HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-1 Detection Templates (continued)
Detection TemplateAlert SeverityAttackAlert
Race Condition Template2
A privileged setuid script
was executed, but not
necessarily using a symbolic
link.
Potential race condition
attack
Modification of
files/directories Template
2A read-only file was
truncated, deleted, or
renamed.
File system
modification or
potential modification
Modification of
files/directories Template
3A read-only file’s mode or
ownership was modified, the
file was created, or the file was
opened for writing or
appending.
File system
modification or
potential modification
Modification of
files/directories Template
3An append-only or read-only
file was modified using one of
the hard links of the file.
File system
modification or
potential modification
Creation and Modification
of setuid/setgid File
Template
1
• A privileged setuid file
was created, potentially
created, or the setuid bit
was turned on a regular file
owned by a privileged
user, or the owner of a
setuid file was changed
from a non privileged user
to a privileged user.
• A privileged setgid file
was created, potentially
created, or the setgid bit
was turned on by a
privileged group or the
group that owns a setgid
file was changed from a
non privileged group to a
privileged group.
A setuid or setgid
file is created
Creation and Modification
of setuid/setgid File
Template
1
A privileged setuid or
setgid file was truncated or
potentially modified.
A setuid or setgid
file is modified
Changes to Log File
Template
2An append-only file was
truncated, potentially
truncated, deleted, renamed,
or opened with write
permission in non-append
mode.
Append-only file
modified or potentially
modified
136 Templates and Alerts