Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
List of Examples
B-1 Response Program.....................................................................................................208
B-2 Sending Alerts Through Email..................................................................................209
B-3 Storing Alerts in Log Files.........................................................................................210
B-4 Disabling a User Account..........................................................................................212
B-5 Disabling Remote Networking..................................................................................213
B-6 Putting a Process to Sleep..........................................................................................214
B-7 Taking a Snapshot of Critical System State...............................................................215
B-8 Restoring Safe Copies of Files...................................................................................216
C-1 To tune schedules for two agents without any user interaction...............................225
C-2 To tune schedules for two agents after a given date, with options to review and
modify the Tune Command Report and the schedule..............................................225
C-3 To tune schedules for all agents in the sentinal.hosts file, and to review and modify
the Tune Command Report and the schedule...........................................................225
C-4 Suggested Exact Filters..............................................................................................227
C-5 Suggested Filters with Regular Expressions.............................................................227
C-6 To generate a report for all the managed agents starting from a particular date.....232
C-7 To generate a report for an agent showing only the date and time (local), severity,
attacker, target, and to email the report in text format to a specified email
address.......................................................................................................................234
C-8 To generate individual reports for all agents listed in the sentinal.hosts file, sorted
by severity starting from January 01 2007.................................................................234
C-9 To generate a report listing only the critical alerts for all agents listed in the
sentinal.hosts file starting from January 01 2007, and to display the report in raw
format using commas to delimit alert fields.............................................................235
C-10 5. To generate a report for all agents listing only alerts related to failed logins,
logouts, and failed su attempts. The report is emailed to the specified email address
with a customized message and subject line.............................................................235
C-11 To generate a report for all agents listed in the sentinal.hosts file starting from
January 01 2007, displaying only the specified fields. The report is in raw format
and emailed to the specified email address..............................................................236
E-1 Example of a Sample Surveillance Schedule Text File..............................................252
15