the ﬁle’s mode or ownership is

modiﬁed, or the ﬁle is opened for

writing or appending.

Alert Severity

argv[4] UTC Time Integer <secs> UTC time in

number of seconds

since epoch when

a ﬁle was modiﬁed

by a non-owner

argv[5] Attacker String uid=<uid>, gid=<gid>,

pid=<pid>, ppid=<ppid>.

The user ID, group

ID, process ID,

and parent

process ID of the

process that

modiﬁed the ﬁle

argv[6] Target of

Attack

String file=<full pathname>,

type=<type>,mode=<mode>,uid=<u

id>,gid=<gid>,inode=<inode>,de

vice=<device>.

The full pathname

of the ﬁle and the

ﬁle’s type, mode,

uid, gid,

inode, and device

number

argv[7] Summary String Non-owned ﬁle being modiﬁed. Alert summary

Table A-18 Non-Owned File Being Modiﬁed Alert Properties (Continued)

Response

Program

Argument

Alert

Field

Alert

Field Type

Alert Value/Format Description