HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Table B-6 Additional Arguments Passed to Response Programs While Generating

Aggregated Alerts (continued)

Description

Alert

Value/FormatAlert Field TypeAlert Field

Response

Program

Argument

Effective Group

OD (egid) of the

attacker.

<egid>

IntegerAttacker effective

Group ID

argv [16]

Full pathname of

the attack program.

If it is a

multi-process alert,

then the full

pathname of the

ancestor program.

<pathname>

StringAttack program

pathname

argv [17]

File type of the

attack program.

Corresponds to an

enum vtype value

defined in

vnode.h.

<filetype>

IntegerAttack program

file type

argv [18]

File mode of the

attack program.

<file mode>

IntegerFile mode

argv [19]

Owner of the attack

program (uid).

<uid>

IntegerAttack program

owner

argv [20]

Group of the attack

program (gid).

<gid>

IntegerAttack program

group

argv [21]

Inode number of

the attack program.

<inode>

IntegerAttack program

inode number

argv [22]

Device number of

the attack program.

<device

number>

IntegerAttack program

device number

argv [23]

Number of

arguments passed

to the attack

program.

<number of

arguments>

IntegerNumber of

arguments

argv [24]

Program

arguments of the

attack program.

<program

arguments>

StringAttack program

arguments

argv [25]

Name of pty on

which the attacker

is or was connected

to. Set to empty

string if not known.

<pty>

StringName of pty

argv [26]

200 Automated Response for Alerts