HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Table A-10 File Being Modified Alert Properties (continued)

DescriptionAlert Value/FormatAlert Field

Type

Alert FieldResponse

Program

Argument

Detailed alert

description

User with uid<uid> <performed

action on the file> <full pathname>

(type=<type>, inode=<inode>,

device=<device>) when executing

<program> (type=<type>,

inode=<inode>, device=<device>),

invoked as follows:

<argv[0]><argv[1]>..., as process

with pid <pid> and ppid <ppid>

and running with effective

uid=<euid> and with effective

gid=<egid>.where <performed

action on the file> is set to one of

the following:

• changed the owner of

• changed the permission of

• opened for

modification/truncation

• renamed the file

• created the file (and overwrote

any existing file) named

• truncated the file

• created as a hard link

• created as a symbolic link

StringDetailsargv[8]

Modification of files/directories Template 161