HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-17 Modification of Another User’s File Template Properties (continued)
Default ValueTypeProperty
<empty>II
pathnames_X
<empty>II
programs_X
Properties
Configure the following properties based on the individual machine configuration and
usage.
pathnames_to_not_watch
Path names of files that can be safely ignored if
they are modified by non-owners.
users_to_ignore
Users running with an effective uid that equals to
one of the listed user IDs or corresponds to one of
the listed user names can modify files they do not
own without generating an alert. It is
recommended that this property is left blank
unless specifically needed.
user_pairs_to_ignore
A list of user ID or user name pairs in which an
alert is not generated if the effective user ID of the
process modifying this file matches the first
member of a pair, and the owner of the file being
modified matches the corresponding second
member of the pair.
For example, pairs [0,1], [root, 1], [0, bin], and
[root,bin] are all equivalent and any of them can
be used to filter all alerts where a process with
effective uid 0 (root) modifies files owned by user
bin (uid 1).
pathnames_X, programs_X
These properties can be used to filter out alerts
generated when a particular program modifies a
specified file owned by another user. See “Type
II: Path Names/Programs Pairs” (page 141) for a
detailed description of these property pairs.
Alerts generated by this template
Non-Owned File Being Modified
Table A-18 lists the alert properties the Modification of Another User’s File template
generates and forwards to a response program when a file is modified by someone
other than the owner.
176 Templates and Alerts