HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

201

202

203

204

205

206

207

208

209

210

Table B-6 Additional Arguments Passed to Response Programs While Generating

Aggregated Alerts (continued)

Description

Alert

Value/FormatAlert Field TypeAlert Field

Response

Program

Argument

Full hostname of

the remote host

from which

attacker logged in.

Set to localhost

if the local host or

the empty string is

not known.

StringFull hostname of

remote host

argv [27]

The IP address of

the remote host

from which the

attacker logged in.

Set to empty string

if not known.

StringIP address of the

remote host

argv [28]

Table B-7 Environment Variables Set for Response Programs

DescriptionValueVariable

Home directory

/opt/idsHOME

Default installation location

/opt/idsIDS_BASE

Configuration file directory

/etc/opt/idsIDS_ETC

Temporary file location

/var/opt/idsIDS_VAR

Tab, newline: separator string

t nIFS

Library path

<empty>LD_PRELOAD

Program path

/usr/bin:/sbin:/usr/sbinPATH

Shell path name

/usr/bin/shSHELL

Terminal type

unknownTERM

Programming Guidelines

This section provide guidelines for writing response scripts.

Perl Versus Shell Response Scripts

Perl is not privileged. However, when a Perl script is run by a privileged user (as it

often is), care must be taken to ensure that the script is secure.

Programming Guidelines 201