HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

181

182

183

184

185

186

187

188

189

190

Table A-20 Login/Logout Alert Properties (continued)

DescriptionAlert Value/FormatAlert Field TypeAlert FieldResponse

Program

Argument

Name of remote host

from which login was

initiated

StringHostnameargv[13]

IP address of remote

host from which login

was initiated

<A.B.C.D> for IPv4 addresses

<A:B:C:D:...> for IPv6

addresses

NOTE: Although HIDS is not

supported on IPv6–only enabled

systems, the login/logout

templates can recognize and

display the following types of

addresses in the alerts:

• IPv4 address

• IPv4–mapped-IPv6 address

• IPv6 address

StringIP Addressargv[14]

Successful su Detected

Table A-21 lists the alert properties this template generates and forwards to a response

program when a successful switch user (su) command is executed.

Table A-21 Successful su Detected Alert Properties

DescriptionAlert Value/FormatAlert Field

Type

Alert FieldResponse

Program

Argument

Unique code assigned

to template

7IntegerTemplate

code

argv[1]

Template version3IntegerVersionargv[2]

Alert severity2 for users listed in

priv_user_list property; 3

for all other users

IntegerSeverityargv[3]

UTC time in number

of seconds since the

epoch when a

successful su event

occurred.

<secs>

IntegerUTC Timeargv[4]

Name of the user

who is attempting to

use the su command,

StringAttackerargv[5]