HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-14 Setuid File Created / Modified Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Unique code assigned to
template
4IntegerTemplate codeargv[1]
Template Version3IntegerVersionargv[2]
Alert Severity1IntegerSeverityargv[3]
UTC time in number of
seconds since the epoch
when a privileged setuid
file was created or
modified
<secs>IntegerUTC timeargv[4]
The user ID, group ID,
process ID, and parent
process ID of the process
that created or modified
the privileged setuid file
uid=<uid>, gid=<gid>,
pid=<pid>, ppid=<ppid>
StringAttackerargv[5]
The full path name of the
privileged setuid file and
the file’s type, mode,
uid, gid, inode, and
device number
file=<full pathname>,
type=<type>, mode=<mode>,
uid=<uid>, gid=<gid>,
inode=<inode>,
device=<device>
StringTarget of
Attack
argv[6]
Alert summarysetuid file created,or
setuid file potentially
modified, or setuid file
truncated, or operation on
setuid file
StringSummaryargv[7]
168 Templates and Alerts