HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table A-18 Non-Owned File Being Modified Alert Properties
DescriptionAlert Value/FormatAlert Field
Type
Alert FieldResponse
Program
Argument
Unique code assigned
to template
6IntegerTemplate
code
argv[1]
Template version3IntegerVersionargv[2]
Alert severity2 if the file is truncated,
potentially truncated, deleted,
or renamed3 if the file’s mode
or ownership is modified, or the
file is opened for writing or
appending
IntegerSeverityargv[3]
UTC time in number of
seconds since the epoch
when a file was
modified by a
non-owner
<secs>IntegerUTC timeargv[4]
The user ID, group ID,
process ID, and parent
process ID of the
process that modified
the file
uid=<uid>, gid=<gid>,
pid=<pid>, ppid=<ppid>.
StringAttackerargv[5]
The full path name of
the file and the file’s
type, mode, uid, gid,
inode, and device
number
file=<full pathname>,
type=<type>, mode=<mode>,
uid=<uid>, gid=<gid>,
inode=<inode>, device=<device>.
StringTarget of
Attack
argv[6]
Alert summaryNon-owned file being modifiedStringSummaryargv[7]
Modification of Another User’s File Template 177