HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

File Being Modified

Table A-10 lists the alert properties this template generates and forwards to a response

program when a file is modified.

Table A-10 File Being Modified Alert Properties

DescriptionAlert Value/FormatAlert Field

Type

Alert FieldResponse

Program

Argument

Unique code assigned

to template

2IntegerTemplate

code

argv[1]

Template version3IntegerVersionargv[2]

Alert severity2 if file is truncated, potentially

truncated, deleted, or renamed.3 if

file’s mode or ownership is

modified, if file is created, or if file

is opened for writing or appending.

IntegerSeverityargv[3]

UTC time in number

of seconds since the

epoch when file was

modified

<secs>IntegerUTC timeargv[4]

The user ID, group ID,

process ID, and parent

process ID of the

process that modified

the file

uid=<uid>, gid=<gid>, pid=<pid>,

ppid=<ppid>

StringAttackerargv[5]

The full path name of

the file that was

modified and the file’s

type, mode, uid, gid,

inode, and device

number

file=<full pathname>, type=<type>,

mode=<mode>, uid=<uid>,

gid=<gid>, inode=<inode>,

device=<device>

StringTarget of

attack

argv[6]

Alert summaryFile system modification or

potential modification.

StringSummaryargv[7]

160 Templates and Alerts