Host Intrusion Detection System Administrator's Guide Release 3.1

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

201

202

203

204

205

206

207

208

209

210

Automated Response

How Automated Response Works in HP-UX HIDS

Appendix B

193

argv[42] Attacked

Program

Device

Integer <device> Device number of program under attack

argv[43] Attacked

Program

Number of

Arguments

Integer <argc> Number of arguments passed to program

under attack (e.g., argc).

argv[44] Attacked

Program

Arguments

Integer <argv[0]>

<argv[1]>

....

Program arguments of program under attack

(ﬁrst 1024 characters).

Table B-3 Environment Variables Set for Response Programs

Name Value Description

HOME /opt/ids Home directory

IDS_BASE /opt/ids Default installation location

IDS_ETC /etc/opt/ids Conﬁguration ﬁle directory

IDS_VAR /var/opt/ids Temporary ﬁle location

IFS \t\n Tab, newline: separator string

LD_PRELOAD <empty> Library path

PATH /usr/bin:/sbin:/usr/sbin Program path

SHELL /usr/bin/sh Shell path name

TERM unknown Terminal type

Table B-2 Additional Arguments Passed to Response Programs for Race

Condition Template Alerts (Continued)

Response

Program

Argument

Alert Field

Alert Data

Type

Alert

Value/For

mat

Description