HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table B-1 Additional Arguments Passed to Response Programs for Kernel Template
Alerts (continued)
DescriptionAlert
Value/Format
Alert Field
Type
Alert FieldResponse
Program
Argument
Inode number of the file under
attack
<inode>
IntegerTarget File
Inode
argv[22]
Device number of the file under
attack
<device>
IntegerTarget File
Device
argv[23]
Full pathname of the attack
program
<full
pathname>
StringPathname of
attack
program
argv[24]
File type of the attack program.
Corresponds to an enum vtype
value defined in vnode.h.
<type>IntegerAttack
Program Type
argv[25]
Mode of the attack program<mode> (decimal)IntegerAttack
Program
Mode
argv[26]
Owner of the attack program
(uid)
<uid>IntegerAttack
Program
Owner
argv[27]
Group of the attack program
(gid)
<gid>IntegerAttack
Program
Group
argv[28]
Inode number of the attack
program
<inode>IntegerAttack
Program
Inode
argv[29]
Device number of the attack
program
<device>IntegerAttack
Program
Device
argv[30]
Number of arguments passed to
the attack program (for example,
argc)
<argc>IntegerAttack
Program
Argument
Count
argv[31]
Program arguments of the attack
program (first 1024 characters)
<argv[0]>
<argv[1]> ...
StringAttack
Program
Arguments
argv[32]
Name of the pty on which the
attacker is connected to (for
example, pts/ta). Set to an empty
string if it is not known.
<pty>StringAttacker
pseudo-tty
argv[33]
How Automated Response Works in HP-UX HIDS 195