HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-1 Detection Templates (continued)
Detection TemplateAlert SeverityAttackAlert
Creation of World-Writable
File Template
3A file with world-writable
permission was created by a
privileged user, the
world-writable bit was set on
an existing file owned by a
privileged user, the owner of
a world-writable file was
changed to a privileged user
from a non- privileged user,
or a world-writable file owned
by a privileged user was
renamed from a location that
is not being monitored to a
location that is being
monitored.
World-writable file
created
Modification of Another
User’s File Template
2A file was truncated, deleted,
or renamed by a user other
than the owner of the file.
Non-owned file being
modified
Modification of Another
User’s File Template
3A file’s mode or ownership
was modified by a user other
than the owner, or a file was
opened for modification by a
user other than the owner of
the file.
Non-owned file being
modified
Login/Logout Template2aA successful login as a user
specified as privileged
Start of a successful
login session
Login/Logout Template3aA successful login as a user
not specified as privileged
Start of a successful
login session
Login/Logout Template2Logout of a user specified as
privileged
End of a login session
Login/Logout Template3Logout of a user not specified
as privileged
End of a login session
Login/Logout Template2A successful switch to a user
specified as privileged
Successful su session
Login/Logout Template3A successful switch to a user
not specified as privileged
Successful su session
Repeated Failed Logins
Template
3Repeated attempts to log in as
a user specified as privileged
Failed login attempts
Repeated Failed Logins
Template
3Repeated attempts to log in as
a user not specified as
privileged
Failed login attempts
Alert Summary 137