HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-16 World-Writable File Created Alert Properties (continued)
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
• created the
world-writable pipe (fifo)
file
• renamed the
world-writable file
• changed the owner of the
world-writable file
• enabled the
world-writable
permission on file
• performed system call
<number> on the file
The event that triggered
the alert.
Following are the possible
values:
• File created
• Directory created
• Special file created
• File renamed
• File ownership modified
• File permission modified
• Miscellaneous event
StringEventargv[9]
NOTE: See Table B-1 (page 194) in Appendix B for the definition additional arguments
that can be used to access specific alert information (for example, pid and ppid) without
parsing the string alert fields.
Limitations
The World-Writable template has the following limitations:
• The template cannot always distinguish whether a world-writable file is created,
or whether an existing world-writable file is opened with the create flag set. The
template can generate an alert that a world-writable file is created even though
the file already exists, and is opened with the create flag set.
• The template cannot always distinguish whether a world-writable file is created,
or whether an existing world-writable file is truncated. The template can generate
an alert that a file is created, instead of generating an alert that a world-writable
file is truncated.
174 Templates and Alerts