HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

161

162

163

164

165

166

167

168

169

170

Table A-14 Setuid File Created / Modified Alert Properties (continued)

DescriptionAlert Value/FormatAlert Field

Type

Alert FieldResponse

Program

Argument

Detailed alert descriptionUser with uid <uid>

the file ><full

pathname>(type=<type>,

inode=<inode>, device<device)

when executing <program>

(type=<type>, inode=<inode>,

device=<device>), invoked as

follows: <argv[0]> <argv[1]>...,

as process with pid <pid> and

ppid <ppid> and running with

effective uid=<euid> and with

effective gid=<egid>.where

<performed action on> is set

to one of the following:

• created the setuid or

setgid file

• changed the owner of the

setuid file, or changed

the group of the setgid

file.

• enabled the setuid or

setgid bit on file

• performed system call

<number> on the file

• opened for modification

• truncated the setuid or

setgid file

StringDetailsargv[8]

The event that triggered

the alert.

Following are the possible

values:

• File truncated

• File created

• File modified

• Miscellaneous event

StringEventargv[9]

Creation and Modification of setuid/setgid File Template 169