HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Table A-12 Append-Only File Being Modified Alert Properties (continued)

DescriptionAlert Value/FormatAlert Field

Type

Alert FieldResponse

Program

Argument

Detailed alert

description

User with uid <uid>

<performed action on the file>

<full pathname> (type=<type>,

inode=<inode>, device<device>)

when executing <program>

(type=<type>,inode=<inode>

,device=<device>), invoked as

follows: <argv[0]> <argv[1]>...,

as process with pid <pid> and

ppid <ppid> and running with

effective uid=<euid> and with

effective gid=<egid>.where

<performed action on the file>

is set to one of the following:

• opened for

modification/truncation

• deleted the file

• deleted the directory

• performed system call

<number> on the file

• renamed the file

• truncated the file

• created the file (and

overwrote any existing file)

named

StringDetailsargv[8]

The event that triggered

the alert.

Following are the possible

values:

• File opened for modification

• File renamed

• File created

• File modified

• File truncated

• Hard link created

• File deleted

• Directory deleted

• Miscellaneous event

StringEventargv[9]

Changes to Log File Template 165