Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
201202203204205206207208209210
# If there is a file modification alert
if [ $1 = 2 ]
then
# And if the target of the attack is the password file
if [ ${17} = /etc/passwd ]; then
# Obtain the process ID from the alert
pid=${11}
echo Critical intrusion: halting process ${pid} running ${24} that modified
/etc/passwd
/usr/bin/mailx -s $7 ${RECIPIENT}
kill -KILL ${pid}
fi
fi
# Exit with no error
exit 0
Sample Response Programs
The following sections contain examples of C and shell script response programs.
Sample C Language Program Source Code
This is a sample C language source code for a response program. It is available in
/opt/ids/share/examples/ids_alertResponse.c.
Modify the source code below to take appropriate action in response to intrusions. This
source code can be compiled with a standard C compiler. For information on arguments
and environment variables, see Table B-1 (page 194), Table B-7 (page 201) and Appendix A
(page 135).
Sample Response Programs 207