HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide
Table B-5 Additional Arguments Passed to Response Programs for su Alerts
Description
Alert
Value/FormatAlert Field TypeAlert Field
Response Program
Argument
The number 2
indicates an su
alert
IntegerType of Alert
argv [10]
The pty from
which a su
attempt was
made.
<pty>
Stringpseudo-terminal
argv [11]
The name of the
user attempting to
su.
<username>
StringUser name
(attacker)
argv [12]
The name of the
user to switch to.
<username>
StringUser name (target)
argv [13]
Table B-6 lists the additional arguments that are passed to response programs
while generating aggregated alerts.
Table B-6 Additional Arguments Passed to Response Programs While Generating
Aggregated Alerts
Description
Alert
Value/FormatAlert Field TypeAlert Field
Response
Program
Argument
The number of
template alerts
aggregated as part
of the aggregated
alert.
<number of
alerts>
IntegerThe number of
alerts in the
aggregated alert
argv [10]
Process ID (pid) of
the attacker.
<pid>
IntegerAttacker process
id
argv [11]
Parent Process ID
(ppid) of the
attacker.
<ppid>
IntegerAttacker parent
process id
argv [12]
User ID (uid) of the
attacker.
<uid>
IntegerAttacker user ID
argv [13]
Group ID (gid) of
the attacker.
<gid>
IntegerAttacker group ID
argv [14]
Effective User ID
(euid) of the
attacker.
<euid>
IntegerAttacker effective
user ID
argv [15]
How Automated Response Works in HP-UX HIDS 199