HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

Table A-13 Setuid File Template Properties

Default ValueTypeName

0 | 1| 2 | 3 | 4 | 5 | 9 | 11III

priv_user_list

0 | 1 | 2 | 3 | 4 | 5 | 6 | 10 | 11III

priv_group_list

<empty>II

pathnames_X

<empty>II

programs_X

Properties

The configurable properties are listed as follows:

priv_user_list A list of system-level user IDs or user names.

This list contains those users who have elevated

access to the system. Removing any of these users

means that the setuid/setgid template will not

detect the creation of a setuid file owned by one

of those users.

priv_group_list A list of system-level group IDs or group names.

This list contains those groups who have elevated

access to the system. Removing any of these

groups from this list means that the setuid/setgid

template will not detect the creation of a setgid

file owned by one of those groups.

pathnames_X, programs_X

Filter out alerts generated when a specified

program creates, modifies, or enables a specified

privileged setuid file. See “Type II: Path

Names/Programs Pairs” (page 141) for a detailed

description of these property pairs.

Alerts generated by this template

Setuid or setgid File Created or Modified

Table A-14 lists the alert properties the setuid/setgid template generates and forwards

to a response program when a setuid or setgid file owned by a privileged user or

privileged group is created or modified.

Creation and Modification of setuid/setgid File Template 167