Host Intrusion Detection System Administrator's Guide Release 3.1
Automated Response
How Automated Response Works in HP-UX HIDS
Appendix B
192
For the Race Condition template, the following additional arguments are passed to a
response program:
argv[33] Attacker
pseudo-tty
String <pty> Name of pty on which attacker is connected to
(for example, pts/ta). Set to empty string if not
known.
argv[34] Attacker
hostname
String <hostnam
e>
Full hostname of remote host from where the
attacker logged in. Set to "localhost" name or to
empty string if the local host is not known.
argv[35] Attacker IP
address
String <A.B.C.D>
(ipv4) or
<::ffff:A.B.
C.D>
(ipv6)
IP address (in ipv4 or IPv6 string notation) of the
remote host from which the attacker logged in.
Set to empty string if not known.
Table B-1 Additional Arguments Passed to Response Programs (Continued)
Response
Program
Argument
Alert
Field
Alert
Field Type
Alert
Value/For
mat
Description
Table B-2 Additional Arguments Passed to Response Programs for Race
Condition Template Alerts
Response
Program
Argument
Alert Field
Alert Data
Type
Alert
Value/For
mat
Description
argv[36] Attacked
Program
Pathname
String <full
pathname>
Full pathname of program under attack
argv[37] Attacked
Program
File Type
Integer <type> File type of program under attack.
Corresponds to an enum vtype value deļ¬ned
in vnode.h
argv[38] Attacked
Program
Mode
Integer <mode>
(decimal)
Mode of program under attack
argv[39] Attacked
Program
Owner
Integer <uid> Owner of program under attack (uid)
argv[40] Attacked
Program
Group
Integer <gid> Group of program under attack (gid)
argv[41] Attacked
Program
Inode
Integer <inode> Inode number of program under attack