HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Table A-18 Non-Owned File Being Modified Alert Properties (continued)

DescriptionAlert Value/FormatAlert Field

Type

Alert FieldResponse

Program

Argument

Detailed alert

description

User with uid <uid> <performed

action on the file> <full

pathname> (type=<type>,

inode=<inode>, device<device)

when executing <program>

(type=<type>, inode=<inode>,

device=<device>), invoked as

follows: <argv[0]> <argv[1]>...,

as process with pid <pid> and

ppid <ppid> and running with

effective uid=<euid> and with

effective gid=<egid>.where

<performed action on the file>

is set to one of the following:

• changed the owner

• changed the permission

• opened for

modification/truncation

• renamed the file

• created the named file (and

overwrote any existing file)

• truncated the file

• deleted the file

• deleted the directory

• performed system call

<number> on the file

StringDetailsargv[8]

The event that triggered

the alert.

Following are the possible

values:

• File ownership modified

• File permission modified

• File opened for modification

• File renamed

• File created

• File truncated

• File deleted

• Directory deleted

• Miscellaneous event

StringEventargv[9]

178 Templates and Alerts