HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-9 File/Directories Template Properties
Default ValueTypeName
^/.rhosts$ | ^/\.shosts$ | ^/\.profile$ | ^/bin/ | ^/sbin/
| ^/usr/bin/ | ^/usr/sbin/ | ^/usr/local/bin/ | ^/lib/
|^/usr/lib/ | ^/usr/local/lib/ |
^/stand/build/dlkm\.vmunix_test/ | ^/stand/vmunix$
| ^/stand/kernrel$ | ^/stand/bootconf$ | ^/stand/system$
| ^/dev/dsk/ | ^/dev/rdsk/ | ^/dev/rmt/ | ^/dev/rsdsi/ |
^/dev/vg[0-9]*/ | ^/dev/idds$ | ^/usr/dt/config/Xconfig$
| ^/tcb/files/devassign$ | ^/etc/rc\.config\.d/ |
^/etc/opt/sec_mgmt/bastille/ | ^/etc/rbac/ | ^/etc/cmpt/
|
I
pathnames_to_watch
^/etc/passwd$ | ^/etc/shadow$ | ^/etc/group$ |
^/etc/hosts\.equiv$ | ^/etc/hosts\.allow$ |
^/etc/hosts\.deny$ | ^/etc/inetd\.conf$ |
^/etc/auto_master$ | ^/etc/csh\.login$ |
^/etc/ftpd/ftpaccess$ | ^/etc/ftpd/ftpusers$ |
^/etc/inittab$ | ^/etc/opt/ipf/ipf\.conf$ | ^/etc/issue$ |
^/etc/motd$ | ^/etc/mnttab$ |
^/etc/named\.conf$ | ^/etc/securetty$ |
^/etc/default/security$ | ^/etc/mail/sendmail\.cf$ |
^/etc/shells$ | ^/etc/zprofile$ | ^/etc/nsswitch\.conf$ |
^/etc/pam\.conf$ | ^/etc/profile$ | ^/etc/acps\.conf$ |
^/etc/default/security$ | ^/etc/security\.dsc$ |
^/etc/opt/ids/ids\.cf$ | ^/opt/
<empty>I
pathnames_to_not_watch
<empty>II
pathnames_0
<empty>II
programs_0
^/etc/mnttab$ & ^/etc/fstab$ | ^/dev/vg[0-9]*/II
pathnames_1
^/usr/bin/nfsstat$ & ^/usr/sbin/syncer$ & ^/sbin/mount$
& ^/sbin/umount$ & ^/sbin/fs/.*/mount$ &
^/opt/cifsclient/bin/cifsmount$ & ^/sbin/fs/.*/umount$
& ^/opt/cifsclient/bin/cifsumount$ & ^/usr/bin/df$ &
^/usr/bin/bdf$ | ^/sbin/.*display$
II
programs_1
<empty>II
pathnames_X
<empty>II
programs_X
Properties
A brief description about the configurable properties are enlisted below:
pathnames_to_watch
Path names of files to be monitored for
modification.
158 Templates and Alerts