HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
pathnames_X, programs_X
Filter out alerts generated when a specified
program creates a specified world-writable file.
See “Type II: Path Names/Programs Pairs”
(page 141) for a detailed description of these
property pairs.
Alerts generated by this template
World-Writable File Created
Table A-16 lists the configurable properties that this template supports.
Table A-16 World-Writable File Created Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Unique code assigned to
template
5IntegerTemplate codeargv[1]
Template Version3IntegerVersionargv[2]
Alert Severity3IntegerSeverityargv[3]
UTC time in number of
seconds since the epoch
when a world-writable
file was created
<secs>IntegerUTC timeargv[4]
The user ID, group ID,
process ID, and parent
process ID of the process
that created the
world-writable file
uid=<uid>, gid=<gid>,
pid=<pid>, ppid=<ppid>
StringAttackerargv[5]
The full path name of the
world-writable file and
the file’s type, mode,
uid, gid, inode,
and device number
file=<full pathname>,
type=<type>, mode=<mode>,
uid=<uid>, gid=<gid>,
inode=<inode>,
device=<device>
StringTarget of
Attack
argv[6]
Alert summaryworld-writable file createdStringSummaryargv[7]
172 Templates and Alerts